Cryptocurrency exchange Kraken recently revealed that it had fallen victim to a critical security flaw, resulting in the appropriation of $3 million worth of digital assets by a research team. The incident unfolded after the exchange received a bug report through its bug bounty program on June 9 from a self-described security researcher who claimed […]
Cryptocurrency exchange Kraken has announced that it has fallen victim to a major security flaw that has resulted in the theft of $3 million worth of digital assets. However, in a surprising turn of events, the party responsible has been identified as CertiK. This blockchain security firm claims to have initially reported the bug through Kraken’s bug bounty program. CertiK is now accused of exploiting additional vulnerabilities and extorting the exchange for more money, leading to calls for legal action and concerns among crypto investors. Kraken Security Flaws Exposed The incident unfolded when Kraken’s Chief Security Officer, Nick Percoco, revealed that the exchange had received a bug report on June 9 from a self-described security researcher. The researcher claimed to have discovered an “extremely critical” bug that allowed them to inflate their balance on the platform artificially. Upon further investigation, CertiK, which admitted its involvement in the incident in its social media post, uncovered several critical vulnerabilities in Kraken’s systems that could potentially result in losses of hundreds of millions of dollars. Related Reading: Whales Dump Over $1 Billion In Bitcoin: Fire Sale Or Foreshadowing? CertiK’s findings revealed shortcomings in Kraken’s deposit system, indicating a failure to differentiate between internal transfer statuses. Furthermore, CertiK’s testing revealed that Kraken failed all these tests, exposing the compromised state of Kraken’s defense-in-depth system. According to CertiK, “millions of dollars” could be deposited into any Kraken account, and a substantial amount of fabricated cryptocurrency (worth over $1 million) could be withdrawn and converted into valid digital assets. The security firm also claimed that no alerts were triggered during a “multi-day test period” and that Kraken only responded and blocked the test accounts days after the incident was officially reported. Following the identification of the vulnerability, CertiK alleges that Kraken’s security operations team “threatened” individual CertiK employees, demanding the repayment of a “mismatched” amount of cryptocurrency within an “unreasonable time frame,” without providing repayment addresses. However, Kraken’s Percoco countered that they had requested a full accounting of the then-unknown company’s activities and the return of the withdrawn funds. Percoco argued that CertiK’s refusal to comply with these requests violated the rules of ethical hacking and bordered on extortion. Will CertiK Face Legal Repercussions? The revelation of this incident has raised surprise and concerns within the cryptocurrency community, leading to calls for legal action against CertiK. One user accused CertiK of stealing the $3 million funds from Kraken, holding it ransom for a bounty, refusing to return the funds, and now transferring the money to Tornado.cash to protect it from potential seizure by authorities. Coinbase’s Director, Conor Grogan, pointed out that Tornado.cash is subject to the Office of Foreign Assets Control (OFAC) sanctions and highlighted CertiK’s US domicile, hinting at potential legal repercussions by US agencies. Market expert Adam Cochran also weighed in, astonished at CertiK’s actions and highlighting the firm’s history of compromised audits. Cochran went further to describe the situation as “Down right criminal.” Related Reading: Bitcoin Takes Control In Market Meltdown, Dominance Climbs To 9-Week Peak The next steps taken by Kraken and potential consequences for CertiK are yet to be seen. However, the involvement of US agencies and potential legal actions loom over the security firm. The unfolding developments in this case will undoubtedly shape the future of bug bounty programs and impact the relationship between cryptocurrency exchanges and security firms. Featured image from Shutterstock, chart from TradingView.com
Crypto exchange Kraken reported that a rogue security research company has unilaterally held on to $3 million in digital assets they exploited from a bug on its platform. Kraken’s Chief Security Officer Nick Percoco detailed the incident on X, revealing that on June 9, the company received an anonymous tip from a “security researcher” about […]
The post Kraken’s $3 million bug exploit leads to criminal investigation appeared first on CryptoSlate.
BODEN appears to be the winner as first exchange open to U.S. residents lists the election-themed tokens.
Lawyers of crypto exchange Kraken have told a U.S. court that claims by the U.S. Securities and Exchange Commission (SEC) against it should be dismissed to avoid a "significant reordering" of the U.S. financial regulatory structure, according to court filings submitted in the Northern District of California on Thursday.
CEO Sui Chung sees South Korea and Israel as the next markets to list crypto ETFs.
Kraken Wallet will initially support coins, tokens, NFTs, and DeFi assets on eight blockchains.
According to a blog post shared with CoinDesk, the new Kraken Wallet will be the first from a major exchange to be open-sourced.
The firm has received a commitment of $75 million in total value locked for the launch of its stablecoin USD0.
Kris Marszalek reportedly said Crypto.com planned to “slowly, thoughtfully, and strategically” add new staff members as part of plans to increase the exchange’s registered users.
US-based cryptocurrency exchange Coinbase has obtained a registration license in Canada, signaling its intention to expand internationally amid increasing regulatory scrutiny in the US market, led by the Securities and Exchange Commission’s (SEC) ongoing crackdown on the industry. The company announced that it has been registered as a restricted dealer in Ontario under the Canadian […]
ETH price set a new multiyear high at $4,000 right as Bitcoin price hit a new all-time high.
Nigeria's government has started a fresh crackdown on crypto firms, reportedly blocking access to several, including Binance, Coinbase and Kraken.
This week’s Crypto Biz examines concerns over chip shortages and sustainability issues for crypto miners, Telegram’s new ad platform, Kraken’s expansion into institutional investors, and more.
Attorneys general from numerous states filed a brief that calls out the SEC for its enforcement action against the Kraken crypto exchange, saying it used “undelegated authority.”
The share of weekend Bitcoin trading volume has been in decline since 2018 but has dropped considerably since the U.S. launch of spot Bitcoin ETFs in early January.
The U.S. Securities and Exchange Commission didn't allege fraud and stretched the definition of a contract in its lawsuit against Kraken, the exchange said in a motion to dismiss the case Thursday.
Crypto exchange Kraken was granted a VASP registration with the Dutch Central Bank, enabling it to offer exchange, transfer, custody, and wallet services for virtual assets in the country.
The fund saw about $400 million of inflows within 30 minutes of its trading debut, CF Benchmarks said.
After the Securities and Exchange Commission sued Kraken, a small but trusted exchange, CoinDesk asked passersby for their views on crypto and regulation.