Home
News
- 1 A bug in the Kraken code has resulted in at least three Million dollars worth of stolen funds.
- 2 Nick Percoco has reported on the X that no user fund has been stolen.
- 3 The hackers are now demanding a bounty.
Cryptocurrency exchange Kraken recently alerted users on X that some white hat hackers might have stolen $3 Million worth of digital assets from the platform due to a bug.
Kraken Treasury Loses $3 Million
The news was broken on X by Nick Percoco, the chief security officer of Kraken when he highlighted that an anonymous self-proclaimed “Security Researcher” found a critical bug on the security code of Kraken. This bug allowed malicious attackers, under the right circumstances, to initiate a deposit onto Kraken and receive funds in their account without fully completing the deposit.
For now, it has been informed that Kraken managed to identify this bug and rectify it. However, two accounts related to the security researcher withdrew over $3 Million as per Percoco.
The security researcher has demanded a million-dollar reward for the stolen funds, as Percoco highlighted on X,saying,
“Instead, they demanded a call with their business development team (their sales reps) and have not agreed to return any funds until we provide a speculated amount that this bug could have caused if they had not disclosed it. This is not white-hat hacking, it is extortion!”
The exchange has claimed that no user funds were directly stolen and the exploit happened from the Kraken Treasury. The cryptocurrency was stolen directly from Kraken’s treasury. Kraken has said that no user funds were endangered.
This Is an Exploit And Not White Hat Hacking
One of the three Kraken accounts related to the recent exploit has previously completed Know Your Customer (KYC) verification. The individual is claiming to be a security researcher but his identity has not been disclosed by Kraken.
The individual who found the bug initially deposited the $4 to prove the exploit and that would have been sufficient to prove the bug. They would also have collected a sizable reward from the Kraken bounty program.
However, the other two other accounts withdrew over $3 million from their Kraken accounts. Their actions are extortion, not ethical hacker behavior, according to Kraken’s Percoco:
“In the essence of transparency, we are disclosing this bug to the industry today. We are being accused of being unreasonable and unprofessional for requesting that “white-hat hackers” return what they stole from us. Unbelievable.”
In the essence of transparency, we are disclosing this bug to the industry today. We are being accused of being unreasonable and unprofessional for requesting that “white-hat hackers” return what they stole from us. Unbelievable.
— Nick Percoco (@c7five) June 19, 2024
ZachXbt, an on-chain detective has also replied to this exploit and said this will get more interesting once the new info comes to light.
Adarsh Singh is a true connoisseur of Defi and Blockchain technologies, who left his job at a “Big 4” multinational finance firm to pursue crypto and NFT trading full-time. He has a strong background in finance, with MBA from a prestigious B-school. He delves deep into these innovative fields, unraveling their intricacies. Uncovering hidden gems, be it coins, tokens or NFTs, is his expertise. NFTs drive deep interest for him, and his creative analysis of NFTs opens up engaging narratives. He strives to bring decentralized digital assets accessible to the masses.
