A Kraken executive says a black hat entity stole $3 million from the company after finding a bug in the exchange’s systems.
In a lengthy thread on the social media platform X, Nick Percoco, Kraken’s chief security officer, says: say that Kraken received an update to their Bug Bounty program earlier this month claiming there was an “extremely critical” bug that allowed hackers to artificially inflate their funds.
Says Percoco,
“Within minutes we discovered an isolated bug. This allowed a malicious attacker, under the right circumstances, to make a deposit on our platform and receive funds into their account without fully completing the deposit.
To be clear, no client’s assets were ever at risk. However, a malicious attacker can effectively print assets on their Kraken account for a period of time.”
According to Percoco, after patching the bug, Kraken discovered that three accounts had used this flaw to their advantage. Ultimately, Kraken was able to use know-your-customer (KYC) forms to link one of the accounts to an individual claiming to be a security expert.
However, instead of report This exploit to Kraken allegedly saw the person tell two other people, who then proceeded to manage and withdraw nearly $3 million from their accounts.
Percoco continues to claim the person and his unnamed accomplices refuse to return the money, instead demanding that the crypto exchange hand over a speculated amount of money that would have caused the bug if they had not found it.
Bug bounty programs allow companies to offer compensation to individuals if they find and report bugs. Known as ‘white-hat hackers’, these bug hunters allow companies to protect themselves from hacks and exploits.
Percoco say that abusing bug bounty programs to exploit companies makes someone a criminal.
“As a security researcher, your license to ‘hack’ a company is made possible by following the simple rules of the bug bounty program you participate in. If you ignore these rules and extort the company, your “license to hack” will be revoked. It makes you and your company criminals.”
Don’t miss a beat – Subscribe to receive email alerts straight to your inbox
Check price action
follow us on X, Facebook And Telegram
Surf to the Daily Hodl mix
Generate Image: halfway through the journey