# Coinbase Litecoin Multiplication Bug *Confirmed*

1. # Coinbase Litecoin Multiplication Bug *Confirmed*
2. # Discovered : 13.12.2017
3. # Author : Anonymous
4. # Tested on : Linux, Windows 8/8.1, Windows 10, Mac
5. # Vendor : www.coinbase.com
6. # Description : Coinbase suffers from a Litecoin multiplication vulnerability. An attacker can get up to $10(Max) worth of bitcoin for free by following some tricks.
7.  
8. First an attacker tries to manipulate the server by sending $1 to $10 of bitcoin to LMgKhDo5fuKovvZJGf9pCUDidCbvL3BtDw address which is the root Litecoin account of Coinbase. As root account is the owner account of coinbase, it reflects back to the senders account without cutting that $1 sent by attacker. A maximum $10 can be transacted to that specific address and it will reflect back after completion of the transaction. Once sent, you will get an email from coinbase reading "Hello, you have accidentally sent Litecoin to the wrong address! We will add it back to your account in 2-3 days"
9.  
10. As the process cannot be undone, thus the bug is widely being exploited by carders and stolen credit cards. This bug can allow anyone to receive a free $10. Coinbase doesn't know about this specific bug yet, but when they find out, it will be patched. It is repeatable aswell.
11.  
12. [Proof: IMG_98561.png]
13. [Proof: IMG_98565.png]