Security Researcher Exploits Kraken Bug, Illicitly Withdraws $3M in Crypto Assets
Summary:
A security researcher exposed a critical bug in the Kraken cryptocurrency exchange platform, leading to the loss of $3 million in digital assets taken from the exchange's internal reserves. Rather than claiming a reward through Kraken's bounty program, the researcher exploited the bug to make the large withdrawal, prompting the exchange to accuse him of extortion. The incident is under scrutiny, with Kraken continuing to press for the return of the stolen funds.
Kraken, a cryptocurrency exchange platform, has identified a security vulnerability that has led to the loss of digital assets valued at $3 million. The critical bug was reported by an unidentified security specialist who had initially detected the issue on June 9. According to Kraken's Chief Security Officer, Nick Percoco, the same individual had exploited the identified security weakness through two connected accounts, effecting the multi-million dollar virtual asset withdrawal. Upon realizing the withdrawal, the security specialist demanded a reward equivalent to the withdrawn amount, triggering accusations of extortion by Percoco. No user funds were reportedly compromised in the incident, with the loss coming solely from Kraken’s internal reserves. Details remain scanty as Kraken has yet to respond to requests for comments. Evidence shows that one of the three accounts linked to this loophole had undergone a Know Your Customer verification process. The holder of the account identified himself as a security researcher, although he has remained anonymous. The security flaw was first substantiated by a minor $4 crypto transfer. Rather than raise the issue under the usual procedures of Kraken's reward program, however, the alleged security specialist proceeded to drain almost $3 million through two additional accounts. Kraken maintains that these actions equate to extortion rather than the conduct expected of an ethical hacker. Despite facing allegations of unprofessionalism for demanding the return of the stolen money, the company remains steadfast in its call for transparency around the incident.
Published At
6/19/2024 4:52:30 PM
Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.
Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal?
We appreciate your report.