In a bold move to strengthen the security of its blockchain offerings, Coinbase has rolled out a $5 million bug bounty program hosted on Cantina, targeting vulnerabilities within its on-chain products and Base layer 2 network.
Announced on July 8, the initiative ranks among the largest bug bounties in web3, aiming to uncover critical flaws in Coinbase’s smart contracts. Security researchers are invited to participate via Cantina’s platform, which streamlines submission reviews through structured and repeatable assessments.
A landmark moment in onchain security.@Coinbase has launched a $5M bug bounty on Cantina, a new program focusing exclusively on all its onchain products and @base’s smart contracts. It sets a new standard for securing Web3 organizations at scale. Details below. pic.twitter.com/otO5QVTtH4
— Cantina 🪐 (@cantinaxyz) July 8, 2025
Each vulnerability report will be evaluated by seasoned triagers, with rewards scaled based on the severity and potential impact of findings. Coinbase has emphasised the importance of clear, actionable reports to facilitate swift remediation.
This launch builds upon Coinbase’s prior engagements with Cantina, which included audits of components such as WebAuthn modules, Verified Pools, and Nitro Validators. Those earlier reviews laid the foundation for the expanded program now covering Base’s smart contracts and broader on-chain ecosystem.
The new bounty program comes amid heightened security measures by Coinbase, following a data breach in May involving bribed support staff. Instead of paying the attackers’ ransom, the company set up a $20 million reward fund to identify and prosecute those responsible. Since then, Coinbase has introduced stricter internal controls and reinforced its security standards.
The major data breach at Coinbase was linked to a January incident involving an employee of TaskUs, a U.S.-based outsourcing company with operations in India, months before the crypto exchange publicly acknowledged the security lapse
Cantina, for its part, has emerged as a leading platform in web3 security by combining AI tools with expert-led triage to reduce low-value submissions. The firm previously hosted Uniswap’s $15.5 million bug bounty for version 4 of its protocol.
Coinbase’s latest program signals its ongoing shift towards open collaboration with the global security research community, while enhancing protection for Base and complementing similar efforts by Optimism to secure the OP Stack.
If you want to read more news articles like this, visit DeFi Planet and follow us on Twitter, LinkedIn, Facebook, Instagram, and CoinMarketCap Community.
“Take control of your crypto portfolio with MARKETS PRO, DeFi Planet’s suite of analytics tools.”
