The Dutch fintech company VI Company found an error in the operation of the popular in the US cryptocurrency exchange Coinbase. The vulnerability allowed users to accrue an unlimited amount of the cryptocurrency Ethereum into their account, which could then be withdrawn from the account.
A brief description of the error in the public report of the VI Company looks like this:
“By using a smart contract to distribute ether over a set of wallets you can manipulate the account balance of your Coinbase account. If 1 of the internal transactions in the smart contract fails all transactions before that will be reversed. But on Coinbase these transactions will not be reversed, meaning someone could add as much ether to their balance as they want. When you look up the Coinbase wallet address after this transaction you will see that it is empty, but checking your Coinbase wallet will show your funds”.
Coinbase paid a $10 thousand reward to the Dutch experts. At the same time, the cryptocurrency exchange did not say whether any of the clients had benefited from this vulnerability or not.