Claim BonusJust In: Kraken Responds to Extortion Attempt Following Security Breach
Highlights
- Kraken managed a security breach involving a $3 million exploit after a bug bounty report became an extortion attempt.
- The flaw allowed account balance inflation and was quickly fixed by Kraken's security team within two hours.
- The vulnerability originated from a recent update that enabled immediate trading before verifying deposited funds.
Kraken, a major cryptocurrency exchange, recently managed a security breach and potential extortion attempt after a supposed bug bounty report became a demand for money. Chief Security Officer Nick Percoco outlined the events, noting a flaw was exploited to inflate account balances artificially. This incident has prompted an investigation involving law enforcement and emphasized the importance of adhering to ethical practices in security research.
Kraken Responds to $3 Million Security Breach
Upon receiving a bug bounty report on June 9, 2024, Kraken‘s security team, led by Percoco, sprung into action. They quickly discovered that the vulnerability had already been exploited, leading to the unlawful withdrawal of nearly $3 million from the exchange’s reserves. Although initially an act attributed to a security researcher—who claimed a mere $4 to demonstrate the flaw—the situation escalated when it was revealed that this individual had shared the bug with accomplices who extracted much more significant amounts.
Kraken Security Update:
On June 9 2024, we received a Bug Bounty program alert from a security researcher. No specifics were initially disclosed, but their email claimed to find an “extremely critical” bug that allowed them to artificially inflate their balance on our platform.
— Nick Percoco (@c7five) June 19, 2024
Kraken’s team rectified the security loophole within two hours of detection. The bug originated from a recent update intended to enhance the user experience by allowing immediate trading before thoroughly verifying deposited funds. However, this change inadvertently created a vulnerability. Percoco stressed that no client assets were at risk at any time, as the flaw only allowed the inflating of balances within the perpetrators’ accounts.
Also Read: Binance Rolls Out HODLer Airdrops For BNB Holders
Kraken Reinforces Policies After Security Breach
Following the discovery, the perpetrators refused to cooperate with Kraken’s investigation, demanding to speak with the business development team, a move Percoco labeled as extortion. This incident has highlighted the critical nature of following ethical guidelines in bug bounty programs. Kraken’s longstanding policy is clear: researchers must not exploit vulnerabilities beyond what is necessary to prove their existence and should promptly return any unauthorized funds.
Kraken has a nearly decade-long history of operating its bug bounty program, designed to encourage white-hat hackers to help identify and fix security gaps responsibly. This program has functioned smoothly with cooperation from the security research community, and this is the first instance of such a severe breach of trust and protocol.
Despite the unsettling events, Kraken remains dedicated to its bug bounty program, recognizing its value in enhancing the security of the cryptocurrency ecosystem. The exchange has taken steps to reinforce its systems against similar vulnerabilities by implementing stricter testing protocols, particularly following feature updates affecting account transactions.
Also Read: XRP Lawsuit: SEC’s Ethereum Investigation Conclusion Bolsters Ripple’s Position
Why Trust CoinGape
CoinGape has covered the cryptocurrency industry since 2017, aiming to provide informative insights Read more… to our readers. Our journal analysts bring years of experience in market analysis and blockchain technology to ensure factual accuracy and balanced reporting. By following our Editorial Policy, our writers verify every source, fact-check each story, rely on reputable sources, and attribute quotes and media correctly. We also follow a rigorous Review Methodology when evaluating exchanges and tools. From emerging blockchain projects and coin launches to industry events and technical developments, we cover all facets of the digital asset space with unwavering commitment to timely, relevant information.
Delivered every day.
- Insights that move markets
- 100,000 active subscribers
Related Articles
- Breaking: Michael Saylor’s Strategy Buys 1,142 BTC Amid $5B Unrealized Loss On Bitcoin Holdings
- MegaETH Mainnet Launch Today: What To Expect?
- Bitcoin Falters as China Pushes Risk-Off, Orders Banks to Sell US Treasuries
- TRX Price Rebounds as Tron’s Treasury Push Gains Backing from Justin Sun
- 3 Reasons Why Bitcoin and Gold Prices Are Going Up Today (Feb 9)
- Pi Network Price Outlook Ahead of This Week’s 82M Token Unlock: What’s Next for Pi?
- Bitcoin and XRP Price Prediction as China Calls on Banks to Sell US Treasuries
- Ethereum Price Prediction Ahead of Feb 10 White House Stablecoin Meeting
- Cardano Price Prediction as Midnight Token Soars 15%
- Bitcoin and XRP Price Outlook Ahead of Crypto Market Bill Nearing Key Phase on Feb 10th
- Bitcoin Price Prediction as Funding Rate Tumbles Ahead of $2.1B Options Expiry
