
Bug Bounty Gone Wrong: Crypto Exchange Kraken Accuses Researcher of Extortion
In a surprising turn of events, cryptocurrency exchange Kraken finds itself embroiled in a situation where a security researcher’s bug report has taken a dark turn.
On June 9th, an anonymous individual claiming to be a security researcher alerted Kraken to a critical security flaw. However, things took a sharp turn for the worse when, according to Kraken’s Chief Security Officer, Nicholas Percoco, two accounts linked to the researcher exploited the bug to steal over $3 million worth of digital assets.
Instead of simply reporting the vulnerability and collecting a reward through Kraken’s established bug bounty program, the researcher demanded a meeting with the exchange’s sales team and refused to return the stolen funds. Percoco, in a June 19th post, strongly condemned these actions, stating, “This is not white-hat hacking, it is extortion!”
Kraken emphasizes that no user funds were compromised in this incident. The stolen cryptocurrency originated directly from the exchange’s treasury. Determined to recover the stolen funds and hold the perpetrators accountable, Kraken is working diligently with law enforcement agencies.
While one of the three Kraken accounts used in the exploit completed Know Your Customer (KYC) verification, the individual’s true identity remains unknown. The initial contact demonstrated the flaw with a small transfer of $4, a sufficient proof to qualify for a significant reward under Kraken’s bug bounty program. However, the subsequent involvement of two other accounts and the theft of a much larger sum raise serious questions about the researcher’s true intentions.
Despite this negative experience, Kraken remains committed to its bug bounty program, a cornerstone of their security strategy. As Percoco emphasizes, “In the essence of transparency, we are disclosing this bug to the industry today.” He further expresses disbelief at being accused of unprofessionalism for seeking the return of stolen funds.
Crypto Security Concerns: Shifting Landscape
This incident highlights the evolving landscape of crypto security threats. While smart contract vulnerabilities were a major concern in 2022, Merkle Science’s “2024 Crypto HackHub Report” indicates a worrying trend. Crypto hackers and exploiters seem to be finding success in 2024, with stolen digital assets in the first quarter already exceeding those of the same period in 2023 by a significant 42%. Notably, private key leaks have emerged as the leading cause of these exploits, surpassing smart contract vulnerabilities.
Source Link
Author: Sb
This post was originally published on cryptonewsfarm.com
First Trust Unveils New Bitcoin Strategy ETFs
April 6, 2025Metaplanet issues $13.3M bonds to buy more Bitcoin
April 1, 2025Galaxy Digital Settles Terra Case for $200M
March 29, 2025
Comments are closed.
More News
-
CZ’s Future with Binance Uncertain Following Plea Deal
September 6, 2024 -
Peanut releases instant offramp
October 23, 2024
Bitcoin News
-
First Trust Unveils New Bitcoin Strategy ETFs
April 6, 2025 -
Metaplanet issues $13.3M bonds to buy more Bitcoin
April 1, 2025 -
Galaxy Digital Settles Terra Case for $200M
March 29, 2025 -
Security Fears Slow Global Crypto Adoption
March 26, 2025
Most Viewed
-
First Trust Unveils New Bitcoin Strategy ETFs
April 6, 2025 -
Metaplanet issues $13.3M bonds to buy more Bitcoin
April 1, 2025 -
Galaxy Digital Settles Terra Case for $200M
March 29, 2025 -
Security Fears Slow Global Crypto Adoption
March 26, 2025
Recommend News
Bitcoin News
-
First Trust Unveils New Bitcoin Strategy ETFs
April 6, 2025 -
Metaplanet issues $13.3M bonds to buy more Bitcoin
April 1, 2025 -
Galaxy Digital Settles Terra Case for $200M
March 29, 2025