According to a report on the HackerOne website, the Dutch financial security team found the flaw when planning to give its employees some ether as a Christmas present last December. A set of digital wallets using a smart contract could be tricked into thinking that a transfer of the ether cryptocurrency had occurred when it had not. This would have allowed any Coinbase customer to fictitiously move as much ether as it wanted into their account. Whether they could have cashed it out in some way is another matter, but the bug has been fixed by Coinbase, who also gave VI Company a $10,000 bug bounty.