Kraken discovered a critical bug that allowed the creation of free funds, though no client assets were at risk. Kraken received a bug bounty alert on June 9 about a crucial bug that allowed attackers to inflate their balances.
A security researcher reported the vulnerability, which Kraken quickly investigated. They found that a recent UX change enabled bad actors to receive credit without completing deposits.
Chief Security Officer Nick Percoco stated that the bug was fixed within a few hours, but an investigation revealed that three accounts had already exploited it within a few days.
Three accounts exploited the bug, including the researcher who informed two others, resulting in $3 million being withdrawn from Kraken. When contacted, the researchers refused to return the funds and demanded compensation.
Kraken has accused them of extortion and is treating the case as criminal, working with law enforcement.
Image Credit: Pixabay
Keep in mind that we may receive commissions when you click our links and make purchases. However, this does not impact our reviews and comparisons. We try our best to keep things fair and balanced, in order to help you make the best choice for you.
