News Report Technology
June 19, 2024

Crypto Exchange Kraken Blackmailed After Bug Bounty Report, $3M Withdrawn From Treasury Assets

In Brief

Crypto exchange Kraken received a Bug Bounty alert from a “security researcher” who later declined to return the funds after the withdrawal.

Crypto Exchange Kraken Blackmailed After Bug Bounty Report, $3M Withdrawn From Treasury Assets

Chief Security Officer of the cryptocurrency exchange Kraken, Nick Percoco, shared a post on the social media platform X, informing that on June 9th, a Bug Bounty program alert was received from a security researcher. The alert, received via email, did not provide specific details but mentioned the discovery of an “extremely critical” vulnerability that could potentially inflate the platform’s balance artificially.

Kraken identified and addressed a vulnerability that could enable a malicious actor to potentially receive funds in their account without completing the full deposit process. The issue stemmed from a recent user experience (UX) update that allowed client accounts to be credited before their assets had completely cleared, facilitating real-time trading of cryptocurrency markets. This specific UX change had not been adequately tested against such potential attack vectors.

Additionally, it was discovered that three accounts had exploited this vulnerability within a short span of time. Upon conducting a thorough investigation, it was determined that one of these accounts belonged to the security researcher who initially identified the bug in the system and reported it.

The “security researcher” later shared details of this bug with two associates. Together, these three accounts managed to withdraw nearly $3 million from Kraken’s accounts, specifically from Kraken’s treasuries and not from client assets. After Kraken reached out to the security researchers to discuss rewarding them for discovering a security flaw through its Bug Bounty program, the researchers declined to return any funds until the exchange estimated the potential financial impact of the bug if it had not been reported.

Nick Percoco emphasized that the incident was perceived as extortion rather than a legitimate white-hat hacking activity, although he did not reveal the name of the research firm involved. He further noted that Kraken views such an incident as a criminal matter and intends to collaborate with law enforcement agencies as appropriate.

Kraken Bug Bounty Program Safeguards Cryptocurrency Users, Acknowledges 22 Reports In 2023

Kraken enables the trading of cryptocurrencies against fiat currencies. Additionally, it offers services for cryptocurrency derivatives and futures trading. Based on information from CoinMarketCap, Kraken holds the sixth position among global cryptocurrency exchanges, with an average daily trading volume of around $741 million.

The Bug Bounty program supports Kraken’s mission to safeguard users in the cryptocurrency market. Kraken commits to refraining from legal action against security researchers who comply with all Kraken Bug Bounty policies. Submissions to the initiative undergo evaluation by Kraken, with payouts determined by the severity of the bug and issued in BTC. In 2023, the program has acknowledged 22 reports out of a total of 461 submissions.

Disclaimer

In line with the Trust Project guidelines, please note that the information provided on this page is not intended to be and should not be interpreted as legal, tax, investment, financial, or any other form of advice. It is important to only invest what you can afford to lose and to seek independent financial advice if you have any doubts. For further information, we suggest referring to the terms and conditions as well as the help and support pages provided by the issuer or advertiser. MetaversePost is committed to accurate, unbiased reporting, but market conditions are subject to change without notice.

About The Author

Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.

More articles
Alisa Davidson
Alisa Davidson

Alisa, a dedicated journalist at the MPost, specializes in cryptocurrency, zero-knowledge proofs, investments, and the expansive realm of Web3. With a keen eye for emerging trends and technologies, she delivers comprehensive coverage to inform and engage readers in the ever-evolving landscape of digital finance.

Hot Stories

Missed Bitcoin’s Rise? Here’s What You Should Know

by Victoria d'Este
December 20, 2024
Join Our Newsletter.
Latest News

From Ripple to The Big Green DAO: How Cryptocurrency Projects Contribute to Charity

Let's explore initiatives harnessing the potential of digital currencies for charitable causes.

Know More

AlphaFold 3, Med-Gemini, and others: The Way AI Transforms Healthcare in 2024

AI manifests in various ways in healthcare, from uncovering new genetic correlations to empowering robotic surgical systems ...

Know More
Read More
Read more
Transak Increases Accessibility To Memecoins By Listing 11 New Tokens
Markets News Report Technology
Transak Increases Accessibility To Memecoins By Listing 11 New Tokens
December 20, 2024
Missed Bitcoin’s Rise? Here’s What You Should Know
Opinion Business Markets Technology
Missed Bitcoin’s Rise? Here’s What You Should Know
December 20, 2024
The Explosive Rise of Crypto Theft in 2024 with North Korea Leading the Charge
Opinion Business Markets Software Technology
The Explosive Rise of Crypto Theft in 2024 with North Korea Leading the Charge
December 20, 2024
Multiple Network Unveils Brand Upgrade, Focusing On Privacy Protection And Data Acceleration 
News Report Technology
Multiple Network Unveils Brand Upgrade, Focusing On Privacy Protection And Data Acceleration 
December 20, 2024