[rvnx]

Seems like none of these major websites detected anything, and they are supposed to be top-notch in the world.

It's only because the researcher contacted them.

[tptacek]

Also because nobody actively exploited them! You're using the word "detected" to mean "discovered", which nobody working in the field would ever do.

[rvnx]

detected: WAF caught or detected the attack and raised an alert, post-exploitation

discovered: they audited or pentested themself and found out, preemptively

I just mean that Coinbase didn’t see anything happening and didn’t take action though the boy successfully exploited the vulnerability on their live system.