- Kraken suffered a bug attack that resulted in it losing almost $3 million less than two weeks ago.
- Anyone could initiate a deposit to the platform and receive the funds without completing it.
OUR TAKE
This incident not only has an impact on Kraken’s reputation, but also serves as a reminder that the entire cryptocurrency industry must continually improve its security safeguards in response to increasingly sophisticated and sophisticated cyberattacks and fraud. In the future, it will be a crucial challenge and responsibilities for cryptocurrency exchanges to ensure the safety of funds and the protection of customer data.
–Revel Cheng, BTW reporter
Cryptocurrency trading platform Kraken has reported an exploit less than a fortnight ago that saw it lose almost $3 million in a bug-related attack.
What happened
Kraken revealed a bug attack on June 9, which saw the bad actor make away with nearly $3 million. Based on the report shared by Kraken Chief Security Officer Nick Percoco, the exchange received a bug bounty program alert.
The CSO noted that a further probe revealed an isolated bug that gave the bad actor unmerited privileges. Specifically, they could initiate a deposit on Kraken Exchange and receive funds in their account even though they had not fully completed the deposit.
A security researcher discovered a bug in Kraken’s funding system and credited their account with $4 in cryptocurrency. This amount was enough to demonstrate the flaw and file a bug bounty report, which would have earned a significant reward under Kraken’s program.
Instead, the researcher shared the bug with two colleagues, who exploited it to generate much larger sums fraudulently. This collusion led to a loss of nearly $3 million, taken from Kraken’s treasuries rather than client assets.
Also read: Ways to make money with crypto
Also read: 5 countries and regions leading the adoption of bitcoin
Why it’s important
“These security researchers refused (to return the money). Instead, they demanded a call with their business development team and have not agreed to return any funds until we provide a speculated $ amount that this bug could have caused if they had not disclosed it. This is not white-hat hacking, it is extortion!” Percoco expressed.
This breach incident revealed the security challenges faced by cryptocurrency exchanges, especially the vulnerability management and protection measures when handling funds and customer accounts. Kraken will have to further strengthen its security measures to prevent similar incidents in the future and restore public trust in the security of its platform.
In the long run, cryptocurrency exchanges will need to continue to invest in multiple areas such as technology, law, and public relations to ensure the safety of users’ funds and data privacy. Only by continuously improving security capabilities can we win the trust of the public and promote the healthy development and sustainable growth of the cryptocurrency market.
