Kraken Extorted By Security Research Team, $3 Million Drained In Hack
Crypto exchange Kraken is being extorted by a research team who reportedly withdrew $3 million of the company’s funds as part of a hack after discovering a bug in its funding system, Kraken’s Chief Security Officer Nick Percoco revealed Wednesday morning.
$3 Million Lost By Kraken In Hack After Finding Bug, Nick Percoco Says
According to Percoco, after the security researcher discovered the funding system’s flaw on June 9, the anonymous party disclosed the bug to “two other individuals who they work with” in order to withdraw millions of dollars from Kraken’s treasury.
The security researcher in question did not include this in their original bug bounty report, however, prompting skepticism from within the company.
Kraken Security Update:
On June 9 2024, we received a Bug Bounty program alert from a security researcher. No specifics were initially disclosed, but their email claimed to find an “extremely critical” bug that allowed them to artificially inflate their balance on our platform.
— Nick Percoco (@c7five) June 19, 2024
“We requested a full account of their activities, a proof of concept used to create the on-chain activity, and to arrange the return of the funds that they had withdrawn,” Percoco said. “This is common practice for any Bug Bounty program. These security researchers refused.”
The Kraken CSO then claimed that the alleged crypto hackers have agreed not to return any funds until the crypto exchange provides the “speculated $ amount that this bug could have caused if they had not disclosed it.”
“This is not white-hat hacking,” Percoco continued. “This is extortion!”
Crypto Hacking Incidents Up Year Over Year, Chainalysis Says
According to blockchain analytics firm Chainalysis’ 2024 Crypto Crime Report, hackers stole an estimated $1.7 billion worth of funds worth of digital assets in 2023 alone, with hacking incidents totaling 231 – up from 219 in 2022.
Just last month, Kraken, Ripple, Coinbase, Gemini, Meta, and Match Group joined together with the Global Anti-Scam Organization to form the anti-fraud coalition “Tech Against Scams.”
“This new coalition will build on years of investment that these companies have independently made to help protect their users from scams, fraud, and other security risks,” a May press release from Tech Against Scams said. “Going forward, the coalition will lead the creation of new work streams to identify best practices and guide how companies work together to help stop these scams and provide consumers with the tools and information needed to better protect themselves.”
While Kraken refused to share the identity of the research team in question, it did announce that the crypto company was treating the situation as a criminal matter and was cooperating with law enforcement.
”Our Bug Bounty program continues to be a vital shield in Kraken’s mission and a key part of our efforts to enhance the overall security of the crypto ecosystem,” Percoco stated. “We look forward to working with good faith actors in the future and consider this as an isolated experience.”
