Note: Coinbase has posted a response to this story which can be read here.
This is really an unbelievable story! Bitcoin exchange Coinbase has allegedly banned a user who helped them fix a major Vault exploit that could have resulted in millions of dollars in losses. The user took to popular social platform Reddit to share his side of the story.
The user, pxallin1122, states that he began an investigation into the Vault system in June 2015, and found a major exploit on the site. The exploit allowed the user to withdraw infinite bitcoins (yes, you read that right!) even if they weren’t present in the account, thus effectively putting the Coinbase account balance in negative territory.
According to the user, he helped Coinbase fix the exploit, detailing them on every step, but received a measly bounty of $5,000.
The user is offended by the meager sum as he expected the award to be upwards of $25,000.
The Secret Ban
Pxallin1122 alleges that the bitcoin exchange ‘put some kind of secret ban on my account.’ He was unable to withdraw any bitcoin sent to his Coinbase wallet.
He continued his investigation and found another identical exploit which could be executed in the same way as the earlier one. He yet again informed Coinbase of this bug, which surprisingly resulted in a complete ban on his account for no reason. Coinbase then sent him a request on HackerOne asking for further instructions. But, he couldn’t help this time as his account was banned.
Coinbase soon labeled the newer exploit as “Informative” rewarding him with nothing this time.
The latest update in this story is that Coinbase has emailed the user saying that all his reports on HackerOne will be opened and re-evaluated. But, there is still confusion as to why the exchange is not re-opening his account. Do they think that he will be able to cause more damage? He could have earlier if he wanted to, right?