The post Kraken Loses Nearly $3 Million to Researchers After Exploit appeared on BitcoinEthereumNews.com.

Cryptocurrency trading platform Kraken has reported an exploit less than a fortnight ago that saw it lose almost $3 million in a bug-related attack. The incident highlights the insecurities and vulnerabilities that continue to infest the industry. Kraken Lost $3 Million in a Bug Attack Kraken revealed a bug attack on June 9, which saw the bad actor make away with nearly $3 million. Based on the report shared by Kraken Chief Security Officer Nick Percoco, the exchange received a bug bounty program alert. “On June 9 2024, we received a Bug Bounty program alert from a security researcher. No specifics were initially disclosed, but their email claimed to find an “extremely critical” bug that allowed them to artificially inflate their balance on our platform,” noted Percoco in a post on Wednesday. The CSO noted that a further probe revealed an isolated bug that gave the bad actor unmerited privileges. Specifically, they could initiate a deposit on Kraken Exchange and receive funds in their account even though they had not fully completed the deposit. Read more: Kraken Review 2024: Security and Features A forensic analysis revealed a vulnerability in a recent UX change on Kraken’s platform. This flaw allowed a malicious attacker to “print assets” in their account for a period of time. Importantly, no client assets were compromised, and the issue has been fixed. However, a subsequent probe discovered that three accounts had already exploited the bug within a few days of each other. “After patching the risk, we thoroughly investigated the situation and quickly discovered that 3 accounts had leveraged this flaw within a few days of each other. As we dug deeper, we noticed that one account was KYC’d to an individual who claimed to be a security researcher,” Percoco said. A security researcher discovered a bug in Kraken’s…

---

Filed under: News - @ June 20, 2024 9:28 am