Cryptocurrency exchange Kraken recently disclosed a bug exploit resulting in nearly $3 million in losses.
On June 9, Kraken detected an exploit that allowed a bad actor to steal nearly $3 million. Kraken’s Chief Security Officer, Nick Percoco, shared details about the incident.
“A security researcher alerted us to a critical bug on June 9, 2024,” Percoco explained. The bug enabled the attacker to artificially inflate their balance on the platform.
![Kraken bug exploit, cryptocurrency exchange logo.](https://www.coinbackyard.com/wp-content/uploads/2024/06/Crypto-CoinBackyard-5-768x480.jpg)
Vulnerability Discovered in Kraken’s System
Kraken bug exploit allowed unauthorized deposit completion, giving the attacker unearned funds. The flaw originated from a recent UX update on Kraken’s platform.
Kraken confirmed no client assets were compromised. However, the investigation revealed that three accounts exploited the bug.
Collusion Among Security Researchers
A security researcher identified the bug and credited their account with $4 to demonstrate the flaw. Instead of reporting it, they shared the bug with two colleagues, who then exploited it to generate larger sums.
Kraken’s losses amounted to nearly $3 million, taken from the exchange’s treasuries.
Extortion Attempts Follow the Bug Exploit
Kraken attempted to recover the funds but faced resistance. The researchers demanded a speculative amount before returning any funds, leading to an extortion attempt.
“This is not white-hat hacking; it is extortion!” Percoco stated.
Legal Action Underway
Kraken has decided to treat the incident as a criminal case and is coordinating with law enforcement. The research company involved remains undisclosedKraken bug exploit