Kraken is being extorted by a hacker who stole USD $3 million from the exchange – DiarioBitcoin
By Hannah Perez
Cryptocurrency exchange Kraken revealed that it is the victim of extortion by alleged ethical hackers who refuse to return stolen funds after alerting the company about a critical security flaw.
***
- A hacker withdrew $3 million from Kraken and is now extorting money from the exchange
- Kraken Reveals Third-Party Researcher Who Reported Bug Refuses to Return Stolen Funds
- The exchange does not plan to give you its bug bounty due to its bad faith practice
A hacker calling himself a “white hat” is extorting cryptocurrency exchanges Kraken after reporting a critical bug on the platform and siphoning off $3 million in the process.
In a blog post this Wednesday, Kraken informed its users that it has fixed a bug in its deposit system that allowed users to artificially increase the balance value of their accounts without completing a deposit.
The company assured that the problem was addressed in less than an hour after receiving notification from external researchers who had first reported one. The bug was completely fixed within a few hours, preventing it from being exploited by malicious actors, and none of the user funds were compromised, it said. Kraken.
Although the discovery about the error was initially made by security researchers who raised the alarm about the case, the exchange said that on this occasion it has decided not to reward those responsible due to their malicious actions.
The reason is that, apparently, that researcher would not only have not sent evidence about the vulnerability, but would have taken advantage of to steal USD $3 million from the exchange and now refuses to return the fundsaccording to Nick Percoco, security director of Krakenin an extensive chain of messages published on x this Wednesday.
Kraken faces extortion from alleged researchers
Percoco, who recounted the events in great detail, said that the exchange had discovered that three accounts had exploited the flaw and that one of them belonged to the individual claiming to be the security researcher.
“This individual discovered the error in our financing system and took advantage of it to credit his account with USD $4 in cryptocurrency. This would have been enough to prove the bug, submit a bug bounty report to our team, and collect a very hefty bounty under the terms of our program.“wrote the executive.
However, instead, the researcher would have communicated the failure to two other people who did take advantage of it to maliciously extract money from the platform. “They eventually withdrew almost $3 million from their Kraken accounts. “This came from Kraken treasuries, not other client assets.”Percoco accused.
The supposed investigators refused to provide information about activities related to the alleged white hat stunt. Instead, they demanded to place a call with their sales team and did not agree to return any funds until the exchange calculated a speculated dollar amount of the losses the error may have caused.
“This is not white hat piracy, it’s extortion!“Percoco denounced on social networks.
“In the interest of transparency, today we are disclosing this error to the industry. We are accused of being unreasonable and unprofessional for requesting that “white hat hackers” return what they stole from us. Incredible“he added.
Hackers refuse to return funds
Kraken, like many other companies in the industry, runs a “Bug Bounty” program to reward people who provide information about vulnerabilities and critical security issues on the platform. The exchange said it has been running its program for almost a decade, calling it a “vital shield” of your safety.
“We will not credit the researcher of this disclosure because it did not meet any of these industry expectations“, the company reiterated in the statement.
The hackers ethics, also called hackers White hats often collaborate with cryptocurrency platforms to help them find vulnerabilities and other security flaws in exchange for juicy digital currency rewards. In 2022, for example, OpenSea paid USD $200,000 to two experts who discovered a critical error.
Article by Hannah Estefanía Pérez / DailyBitcoin
Picture of Depositphotos
WARNING: This is an informative article. DiarioBitcoin is a media outlet, it does not promote, endorse or recommend any particular investment. It is worth noting that investments in cryptoassets are not regulated in some countries. They may not be suitable for retail investors as the entire amount invested could be lost. Check the laws of your country before investing.
