Tuesday, July 16, 2024
Home Cryptocurrency Kraken reveals $3 million stolen from research team, launches criminal investigation

Kraken reveals $3 million stolen from research team, launches criminal investigation

by xyonent
0 comment
Screenshot 199.jpg

Cryptocurrency exchange Kraken recently revealed that it had fallen victim to a major security flaw, resulting in the loss of $3 million worth of funds. Digital Assets By the research team.

The incident occurred after the exchange received a bug report through its bug bounty program on June 9 from a self-proclaimed security researcher who claimed to have discovered a “highly critical” bug that allowed them to “artificially inflate” balances on the platform.

However, things took an unexpected turn when it was discovered that the researcher and his associates were trying to exploit the flaw to extract large sums of money. Criminal Investigation The company is investigating the matter and is working with law enforcement to resolve it.

Kraken faces extortion attempt

On social media postThe exchange’s chief security officer, Nick Percoco, said that after receiving the initial bug reports, Kraken assembled a cross-functional team to investigate the issue.

Within minutes, separate bugs were identified that allowed malicious attackers to initiate a deposit and receive funds into an account without fully completing the deposit, effectively creating assets in a Kraken account within a limited time frame.

The vulnerability was classified as critical, and the team reportedly mitigated the issue within an hour to ensure it would not reoccur. The flaw arose from a recent user experience (UX) change that enables clients to trade. Cryptocurrency Market The changes were made in real time before the assets were wiped, but were not extensively tested against this particular attack vector.

Further investigation revealed that three accounts had exploited the flaw within a few days, with one of these accounts allegedly associated with an individual claiming to be a security researcher who discovered the bug and deposited a “small amount of cryptocurrency” into his account to demonstrate the flaw.

However, reporting a vulnerability Bug Bounty As a reward, the individual leaked the bug to two associates, who then withdrew even more money. In total, the three withdrew about $3 million from Kraken’s coffers.

When Kraken demanded a refund of the funds, the researchers refused, requested a meeting with the business development team, and provided an estimate of how much money they would have incurred had the bug remained undisclosed.

Legal action against the research company

Percoco further revealed that Kraken has strongly condemned the research team’s actions, calling them “extortion” and saying they are not legitimate. White Hat Hacking.

The exchange, which has maintained a bug bounty program for nearly a decade, stressed that it has never encountered any issues with legitimate researchers and has always followed clear rules, such as not exploiting vulnerabilities beyond what is necessary for proof, providing proofs of concept, and promptly returning any extracted assets.

Finally, the exchange’s chief security officer said that Kraken is treating the incident as a criminal matter and is actively cooperating with law enforcement. The exchange expressed its gratitude for the report, but intends to pursue it. Legal action To the relevant research company.

A one-dimensional chart shows that the cryptocurrency market cap is valued at $2.3 trillion. Source: TradingView.com Totals

Featured image from DALL-E, chart from TradingView.com

You may also like

Leave a Comment

About Us


At InvestXyon, we empower individuals with knowledge for informed investing, financial navigation, and secure futures. Our trusted platform covers investments, stocks, personal finance, retirement, and more.

Feature Posts


Subscribe my Newsletter for new blog posts, tips & new photos. Let's stay updated!