Coinbase launches $5M bug bounty on Cantina to secure Base and on-chain products

Coinbase has launched a $5 million bug bounty program hosted on Cantina, aimed at strengthening the security of its on-chain products and the Base layer 2 network.

The program, which was announced on July 8, is one of the biggest of its kind in web3 and aims to identify and fix critical vulnerabilities across Coinbase’s smart contracts. Security researchers are encouraged to submit their findings through Cantina’s platform, which facilitates repeatable and structured reviews.

Every submission is assessed by experienced triagers, and rewards are based on how significant and serious each finding is. Coinbase has emphasized the importance of clear, actionable submissions that can lead to quick resolutions.

This program expands on Coinbase’s earlier collaboration with Cantina, which included audits of key components like WebAuthn modules, Verified Pools, and Nitro Validators, among others. These earlier reviews set the groundwork for a larger, open-access program that now includes Base’s smart contracts and other on-chain systems.

The launch also comes at a time when security remains a top priority for Coinbase. In May, the company faced a high-profile data breach involving bribed support staff. Rather than pay the attackers’ ransom, Coinbase created a $20 million reward fund for information that could help identify and prosecute those responsible.

The company has since taken several steps to improve internal controls and raise overall security standards. Alongside the work with Coinbase, Cantina has emerged as a major force in Web3 security.

Its platform streamlines review workflows and lowers the number of low-value submissions by combining AI-powered tools with expert-led triage. Cantina has also hosted major programs like Uniswap’s (UNI) $15.5 million bounty for version 4 of its protocol.

The new bug bounty reflects Coinbase’s ongoing shift toward open collaboration with the security research community. It also expands protection for Base, the company’s Ethereum (ETH) layer 2 network, and complements similar efforts by Optimism (OP) to secure the OP Stack.