Cryptocurrency exchange Coinbase has introduced a $5 million bug bounty program through the Web3 security platform Cantina, focusing exclusively on the security of its onchain products and Base’s smart contracts. This initiative aims to establish a new standard for securing global Web3 infrastructures by inviting expert security researchers to engage with Coinbase’s critical systems through a verified and structured process on Cantina.
The program reflects Coinbase’s commitment to institutional-grade security practices across its engineering and security operations. Researchers submitting findings will have their reports reviewed by Web3 security professionals who prioritize both the clarity and severity of vulnerabilities to ensure efficient identification and resolution of high-impact issues.
This program expands on Coinbase’s ongoing collaboration with Cantina, which has previously involved structured security assessments of vital protocol components such as Verified Pools, Fault Proof Audits, Nitro Validator, WebAuthn modules, ERC-6492 validation logic, and SpendPermissionManager. These prior engagements were conducted with defined scopes, comprehensive technical documentation, and production context, providing a solid foundation for the launch of this large-scale public bug bounty initiative.
$5M up for grabs.
Help us battle test—let's make operating onchain as safe and secure as possible. https://t.co/VGq9lxrKhd
— Coinbase 
(@coinbase) July 8, 2025
Coinbase Bug Bounty Targets Mainnet-Deployed Smart Contracts
The program operates exclusively through Cantina’s platform, enabling researchers to perform organized and reproducible assessments within defined scope areas. The submission process is designed to minimize obstacles, ensuring that all findings are evaluated with appropriate context and consistency. Compensation is awarded based on the reproducibility of the issue and its technical importance, with reward levels reflecting the severity of the vulnerability and its impact on live production environments.
The initiative specifically targets the onchain elements of Coinbase’s products, focusing on smart contracts that meet certain criteria: they must be deployed on a mainnet by Coinbase and actively utilized by a Coinbase product or serve a production purpose, excluding proof-of-concept contracts. The program is structured into two distinct tiers. Coinbase reserves the right, at its sole discretion, to issue rewards for vulnerabilities discovered in contracts outside the defined scope if the findings are deemed valuable. Any security issues related to off-chain components should continue to be reported through Coinbase’s existing HackerOne bug bounty program.
The post Coinbase Initiates $5M Bug Bounty Program On Cantina For On-Chain Products And Base Smart Contracts appeared first on Metaverse Post.