Coinbase Drops $5 Million Bug Bounty on Cantina for Base and Smart Contract Security

Coinbase launched a $5 million bug bounty program on Cantina targeting its on-chain products and Base network smart contracts, marking one of the largest Web3 security initiatives to date. The program comes as Base gains mainstream adoption with JPMorgan launching its JPMD digital deposit token and Shopify integrating USDC payments across 34 countries. Base has emerged as a preferred blockchain for institutional adoption, with JPMorgan selecting the Layer-2 network for its JPMD token due to its partially decentralized structure and Security Council governance. The bug bounty program builds on previous structured security reviews between Coinbase and Cantina, covering critical components, including Verified Pools, Fault-Proof Audits, Nitro Validator, WebAuthn modules, and ERC-6492 validation logic. Web3 security experts will evaluate each submission with rewards based on reproducibility and technical impact. A landmark moment in onchain security. @Coinbase has launched a $5M bug bounty on Cantina, a new program focusing exclusively on all its onchain products and @base ’s smart contracts. It sets a new standard for securing Web3 organizations at scale. Details below. pic.twitter.com/otO5QVTtH4 — Cantina (@cantinaxyz) July 8, 2025 Base Network Drives Institutional Blockchain Adoption JPMorgan’s JPMD token launch particularly represents the banking giant’s biggest step into public blockchain technology, enabling institutional clients to move money quickly and securely on-chain 24/7. The fully backed USD deposit token distinguishes itself from decentralized stablecoins like USDT or USDC through its permissioned structure, which is designed for institutional compliance and regulatory oversight. Speaking with Cryptonews, Jesse Pollak, Base creator and Coinbase VP of Engineering, emphasized the network’s institutional advantages: “Base offers sub-second, sub-cent, 24/7 settlement, which makes fund transfers between J.P. Morgan institutional clients nearly instant.” “ Moving money onchain takes seconds, rather than days, and we’re glad to see institutions like J.P. Morgan support digital assets for their clients ,” Lauren Abendschein, VP of Institutional Sales at Coinbase, also added. Moreover, Shopify’s USDC integration through Shopify Payments and Shop Pay marks another significant milestone in mainstream adoption, enabling millions of merchants across 34 countries to accept stablecoin payments directly. The Commerce Payment Protocol, built on Base, addresses traditional crypto commerce complexities through sophisticated escrow architecture supporting authorization, capture, and refunds. The protocol prevents operators from modifying payment intents through cryptographic mechanisms while offering automatic fund reclaim capabilities. Transaction fees typically remain under $0.01 compared to traditional payment networks, with settlement times reaching 200 milliseconds across international borders. Discussing mainstream tokenization adoption, SEC Chairman Paul Atkins recently declared tokenization “imminent.” SEC Chairman Paul Atkins joined @SquawkCNBC this morning to discuss stock tokenization, making private markets more accessible to the public, and top priorities for the SEC. https://t.co/ed3zYMk1tO — U.S. Securities and Exchange Commission (@SECGov) July 2, 2025 He called it “the next step” for market efficiency, noting that “the rules of the road have not been clear” for digital asset regulation. This is coming at a time when real-world asset tokenization skyrocketed by over 260% in H1 2025, with the global tokenized asset market estimated to be worth $30 trillion. Source: Binance Research Security Challenges Highlight Critical Infrastructure Risks The latest development follows Coinbase’s recent data breach involving bribed overseas support staff who leaked information on nearly 70,000 users, resulting in a $20 million ransom demand that the exchange refused to pay. Instead, Coinbase established a $20 million matching reward fund for information leading to the arrest of the attackers. Cyber criminals bribed and recruited rogue overseas support agents to pull personal data on https://t.co/SidVn59JCV — Coinbase (@coinbase) May 15, 2025 The incident, first detected in January but publicly disclosed in May, compromised names, contact details, masked Social Security numbers, and government-issued ID images for nearly 70,000 users. Over 200 TaskUs employees were terminated following the investigation into the breach, with the primary perpetrator caught photographing her work computer with a personal mobile phone. The stolen data included transaction histories, account balances, and internal documentation accessible to support agents; however, the attackers never obtained passwords, private keys, or wallet access. Coinbase’s response included establishing a U.S.-based customer support hub and implementing enhanced insider-threat detection systems across all service locations. The company pledged to reimburse retail customers tricked by social engineering tactics while implementing additional withdrawal security protocols and scam-awareness prompts. The financial fallout, as estimated, could cost Coinbase between $180 million and $400 million, with investor lawsuits alleging substantial losses from misleading statements. The breach occurred during a pivotal period for Coinbase, coinciding with its acquisition of Deribit and its inclusion in the S&P 500. The post Coinbase Drops $5 Million Bug Bounty on Cantina for Base and Smart Contract Security appeared first on Cryptonews .