CertiK Identifies Itself As Security Researcher Kraken Claims Stole $3M In Assets

The post CertiK Identifies Itself As Security Researcher Kraken Claims Stole $3M In Assets appeared on BitcoinEthereumNews.com.

Blockchain security firm CertiK has identified itself as the security researcher Kraken is claiming stole nearly $3 million worth of digital assets.  Kraken suffered a bug attack less than two weeks ago, losing nearly $3 million. At the time, the cryptocurrency exchange stated it was treating the incident as a criminal case and would coordinate with law enforcement agencies.  The Kraken Attack  On June 9, cryptocurrency exchange Kraken revealed it had suffered an exploit that saw the platform lose $3 million worth of assets. According to a report shared by Kraken’s Chief Security Officer, Nicholas Percoco, the platform received a bug bounty program alert from a security researcher claiming to have found an extremely critical bug that allowed them to inflate their balance on Kraken artificially.  “On June 9, 2024, we received a bug bounty program alert from a security researcher. No specifics were initially disclosed, but their email claimed to find an “extremely critical” bug that allowed them to artificially inflate their balance on our platform.” Percoco stated that upon further investigation, they discovered an isolated bug that gave the bad actor significant privileges, allowing them to initiate a deposit on Kraken and receive funds in their account even without completing their deposit. The vulnerability, originating after a recent UX change on Kraken, allowed the attacker to “print assets” in their Kraken account. Kraken stated that the flaw was patched, and no client funds were compromised. Kraken claimed that a further investigation revealed that the security researcher had shared the bug with two colleagues, who had used it to gain significant funds fraudulently.  CertiK Identifies Itself As Security Researcher Now, blockchain security firm CertiK has identified itself as the security researcher Kraken claims stole $3 million worth of digital assets. In a post on X, CertiK stated it had…

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: News - @ June 21, 2024 12:20 pm