Coinbase has announced a new bug bounty program aimed at improving the security of its systems. The program, launched on the Cantina platform, has a budget of $5 million to reward security researchers.
Program Goals and Details
The program was announced on July 8 and is regarded as one of the largest of its kind in web3. It covers vulnerabilities in Coinbase’s smart contracts and the Base layer 2 network. Security researchers are encouraged to submit their findings through Cantina’s platform, where experienced triagers will assess them. Rewards are based on the significance and seriousness of each finding.
Previous Security Efforts
This program builds on Coinbase's earlier collaboration with Cantina, which included audits of components like WebAuthn modules and Verified Pools. These previous assessments laid the groundwork for a larger, open-access program that now includes Base’s smart contracts and other on-chain systems.
Response to Past Incidents
The launch comes at a time when security remains a top priority for Coinbase. In May, the company experienced a data breach involving bribed support staff. Instead of paying a ransom, Coinbase created a $20 million reward fund for information that could help identify and prosecute those responsible. Since then, the company has taken several steps to enhance internal controls and improve overall security.
Coinbase’s bug bounty program reflects the company’s ongoing commitment to open collaboration with the security research community and aims to expand protections for its blockchain-based products.
