Kraken faces extortion after $3 million crypto bug exploit

Kraken faces extortion after $3 million crypto bug exploit
фото показано с : invezz.com

2024-6-20 18:36

Cryptocurrency exchange Kraken recently revealed that a security vulnerability led to the loss of $3 million worth of digital assets. This incident involved a self-proclaimed security researcher who identified a critical bug, subsequently exploited by related accounts to siphon funds.

The event has raised serious questions about ethical hacking and the increasing challenges of securing digital assets in the evolving cryptocurrency landscape.

Discovery and exploitation of the bug

On June 9, an anonymous individual claiming to be a security researcher alerted Kraken to a significant security flaw.

While the researcher initially demonstrated the bug with a minimal crypto transfer worth $4, which would typically qualify for Kraken’s bounty program, the situation quickly escalated.

Two accounts associated with the researcher exploited the bug to withdraw over $3 million in digital assets from Kraken’s treasury.

Kraken’s chief security officer, Nick Percoco, highlighted on social media platform X the severity of the incident, noting that this was not a case of white-hat hacking but rather an act of extortion.

The researcher demanded a reward for the stolen funds, refusing to return the assets until Kraken speculated on the potential damage the bug could have caused if undisclosed.

Instead, they demanded a call with their business development team (i.e. their sales reps) and have not agreed to return any funds until we provide a speculated $ amount that this bug could have caused if they had not disclosed it. This is not white-hat hacking, it is extortion!

— Nick Percoco (@c7five) June 19, 2024 Ethical hacking or extortion?

The incident has sparked a debate within the cryptocurrency community about the ethical boundaries of hacking. Ethical, or white-hat hackers, typically disclose vulnerabilities to companies responsibly, allowing them to address security flaws without causing harm.

However, Kraken argues that the actions taken by this researcher and the associated accounts do not align with these principles.

One of the three accounts involved had completed Kraken’s Know Your Customer (KYC) verification, identifying itself as a security researcher. Despite this verification, the identity of the individual remains undisclosed.

The researcher’s decision to exploit the bug for financial gain, rather than merely demonstrating its existence and claiming a legitimate bounty, has been widely criticized.

Impact on Kraken and the cryptocurrency industry

Kraken has emphasized that no user funds were at risk during the incident, as the stolen cryptocurrency came directly from the exchange’s treasury. Nevertheless, the event has underscored the ongoing vulnerabilities in the cryptocurrency industry and the need for robust security measures.

In response to the exploit, Kraken has disclosed details of the bug to the broader industry, aiming to prevent similar incidents. This transparency is part of Kraken’s commitment to improving security across the cryptocurrency ecosystem.

Rising trends in crypto hacking

The Kraken incident is part of a broader trend of increasing crypto-related hacks and exploits. According to Merkle Science’s 2024 Crypto HackHub Report, the first quarter of 2024 saw hackers steal $542.7 million in digital assets, a 42% increase compared to the same period in 2023.

Interestingly, private key leaks have emerged as the leading cause of these exploits, surpassing smart contract vulnerabilities.

In 2023, hacked funds lost to smart contract vulnerabilities plummeted by 92% to $179 million, down from $2.6 billion in 2022. However, over 55% of hacked digital assets were due to private key leaks.

These statistics reflect the evolving nature of threats in the cryptocurrency industry, with hackers increasingly targeting individual security weaknesses rather than systemic flaws in smart contracts.

The cryptocurrency industry has experienced 785 reported hacks and exploits over the past 13 years, resulting in nearly $19 billion in losses. These figures highlight the significant challenges that exchanges, wallet providers, and other stakeholders face in safeguarding digital assets.

What’s the way forward>

Kraken’s experience serves as a stark reminder of the importance of comprehensive security measures and ethical practices in the cryptocurrency industry. While the exchange has taken steps to address the immediate issue, the incident underscores the need for ongoing vigilance and innovation in security protocols.

For the broader cryptocurrency community, the rise in hacking incidents and the shift in tactics from smart contract exploits to private key leaks call for enhanced security frameworks.

The post Kraken faces extortion after $3 million crypto bug exploit appeared first on Invezz

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Kraken (KRAK) на Currencies.ru

$ 0 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 0.00 %
Cегодня L: $0 - H: $0
Капитализация $0 Rank 99999
Доступно / Всего 0 KRAK

bug security million kraken researcher self-proclaimed incident

bug security → Результатов: 126


Фото:

Kraken’s $3 million bug exploit leads to criminal investigation

Crypto exchange Kraken reported that a rogue security research company has unilaterally held on to $3 million in digital assets they exploited from a bug on its platform. Kraken’s Chief Security Officer Nick Percoco detailed the incident on X, revealing that on June 9, the company received an anonymous tip from a “security researcher” about […] The post Kraken’s $3 million bug exploit leads to criminal investigation appeared first on CryptoSlate.

2024-6-20 19:40


Terra Luna Classic Launches Bug Bounty Program, Can This Take LUNC To $0.001?

The Terra Luna Classic community-supported core developer group, known as the Joint L1 Task Force (L1TF), has recently introduced a bug bounty program. This program aims to encourage security researchers, ethical hackers, and developers to actively participate by identifying and reporting any vulnerabilities found within the Terra Luna Classic network. The funds allocated for this […]

2023-7-4 18:30


Immunefi raises $5.5M to expand its blockchain & crypto focused bug bounty platform

Immunefi, a bug bounty and security services platform for DeFi protecting over $50 billion in users’ funds, today announced it has raised $5. 5 million in funding. Its investors include Blueprint Forest, Electric Capital, Framework Ventures, Bitscale Capital, P2P Capital, IDEO Colab, The LAO, BR Capital, 3rd Prime Ventures, North Island Ventures, and other individual investors.

2021-10-27 18:01


Yearn Finance Proposes Using Staking Funds to Buyback YFI

DeFi blue chip project Yearn.Finance is proposing to use the staking funds for buyback- treasury, and it is being received well with a good 93% majority votes, out of 177 so far. These YFI will be repurchased on the open market and then used for contributor rewards and other Yearn initiatives like security audits, bug […] The post Yearn Finance Proposes Using Staking Funds to Buyback YFI first appeared on BitcoinExchangeGuide.

2021-1-14 17:22


Фото:

Severe Bitcoin Network Vulnerability Secretly Patched 2 Years Ago Comes to Light

The bug could have eroded Bitcoin’s credibility as the premier cryptocurrency. “Severe” Bitcoin Bug Secretly Patched According to a report by Coindesk, a previously undisclosed vulnerability in the Bitcoin Core software could have enabled hackers to compromise the network’s famed security, allowing them to steal funds, delay on-chain settlements and even split the network.

2020-9-11 23:00