As an analyst with extensive experience in the cybersecurity industry, I find the recent turn of events at Kraken, a leading cryptocurrency exchange, deeply concerning. The revelation that white-hat hackers, who initially claimed to have discovered a critical bug in Kraken’s system, have refused to return digital assets worth roughly $3 million they stole from the platform’s treasury, is a clear case of extortion.
Nick Percoco, Kraken’s chief security officer, disclosed that an unnamed white-hat hacking collective has declined to return approximately $3 million in digital assets they obtained by capitalizing on a system flaw. These cybersecurity experts discovered the vulnerability and seized the opportunity to extract funds from Kraken’s treasury. However, despite their ethical intentions, they have chosen not to return the stolen assets.
As a researcher, I’ve come across a sequence of X blog entries penned by Percoco. In these posts, he emphasizes that security experts are urging the crypto exchange to calculate the potential financial loss they may have incurred if the bug had not been revealed prior to returning the stolen funds.
Security Researchers Disclose Kraken Bug
As a researcher, I came across an important finding while examining Kraken’s security system. On June 9th, I submitted a Bug Bounty report detailing a supposedly “extremely critical” vulnerability that enabled users to inflate their balances on the platform falsely. Although Kraken receives numerous false bug reports every day, they took my claim seriously and formed a team to investigate the issue thoroughly.
As a researcher on the team, I discovered an issue where unscrupulous individuals could instigate deposits on Kraken and subsequently receive funds into their own accounts without completing the deposit process. This vulnerability didn’t pose a direct threat to customer funds, but it allowed attackers to fabricate assets in their accounts and initiate withdrawals that could potentially be extracted from Kraken’s reserve.
In just under two hours, the team managed to pinpoint and resolve the problem caused by a UX issue in Kraken’s latest experience. Subsequently, they identified that this glitch had been exploited by three separate accounts. One of these accounts was associated with an individual who declared himself as a security researcher.
As a crypto investor, I recently came across some disturbing news. It seems that a researcher discovered a bug in a popular cryptocurrency exchange platform and took advantage of it before reporting it to the appropriate team. I was shocked to learn that he initially credited his Kraken account with a small amount of crypto, around $4, but instead of filing a bug bounty report, he shared the information with two colleagues. Together, they exploited this flaw to withdraw a significant amount of crypto, approximately $3 million, from their accounts. I find it concerning that such actions could potentially put the security and trustworthiness of the platform at risk for other investors like myself.
Bug Bounty Turned Extortion
When Kraken reached out to the security researchers, asking for details about their actions and the restoration of taken assets, they declined. Instead, they labeled Kraken as irrational and unbe becoming, and countered with a demand for an estimation of potential harm the glitch might have inflicted.
“According to Percoco, Kraken has reported the matter to law enforcement due to allegations of extortion involved in this case.”
“Regarding this matter, we’re approaching it as a criminal investigation and collaborating with the relevant law enforcement authorities. We’re grateful that it was brought to our attention, but that’s as far as our involvement in the situation goes.”
Read More
- W PREDICTION. W cryptocurrency
- PENDLE PREDICTION. PENDLE cryptocurrency
- AAVE PREDICTION. AAVE cryptocurrency
- AEVO PREDICTION. AEVO cryptocurrency
- REF PREDICTION. REF cryptocurrency
- EUR JPY PREDICTION
- WOO PREDICTION. WOO cryptocurrency
- INR RUB PREDICTION
- SBR PREDICTION. SBR cryptocurrency
- VR PREDICTION. VR cryptocurrency
2024-06-20 07:16