Major crypto exchange Coinbase experienced a volatile weekend with a vulnerability reported, a service paused and re-started, and its site crashing following what seems to have been a successful Super Bowl ad.
Tree of Alpha, a pseudonymous white-hat hacker, notified Coinbase of a “potentially market-nuking” vulnerability on Friday. The exchange was fast to react, disabling retail advanced trading.
In the late hours of Friday night, Coinbase announced that they have re-enabled the service. “Customer funds remain safe and were not impacted,” it said.
How it all went down is that Tree of Alpha first took to Twitter around 6 pm UTC to announce the news, asking for a direct line with someone at Coinbase. He said that he has submitted a HackerOne report, but insisted that “this can’t wait.”
HackerOne is a vulnerability coordination and bug bounty platform that offers white-hat hackers bounties in return for submitting issues.
Coinbase CEO Brian Armstrong replied to the white-hat hacker, saying that the exchange will investigate the matter. “Tree of Alpha you’re awesome – a big thank you for working with our team. love how the crypto community helps each other out!” Armstrong later tweeted.
Within two hours of the Tree of Alpha’s initial tweet, the Coinbase Support official Twitter account announced that they have halted the new Advanced Trading feature due to technical reasons. “This service will continue to be accessible, but new orders cannot be placed at this time. Existing orders are in cancel only mode,” it added.
Coinbase launched the advanced trading feature last November. The feature is comparable to Coinbase Pro, offering some tools like interactive charts, advanced order types, and order books to assist traders with their trading decisions. As of now, the feature is only available to a limited number of users.
Meanwhile, Coinbase also faced issues after its Super Bowl ad brought so much traffic to the app that it crashed.
Coinbase’s ad was a full 60-second colorful bouncing QR code, which brought viewers to Coinbase’s promotional website when scanned. It offered a limited-time promotion of USD 15 worth of free Bitcoin to new sign-ups.