Coinbase has launched a new $5 million bug bounty program on Cantina focused exclusively on its onchain products and Base’s smart contracts, setting a benchmark for how global Web3 organizations should be secured.
One of the largest Web3 security initiatives to date, Coinbase’s new bug bounty program exclusively targets its onchain products and Base’s smart contracts. All of this is now subject to expert researcher engagement via Cantina, reinforcing the Web3 security posture of systems that support institutional and consumer applications at global scale.
Security with Enterprise-Grade Discipline
Coinbase applies institutional rigor across its engineering and security lifecycles. That same discipline shapes the structure of this program. Researchers can now engage with all Coinbase’s onchain products and Base’s smart contracts through Cantina’s platform.
Each submission is evaluated by Web3 security experts. The review process prioritizes clarity and severity while enabling high-signal contributions to be surfaced and resolved efficiently.
A Foundation of Ongoing Collaboration
The program builds on a consistent history of structured high-signal reviews between Coinbase and Cantina. Previous engagements have covered key protocol components such as, but not limited to:
- Verified Pools
- Fault Proof Audits
- Nitro Validator
- WebAuthn modules
- ERC-6492 validation logic
- SpendPermissionManager
Each review was conducted with scoped access, technical documentation, and production context, laying the groundwork for this high-scale public program.
Purpose-Built Infrastructure for Security Research
This program runs entirely within Cantina’s platform where researchers can conduct structured, reproducible reviews across the scoped areas. The submission process is streamlined, reducing friction and ensuring all findings are processed with context and consistency.
Rewards are based on reproducibility and technical impact. Compensation tiers reflect the seriousness of each discovery and its relevance to production systems.
Setting the Standard for Web3 Security
Security at scale requires more than testing environments. It requires operational alignment, engineering support, and structured workflows. This program demonstrates how institutional-grade systems can be validated through coordinated research and rigorous review.
According to Anmol Malhotra, Head of Product Security & Blockchain Security at Coinbase, “Launching this bug bounty is part of our continued commitment to securing the open future of onchain development. We believe the strongest defense comes from collaboration - by working hand-in-hand with the global security researcher community, we’re not just protecting onchain assets, we’re building a more resilient ecosystem for everyone.”
Now Open
The Coinbase Bug Bounty Program is now live on Cantina. Security researchers ready to engage with critical infrastructure through a verified, structured process are invited to participate.
Access the scope, review the documentation, and begin here.