Photo by Setyaki Irham
According to the US media reporter, according to Figure 1 below, the hacker helped CoinDesk, who originally reported the story, and the hacker also had ties to the electric car manufacturer Tesla
Figure 1 The original title of the report
Yesterday afternoon, a white-hat hacker, alias Tree of Alpha, informed Coinbase, a leading cryptocurrency exchange, of a vulnerability in its trading system. CoinBase's response, coindesk, is to suspend trading on its new premium trading platform.
"Potential market nuclear bomb" weakness
Photo by Yeshi Kangrang
On Friday night, Tree of Alpha tweeted that they had identified a "potential market nuclear weapons" vulnerability and were filing a HackerOne report. HackerOne is a platform that runs bug bounty programs for Coinbase and other companies.
Alpha Tree also tweeted:
This issue is sensitive and could allow malicious users to not send all Coinbase orders to any price. No actual Coinbase storage (cold or otherwise) is affected.
Two hours later, Coinbase disabled trading on its new premium trading platform for technical reasons. The user can cancel the current order. It is not possible to place new things at the moment.
Coinbase is the largest cryptocurrency exchange in the United States and one of the largest in the world. The oracle uses its price information to determine the true token price of the DeFi protocol and other applications.
Photo by Mika Baumeister
A few hours later, Coinbase regained full access to its AT platform. CEO Brian Armstrong publicly thanked Tree of Alpha for his help on Twitter:
You're fantastic at Tree of Alpha – thank you so much for working with our team. Love how the crypto community can help each other!
The hackers also helped CoinDesk
CoinDesk, who originally reported the story.
A month ago, the white-hat hacker contacted leading crypto news outlets about the site's content management system.
The vulnerability allows outsiders to view the title of a CoinDesk article saved in draft form.
This influences investment decisions based on non-public information. The issue is resolved.
Hacker's Tesla connection
Alpha Tree is also linked to electric car maker Tesla:
Hot Event Contact: Hackers hacked more than 20 Teslas
Recently, a 19-year-old German IT security expert and hacker took advantage of the vulnerability to crack more than twenty Teslas belonging to thirteen countries, which can not only control the opening/closing of windows and doors, but also control the steering wheel to achieve keyless driving. Fortunately, the hacker only broke through the loopholes in Tesla's system and did not do further control. However, in the face of possible network security problems such as network attacks and network intrusions, Tesla should really pay attention to it.
The day before CEO Elon Musk announced that Tesla merchandise could be sold in exchange for Dogecoin, he tweeted that Tesla was ready to accept crypto payments on its website.
Photo by Farzad Nazifi
Tree of Alpha is used to searching for revealing data that can be used for profitable transactions. From time to time they find major vulnerabilities to report.
He's on Twitter at high speed CoinDesk, and he only leaks information when he needs to fix bugs or vulnerabilities to "rebalance the playing field."
In this case, he added, the Coinbase issue is a serious vulnerability that could have disastrous consequences.
Original source: banklesstimes
This article is edited by Wu Xiaoyuan
The pictures in this article are authorized by the photographer to be used by Wu Xiaoyuan of China Daily Hot Focus, and the ownership of the pictures belongs to the photographer