# Coinbase Bitcoin Cash Multiplication Bug
# Discovered : 20.01.2017
# Author : No Code No Life
# Tested on : Linux, Windows 7, Windows 10
# Vendor : www.coinbase.com
# Description : Coinbase suffers from a bitcoin cash multiplication vulnerability. An attacker can get up to $10 worth of bitcoin cash for free by following some tricks.
First an attacker tries to manipulate the server by sending $1 of bitcoin cash to 1Cni2E8MeXaZjcNAqKjUzQYnXPKdnRsuts address which is the root account of Coinbase. As root account is the owner account of coinbase, it reflects back to the senders account without cutting that $1 sent by attacker. A maximum $10 can be transacted to that specific address and it will reflex back after completion of the transaction. This a exploitable bug discovered when coinbase added bitcoin cash in December.
As the process cannot be undone, thus the bug is widely being exploited by carders and stolen credit cards. This bug can allow anyone to receive a free $10. Coinbase doesn't know about this specific bug yet, but when they find out, it will be patched.
[Proof: Attachment1.png]
[Proof: Attachment2.png]