Kraken, a prominent cryptocurrency exchange, recently revealed it was exploited for approximately $3 million. The Chief Security Officer at Kraken disclosed the breach, which occurred on June 9th, when the Kraken team received an alert from its Bug Bounty program regarding an “extremely critical” issue.
The reported bug allowed attackers to artificially inflate their balances on the platform. Although Kraken’s team managed to fix the bug in under an hour, a thorough investigation uncovered that three different accounts had exploited this vulnerability, collectively stealing $3 million from Kraken’s treasury.
Interestingly, one of the accounts involved was linked to an individual who had completed the Know Your Customer (KYC) process and claimed to be a security researcher. Kraken demanded that this ‘researcher’ share transaction details for their account to receive the bug bounty reward. However, the situation took an unexpected turn.
Kraken Further Response To The Situation
“These security researchers refused,” Kraken stated. “Instead, they demanded a call with their business development team (i.e., their sales reps) and have not agreed to return any funds until we provide a speculated $ amount that this bug could have caused if they had not disclosed it. This is not white-hat hacking; it is extortion!”
Kraken’s handling of the incident highlights the challenges faced by cryptocurrency exchanges in distinguishing between genuine white-hat hackers and those who exploit vulnerabilities for personal gain. The exchange’s swift action in patching the bug and initiating an investigation underscores its commitment to security, but the subsequent demands from the supposed ‘researchers’ have complicated the resolution.
As the cryptocurrency industry continues to grow, ensuring robust security measures and ethical practices remains paramount. Kraken’s experience serves as a reminder of the delicate balance between encouraging responsible disclosure and addressing malicious exploitation.
KRAKEN EXPLOITED FOR $3 MILLION – WHAT WE KNOW
– The Chief Security Officer at @Krakenfx has now disclosed the exchange was exploited to the tune of around $3 million.
– On June 9th, the Kraken team received an alert from its Bug Bounty program from someone claiming there was… https://t.co/SKYM9UAYsG pic.twitter.com/mh8x29nagr
— BSCN (@BSCNews) June 19, 2024
Disclosure: This is not trading or investment advice. Always do your research before buying any Metaverse crypto coins.