By Philip Maina
4 days agoThu Jun 20 2024 10:52:39
Reading Time: 2 minutes
Kraken has claimed that a white hat hacker who exploited a bug leading to a $3 million loss has turned to extortion
The exchange claims the hacker has provided conditions before returning the funds
Blockchain security firm CertiK has revealed itself as the mysterious “white hat hacker”
Crypto exchange Kraken isn’t happy with a security researcher or white hat hacker who discovered a critical code fault in its system and exploited the weakness to cause a $3 million loss. The hacker had reported the bug to the exchange earlier but allegedly exploited it before it was fixed. Kraken claims that the hacker is demanding an undisclosed amount as a bounty before returning the funds, something that the exchange has equated to extortion and “not white hat hacking,” raising questions on whether the two will reach an agreement.
An Extremely Critical Bug
According to Kraken’s CSO Nicholas Percoco, the white hat hacker or security researcher who happens to be blockchain security firm CertiK, reported a bug in the exchange’s systems on June 9. CertiK marked the bug as “extremely critical” because it allowed for the artificial inflation of a user’s balance.
Kraken Security Update:
On June 9 2024, we received a Bug Bounty program alert from a security researcher. No specifics were initially disclosed, but their email claimed to find an “extremely critical” bug that allowed them to artificially inflate their balance on our platform.
— Nick Percoco (@c7five) June 19, 2024
Kraken fixed the weakness but discovered that three accounts had exploited the bug and withdrew $3 million from the exchange’s treasuries. The security researcher allegedly refused to return the funds despite Kraken being ready to reward them for identifying a security flaw.
Kraken Turns to Threats?
CertiK has come forth to clarify that it’s the mysterious “security researcher” and that it didn’t refuse to refund the amount. According to the blockchain security firm, Kraken opted to threaten its team members and demanded the return of funds without “providing repayment addresses.”
CertiK recently identified a series of critical vulnerabilities in @krakenfx exchange which could potentially lead to hundreds of millions of dollars in losses.
Starting from a finding in @krakenfx‘s deposit system where it may fail to differentiate between different internal… pic.twitter.com/JZkMXj2ZCD
— CertiK (@CertiK) June 19, 2024
CertiK added that Kraken’s systems have major flaws on different fronts. The security firm said, for example, that the exchange didn’t automatically detect the withdrawal of funds despite the “exploitation” taking several days.
Although Kraken and CertiK are trading accusations, they’ll likely come to an amicable conclusion considering the blockchain security firm is a reputable firm.
Information contained on this page is provided by an independent third-party content provider. This website makes no warranties or representations in connection therewith. If you are affiliated with this page and would like it removed please contact editor @americanfork.business
