Just In: Kraken Responds to Extortion Attempt Following Security Breach

Just In: Kraken Responds to Extortion Attempt Following Security Breach

PENGY June 19, 2024, 3:02 pm Facebook Twitter


Kraken Responds to Extortion Attempt Following Security Breach

Kraken, a major cryptocurrency exchange, recently managed a security breach and potential extortion attempt after a supposed bug bounty report became a demand for money. Chief Security Officer Nick Percoco outlined the events, noting a flaw was exploited to inflate account balances artificially. This incident has prompted an investigation involving law enforcement and emphasized the importance of adhering to ethical practices in security research.

Kraken Responds to $3 Million Security Breach

Upon receiving a bug bounty report on June 9, 2024, Kraken‘s security team, led by Percoco, sprung into action. They quickly discovered that the vulnerability had already been exploited, leading to the unlawful withdrawal of nearly $3 million from the exchange’s reserves. Although initially an act attributed to a security researcher—who claimed a mere $4 to demonstrate the flaw—the situation escalated when it was revealed that this individual had shared the bug with accomplices who extracted much more significant amounts.

Kraken’s team rectified the security loophole within two hours of detection. The bug originated from a recent update intended to enhance the user experience by allowing immediate trading before thoroughly verifying deposited funds. However, this change inadvertently created a vulnerability. Percoco stressed that no client assets were at risk at any time, as the flaw only allowed the inflating of balances within the perpetrators’ accounts.

Also Read: Binance Rolls Out HODLer Airdrops For BNB Holders

Kraken Reinforces Policies After Security Breach

Following the discovery, the perpetrators refused to cooperate with Kraken’s investigation, demanding to speak with the business development team, a move Percoco labeled as extortion. This incident has highlighted the critical nature of following ethical guidelines in bug bounty programs. Kraken’s longstanding policy is clear: researchers must not exploit vulnerabilities beyond what is necessary to prove their existence and should promptly return any unauthorized funds.

Kraken has a nearly decade-long history of operating its bug bounty program, designed to encourage white-hat hackers to help identify and fix security gaps responsibly. This program has functioned smoothly with cooperation from the security research community, and this is the first instance of such a severe breach of trust and protocol. 

Despite the unsettling events, Kraken remains dedicated to its bug bounty program, recognizing its value in enhancing the security of the cryptocurrency ecosystem. The exchange has taken steps to reinforce its systems against similar vulnerabilities by implementing stricter testing protocols, particularly following feature updates affecting account transactions.

Also Read: XRP Lawsuit: SEC’s Ethereum Investigation Conclusion Bolsters Ripple’s Position

The post Just In: Kraken Responds to Extortion Attempt Following Security Breach appeared first on CoinGape.

PengyOS - Let's Make Penguins Fly
PengyOS was started by a small community of crypto enthusiasts who believe that penguins should have a seat on the meme coin throne next to dogs and frogs. Solana Contract : B8vV6An7xFF3bARB1cmU7TMfKNjjes2WvY7jWqiRc6K6

Crypto Bubbles
Disclaimer
WARNING: The content on this site should not be considered investment advice. Investing is speculative. When investing your capital is at risk. This site is not intended for use in jurisdictions in which the trading or investments described are prohibited and should only be used by such persons and in such ways as are legally permitted. Your investment may not qualify for investor protection in your country or state of residence, so please conduct your own due diligence.

LEAVE A REPLY

Your email address will not be published.