White-Hat Hackers Refuse to Return Stolen Funds Worth $3M to Kraken
Recently, Kraken’s chief security officer, Nick Percoco, disclosed that an undisclosed white-hat hacker group exploited a bug in the platform’s system, stealing digital assets worth approximately $3 million. The hackers, claiming to be security researchers, have refused to return the stolen funds to Kraken.
Security Researchers’ Disclosure of Critical Bug
Initially, a security researcher alerted Kraken through the Bug Bounty program on June 9 about an “extremely critical” bug. This bug allowed users to artificially inflate their balances on the platform. Despite skepticism from Kraken due to multiple fake reports, the exchange took the claim seriously and initiated an investigation.
- The bug enabled cybercriminals to make deposits on Kraken and receive funds without completing the process.
- While customer funds were not directly at risk, attackers could print assets in their accounts and make withdrawals from Kraken’s treasury.
- The bug was identified and contained within two hours, stemming from a flaw in Kraken’s latest user experience.
Exploitation and Unauthorized Withdrawals
Investigating further, Kraken discovered that three accounts had exploited the flaw, with one account linked to a security researcher. The initial researcher credited their account with $4 in crypto but did not report the bug. Instead, they informed two colleagues who made unauthorized withdrawals totaling $3 million.
Turning Bug Bounty into Extortion
Upon requesting the return of the funds, Kraken faced refusal from the security researchers, who deemed the platform unprofessional and unreasonable. They demanded Kraken to estimate the potential damage caused by the bug. As a result, Kraken has escalated the case to law enforcement agencies, treating it as a criminal matter.
“We are treating this as a criminal case and are coordinating with law enforcement agencies accordingly. We’re thankful this issue was reported, but that’s where that thought ends,” Percoco stated.
Hot Take: Stay Vigilant and Transparent
As a crypto enthusiast, it’s crucial to stay vigilant and transparent in your interactions within the community. Adhering to ethical practices and responsible disclosure can prevent situations like the Kraken incident. Remember, security is paramount in the realm of cryptocurrencies.
By
By
By
By