"Coinbase Loves Bug Bounties"

Bug bounties are an increasingly used initiative by businesses to find code issues and security problems through incentivized hacking. Bounty payouts reward hackers to expose companies to problems before potential bad-actors might.

Head of Security for Coinbase, Philip Martin, blogged, "We're thankful to all the security researchers who have worked hard to find and report vulnerabilities."

Instead of researchers "facing a choice between using a vulnerability themselves," he urged, "selling a vulnerability to 3rd parties or giving a vulnerability away for free, bounties present a good, legal, risk-adjusted return for the time invested by a researcher."

To date, Coinbase has disclosed 73 discovered vulnerabilities.

Mr. Martin emphasized bounties "de-criminalize the actions of good-faith security researchers, while still forbidding malicious hacking."

Though most proposals are not relevant, Coinbase finds value in bug bounties.

Over five years, the exchange has "paid out $176,031 in bounties to 223 researchers across 346 valid reports out of a total of 3101 reports submitted," Mr. Martin noted.

This year, Coinbase joins a competition hosted by Hackerone, Hack the World. An unsigned blog post stated the venture's goals as "to help build stronger relationships between our hackers and our customers, reward high signal and high impact reports, and to have some fun along the way by giving out some awesome prizes to our top hackers."

Sponsors range from Uber, Github, and Airbnb, to Mapbox and Dropbox.

Coinbase is offering "the top 3 most impactful bugs submitted, as part of Hack The World, an additional $10,000, $7,500 and $5,000," he explained. "'Most Impactful' will be judged by the Coinbase security team on a combination of bug severity, system criticality and report quality."