Kraken, the popular cryptocurrency exchange, is currently facing extortion from a research team that exploited a bug in its funding system, resulting in the withdrawal of $3 million from the company’s funds. The Chief Security Officer of Kraken, Nick Percoco, revealed this information on Wednesday.
According to Percoco, the security researcher discovered the flaw in the funding system on June 9. After finding the bug, the researcher shared it with two other individuals they collaborate with, who then proceeded to withdraw millions of dollars from Kraken’s treasury. Surprisingly, the researcher did not include this information in their initial bug bounty report, raising suspicions within the company.
“We asked them to provide a detailed account of their activities, proof of concept for the on-chain activity, and to return the funds they had withdrawn,” Percoco explained. “This is a standard procedure for any Bug Bounty program. However, these security researchers refused to comply.”
To make matters worse, the alleged hackers have demanded that Kraken provide them with an estimated amount of funds that the bug could have caused if it hadn’t been disclosed. They have refused to return the funds until this demand is met. Percoco strongly condemned this behavior, stating, “This is not ethical hacking; it is extortion!”
The incident comes amidst a rise in crypto hacking incidents, as reported by blockchain analytics firm Chainalysis. According to their 2024 Crypto Crime Report, hackers stole approximately $1.7 billion worth of digital assets in 2023, with a total of 231 hacking incidents, compared to 219 in 2022.
In an effort to combat scams and fraud in the cryptocurrency industry, Kraken, along with Ripple, Coinbase, Gemini, Meta, and Match Group, recently formed the anti-fraud coalition called “Tech Against Scams.” The coalition aims to develop best practices and collaborative strategies to protect users from scams and improve overall security.
Kraken has not disclosed the identity of the research team involved in the extortion case but has confirmed that it is treating the situation as a criminal matter and cooperating with law enforcement.
“Our Bug Bounty program is crucial in our mission to enhance the security of the crypto ecosystem,” stated Percoco. “While this incident is regrettable, we remain committed to working with trustworthy actors in the future and view it as an isolated incident.”
Stay updated with the latest news by following us on Google News.
