Coinbase Glitch Allowed Unlimited Ethereum Balances


On March 21, the San Francisco based exchange Coinbase publicly revealed an ethereum balance glitch that allowed users to manipulate their account balances. Researchers noticed that, by utilizing a smart contract, a person could add as much ethereum as they wanted to their account.


Smart Contract Manipulation Allowed Unlimited Ethereum Balances on Coinbase

Coinbase Glitch Allowed Unlimited Ethereum BalancesJust recently researchers had found a vulnerability within the Coinbase platform that allows a user to add as much ether as they want to their accounts by using a smart contract. The bug was revealed to the public on March 21 but the issue had existed since December of 2017. Coinbase rewarded the Dutch research analysts firm, Vicompany with a $10,000 reward after it discovered the glitch.

The researchers noticed an issue with our ETH receiving code when receiving from a contract. This allowed sending of ETH to Coinbase to be credited even if the underlying contract execution failed, explains the San Francisco trading platform.

The issue was fixed by changing the contract handling logic Analysis of the issue indicated only accidental loss for Coinbase, and no exploitation attempts.


Not the Only Exchange With an Unlimited Coin Glitch

According to Vicompany, a malicious actor could manipulate their ether balance by using a smart contract to distribute ether throughout a set of wallets. Vicompany explains that if one of the internal transactions fail all transactions prior would be reversed. However, on the Coinbase interface, the transactions did not revert. The third party researcher states on the disclosure:

On Coinbase these transactions will not be reversed, meaning someone could add as much ether to their balance as they want.

Coinbase is not the only exchange that has suffered from glitches that allow people to manipulate balances. This past February the Japanese exchange Zaif had a bug that let users purchase BTC for zero dollars. A month prior to the Zaif incident, the company Overstock had an API glitch which allowed users to pay for goods using BCH for a product priced in BTC.

What do you think about the Coinbase bug found last December? Why do you think the exchange disclosed the bug this week? Let us know what you think in the comments below.


At news.Bitcoin.com all comments containing links are automatically held up for moderation in the Disqus system. That means an editor has to take a look at the comment to approve it. This is due to the many, repetitive, spam and scam links people post under our articles. We do not censor any comment content based on politics or personal opinions. So, please be patient. Your comment will be published.

22.03.2018 / 03:15 62
Coinbase Granted UK E-Money License & Bank Account for UK, EU Markets Coinbase Granted UK E-Money License
Major cryptocurrency exchange Coinbase is making significant strides in its European expansion. San Francisco-based Coinbase has now received an
Coinbase Receives E-Money License from UK Financial Regulator Coinbase Receives E-Money License from
Coinbase is officially expanding digital money services in the U.K. and EU. The U.K.'s Financial Conduct Authority granted Coinbase an e-money
The Phoenix DAO: Why You Should Participate The Phoenix DAO: Why You Should
Phoenix has been designed as a decentralized organization (DAO), which is based on blockchain technology. The result is that transparency and
Fujitsu Touts New Tech to Detect Ethereum Smart Contract Bugs Fujitsu Touts New Tech to Detect
Japanese IT giant Fujitsu has revealed a new technology that it says could help to mitigate problems with ethereum's smart contracts. In a statement
Bitcoin Exchange Coinbase Faces Consumer Class-Action Complaint Bitcoin Exchange Coinbase Faces
The cryptocurrency exchange is in hot water again, exacerbating an already tenuous relationship with users. A class action lawsuit was filed against
Comments (0)
Add a comment
Comment on