Kraken Faces Extortion Attempt After Security Breach

Kraken, a prominent cryptocurrency exchange, recently faced a security incident involving a vulnerability discovered by a group of researchers. Initially reported through Kraken’s bug bounty program on June 9, the flaw allowed potential exploitation where users could inflate their account balances by manipulating deposit processes. Nick Percoco, Kraken’s chief security officer, confirmed that the issue was swiftly addressed without impacting user funds.

However, the situation took a troubling turn when the researchers allegedly engaged in fraudulent activity. Instead of adhering to standard bug bounty protocol—where vulnerabilities are reported, exploited minimally for proof, assets returned, and detailed vulnerability disclosure provided—the researchers reportedly withdrew nearly $3 million from Kraken’s treasury. This unauthorized withdrawal was distinct from client funds, as Percoco emphasized.

Kraken’s security team became suspicious when the researchers refused to disclose details of their activities and demanded a meeting with Kraken’s business development team, akin to a negotiation. They also insisted on knowing the potential financial impact if they hadn’t reported the vulnerability, which Percoco labeled as extortion rather than legitimate security research.

Bug bounty programs are widely used across industries like cryptocurrency to proactively identify and fix vulnerabilities before malicious actors exploit them. These programs typically involve inviting external “white hat” hackers to find flaws, following specific guidelines to qualify for a reward. Coinbase, a competitor of Kraken, operates a similar program.

In response to this incident, Kraken clarified that the researchers involved did not adhere to the program’s rules, hence they will not receive the bounty originally offered in good faith. Kraken is now collaborating with law enforcement to recover the misappropriated assets.

This incident underscores the challenges in managing bug bounty programs and highlights the importance of clear rules and ethical guidelines for researchers participating in such initiatives. For Kraken, the focus remains on strengthening their security measures and ensuring that vulnerabilities are responsibly disclosed and addressed.

👉Join our Trading Community and Earn Airdrops! 👈

Finally, if you learned something, hit that UP ARROW ⬆️ and SHARE. 🔁

You found this content helpful ?

  1. 1
    Join our free weekly "Bubble Bulletin" for more
  2. 2
    Join us on Discord for live chat and daily updates
  3. 3
    Follow us on Twitter
  4. 4
    Share this content using the buttons below :

Disclaimer

This piece of content is provided for educational and entertainment purposes only. Robin Technologies and Analytics LLC is the firm that distributes 1.2 Labs products. The firm does not provide individually tailored investment advice and does not take a subscriber’s or anyone’s personal circumstances into consideration when discussing investments; nor is Robin Technologies and Analytics LLC registered as an investment adviser or broker-dealer in any jurisdiction.

You should expect no financial returns one way or another based on statements contained herein. These points hold equally for any statements that could be attributed to The Art of The Bubble or any related business entities or personnel operating in association with Robin Technologies and Analytics LLC.

If you decide to buy or invest in anything, then your returns and potential losses are your own. No statements about taxation are taxable advice and you are encouraged to consult your own tax professional. You are also encouraged to do your own due diligence before investing in anything.

RELATED POSTS:

November 30, 2022

July 2, 2024

December 6, 2022

January 11, 2023

June 11, 2023

June 5, 2023

April 17, 2023

July 23, 2022

July 7, 2023

LATEST POSTS:

July 18, 2024

July 17, 2024

July 15, 2024

July 11, 2024

July 10, 2024

July 9, 2024

July 8, 2024

July 4, 2024

July 3, 2024

What do do now?

Join the free 1.2 Labs "Bubble Trading" Bulletin for new trading strategies, macro & sentiment analysis and occasional free airdrops