Kraken Cryptocurrency Exchange Falls Victim to Security Vulnerability Resulting in a 3 Million Loss
News 

Kraken Cryptocurrency Exchange Falls Victim to Security Vulnerability Resulting in a 3 Million Loss

Kraken, the world’s leading cryptocurrency trading platform, has recently acknowledged that it was targeted in an attack that utilized a previously unknown vulnerability to steal millions of dollars worth of cryptocurrency.

On June 9, 2024, Kraken received an email from one of its Bug Bounty researchers, alerting them to a serious vulnerability in their network. This flaw allowed an attacker to manipulate the balance sheet figures on the site in a way that exceeded the actual funds available, as explained by Kraken’s Chief Security Officer, Nick Percoco.

The critical vulnerability enabled the attacker to make deposits and withdraw funds from their account before the deposit process was completed. Kraken was able to respond swiftly to the alert and resolve the security issue within 47 minutes. They traced the problem back to a new user interface that had been introduced, which allowed customers to utilize their deposited funds before they were officially identified by the clearing house.

While Kraken assured its clients that no actual funds were lost during the breach, the vulnerability did allow malicious individuals to deposit and withdraw fake currency. In this particular case, three accounts attempted to transfer $3 million out of the exchange within a week. Interestingly, one of these accounts belonged to the security researcher who had reported the bug.

Regarding the initial vulnerability, Percoco commented that the attacker invested only $4 in cryptocurrency to demonstrate the issue, which would have been sufficient for a bug bounty report and subsequent reward. However, the researcher chose to share the bug details with two other individuals, who collectively managed to steal nearly $3 million from Kraken’s reserves.

When Kraken approached these individuals to recover the stolen funds and provide proof of how the exploit was executed, the researchers demanded payment in exchange for returning the assets. Percoco denounced this behavior as extortion and emphasized that it went against the ethical principles of white-hat hacking.

Kraken is treating this incident as a criminal case and is working closely with law enforcement agencies to resolve the matter.

Also Read:
SHOCKING: Rise in Crypto “Pig Butchering” Scams! What You Need to Know

Leave a Reply

Your email address will not be published. Required fields are marked *