Kraken Claims Extortion After Bug Bounty Report

Kraken, a cryptocurrency exchange, has announced that it is currently in possession of $3 million worth of digital assets that were taken due to a bug that was recently discovered. The bug was found by an anonymous “security researcher” who alerted Kraken on June 9. However, two accounts associated with the researcher took advantage of the bug and withdrew over $3 million worth of digital assets. Nicholas Percoco, Kraken’s chief security officer, stated that the researcher is now demanding a reward for the stolen funds. The stolen cryptocurrency was taken directly from Kraken’s treasury, and the exchange assures users that their funds were not affected. Kraken will continue its bug bounty programs to ensure the security of the exchange and is also working with law enforcement to recover the stolen funds. One of the three Kraken accounts involved in the exploit had previously completed the Know Your Customer (KYC) verification process, but the researcher’s identity remains undisclosed. Initially, the researcher demonstrated the bug by transferring $4 worth of cryptocurrency, which would have been enough to collect rewards from Kraken’s bounty program. However, the researcher then shared the bug with two other accounts that fraudulently withdrew nearly $3 million from their Kraken accounts. Kraken’s Percoco states that these actions are more akin to extortion rather than ethical hacking. In the first quarter of 2024, hackers stole $542.7 million worth of digital assets, a 42% increase compared to the same period in 2023. Private key leaks were the main cause of these exploits, rather than smart contract-related vulnerabilities. Hacked funds lost to smart contract vulnerabilities decreased by 92% to $179 million in 2023, down from $2.6 billion in 2022, according to Merkle Science’s “2024 Crypto HackHub Report.” Private key leaks accounted for over 55% of the hacked digital assets in 2023. The cryptocurrency industry has experienced 785 reported hacks and exploits, resulting in nearly $19 billion lost over the past 13 years.