On March 20, 2018, it was revealed that a bug hidden in Coinbase’s Ethereum smart contract setup could have given users access to unlimited amounts of ether. At press time, it does not appear as though the vulnerability was ever exploited or even noticed by users.
The issue was first discovered last December by VI Company, a Dutch firm that specializes in fintech. The company was planning to give its employees ether bonuses in celebration of the upcoming holiday season when researchers noticed the issue with their “ETH receiving code” while garnering funds from a contract. They saw that by using a smart contract, a series of digital wallets could be “tricked” into recording ether transfers and purchases that had never actually happened.