Kraken patches “isolated bug”, says no user funds stolen

2024-6-20 17:57

Kraken says it patched a bug that would have allowed exploiters to inflate account balances Bug discovered by a security researcher, whose connected accounts reportedly siphoned $3 million from Kraken treasury by exploiting the vulnerability.

Kraken has announced that its security team has patched a bug that would have allowed certain users to potentially inflate their account balances on the exchange.

The announcement follows Kraken’s revelation that a security researcher had identified the vulnerability as part of the exchange’s bug bounty program.

“On June 9 2024, we received a Bug Bounty program alert from a security researcher. No specifics were initially disclosed, but their email claimed to find an “extremely critical” bug that allowed them to artificially inflate their balance on our platform,” Kraken chief security officer Nick Percoco posted on X.

$3 million stolen, not user funds

Specifically, the flaw would have allowed certain users, albeit a short period of time, to “artificially increase the value of their Kraken account balance without fully completing a deposit,” the exchange said in a blog post.

Kraken has since patched this bug in its deposit and funding system and noted that it did not impact any customer funds.

However, while the exchange has fixed the isolated bug, the report came after two users had already exploited the vulnerability to withdraw $3 million from their accounts. These accounts are reportedly related to the same security researcher that identified the bug and informed Kraken.

Allegedly, the unnamed individual informed Kraken of the bug after the $3 million withdrawal.

According to Percoco, despite the huge withdrawal, the security researcher has demanded that they get his bounty reward.

“We’ll not disclose this research company because they don’t deserve recognition for their actions. We are treating this as a criminal case and are coordinating with law enforcement agencies accordingly. We’re thankful this issue was reported, but that’s where that thought ends,” Percoco added.

The post Kraken patches “isolated bug”, says no user funds stolen appeared first on CoinJournal.

Similar to Notcoin - Blum - Airdrops In 2024

origin »

Kraken (KRAK) на Currencies.ru

$ 0 (+0.00%)
Объем 24H $0
Изменеия 24h: 0.00 %, 7d: 0.00 %
Cегодня L: $0 - H: $0
Капитализация $0 Rank 99999
Доступно / Всего 0 KRAK

bug kraken says whose connected researcher security

bug kraken → Результатов: 10


Фото:

Kraken’s $3 million bug exploit leads to criminal investigation

Crypto exchange Kraken reported that a rogue security research company has unilaterally held on to $3 million in digital assets they exploited from a bug on its platform. Kraken’s Chief Security Officer Nick Percoco detailed the incident on X, revealing that on June 9, the company received an anonymous tip from a “security researcher” about […] The post Kraken’s $3 million bug exploit leads to criminal investigation appeared first on CryptoSlate.

2024-6-20 19:40


Баг на бирже Kraken позволил купить биткоин по $8000

13 сентября пользователи биткоин-биржи Kraken получили возможность купить биткоин по $8000, а продать по $12 000. Площадка тестировала новый тип ордеров, в котором содержался баг. 1/3 Yesterday a test of an unreleased advanced order type encountered a bug which resulted in the order’s prices being matched against the wrong side of the book. Some clients […]

2019-9-17 09:54


Фото:

Kraken bug apparently let users buy Bitcoin for $8,000 and instantly sell it for $12,000

Cryptocurrency exchange Kraken – one of the world’s oldest – has disclosed a bug that apparently allowed certain customers to purchase Bitcoin at $8,000 and sell it for $12,000. Taking to Twitter, the exchange said “a test of an unreleased advanced order type encountered a bug, which resulted in the order’s prices being matched against the wrong side of the book.

2019-9-16 18:31