Kraken has discovered a critical bug. Cybersecurity expert blackmails exchange
The prominent digital currency exchange, Kraken, has identified a critical flaw which essentially enabled the creation of currency out of nowhere.
Despite the critical nature of this flaw, the platform assures that customer assets remained secure and unaffected.
The well-known crypto trading hub was alerted to this issue by a cybersecurity analyst through an email communication.
Amidst a sea of spurious bug bounty claims, the exchange took this particular report very seriously, promptly investigating the issue with due diligence.
The investigative efforts by the Kraken team unveiled a flaw that permitted malicious parties to simulate a deposit to Kraken and acquire funds in their account without ever completing the actual deposit.
Nick Percoco, the Chief Security Officer at Kraken, revealed that due to a recent update in user experience design, accounts were being credited before the confirmation of asset transfer, enabling ill-intentioned individuals to generate assets from nothing.
Free Money Extravaganza
Percoco disclosed that three accounts exploited this vulnerability, including the cybersecurity expert who uncovered it and demonstrated the flaw by creating $4 in cryptocurrency. Rather than reporting the issue to Kraken for a bounty, the discoverer shared the information with two others, who subsequently generated and withdrew millions in cryptocurrency, pocketing $3 million from Kraken’s reserves.
When Kraken’s team attempted to recover the withdrawn funds, the cybersecurity experts refused, instead demanding a discussion with their sales team and a hypothetical amount for the potential loss caused by the bug.
Kraken has labeled the actions of the cybersecurity firm as "blackmail," stating that they are handling this as a criminal matter.
