Cryptocurrency Exchange Kraken Loses $3 Million in Theft

 Here is the rewritten blog in English with a similar meaning:

Kraken's Chief Security Officer, Nick Percoco, shared details of the incident on X (formerly Twitter), explaining that they received a warning from their Bug Bounty program regarding a flaw "allowing users to alter their balance to a higher amount than actual on our platform." However, no further specific details were disclosed.

The company reported that the security issue was identified within minutes of the alert. Essentially, it allowed attackers to "initiate a deposit on our platform and credit funds to their account without completing the deposit process."

Although Kraken assured that no customer assets were at risk, the issue could have enabled malicious actors to generate assets in their accounts, potentially causing damage to the system. The problem was fixed within 47 minutes.

The company also mentioned that this flaw stemmed from a recent change in the user interface, which allowed customers to deposit and use funds before they were fully confirmed.

A deeper investigation revealed three accounts, including one belonging to a security researcher, who exploited the vulnerability over several days to siphon $3 million.

Percoco stated: “This individual found a flaw in our system and exploited it to add $4 of cryptocurrency to their account.” “This was enough to validate the flaw, submit a bug bounty report, and earn a significant reward per our program's terms.”

“Instead of following the proper channels, the ‘security researcher’ disclosed the vulnerability to two others they were working with. They exploited the flaw to withdraw nearly $3 million from Kraken accounts. This money came from Kraken’s treasury, not from other customers' assets.”

Blockchain security company CertiK took responsibility for the breach on Kraken, revealing that they had identified several serious vulnerabilities allowing for the creation of cryptocurrency in any account, which could then be withdrawn and converted into legitimate crypto assets.

CertiK noted, "Over a few days, with multiple fake tokens created and withdrawn to legitimate cryptocurrencies, there were no blocking or risk control mechanisms activated until CertiK reported the issue. The question is, why did Kraken’s sophisticated defense system not detect multiple trial transactions? Withdrawing large sums from different test accounts was part of our testing process."

This development comes as Kraken accuses a “third-party security research company” of exploiting the flaw for financial gain before reporting it.

Nhận xét

Đăng nhận xét

Bài đăng phổ biến từ blog này

Kraken Launches DeFi-Compatible Wrapped Bitcoin Token 'kBTC'

Hình ảnh
  Kraken has introduced its own Wrapped Bitcoin product, named kBTC, which is integrated with both Ethereum and OP Mainnet. This launch follows the footsteps of Coinbase, which unveiled its Wrapped Bitcoin (cbBTC) last month. kBTC will be backed on a 1:1 basis with Bitcoin (BTC), and the collateralized Bitcoin will be stored in a separate wallet at Kraken Financial, the exchange's US-based regulated custody solution. The wallet address will be made public so that users can verify the full amount of Bitcoin backing the reserves. Kraken isn't the only major company to launch a Wrapped Bitcoin token. BitGo, the custodian behind WBTC since 2019, announced in October that it would transfer the custodianship of the 9.4 billion USD WBTC in circulation to a new entity. The new custodian is BiT Global, a joint venture between BitGo, Justin Sun, and the TRON ecosystem, registered in Hong Kong. In addition, last month, Coinbase launched its own Wrapped Bitcoin product called cbBTC, availa...
Đọc thêm

Kraken: 73% of U.S. Investors Expected to Return to the Cryptocurrency Market by 2025

Hình ảnh
  A recent survey by Kraken revealed promising news for the cryptocurrency market: 73% of U.S. cryptocurrency holders plan to reinvest by 2025. This indicates strong confidence in the market's future, despite recent fluctuations. The study, conducted with 2,537 Americans, shows that many crypto holders intend to continue investing in 2025, dispelling concerns about the market's decline. This suggests the market’s growth potential and enduring appeal. More Americans are recognizing the real value of cryptocurrencies. According to the survey, 43% believe cryptocurrencies offer more economic security than traditional banking, while 52% view them as a promising long-term investment. Additionally, 55% of Americans—whether or not they currently hold crypto—acknowledge its practical value, though 29% remain uncertain about its future. Despite a more positive outlook for crypto, misconceptions about blockchain technology remain. The survey also revealed that 60% of participants associa...
Đọc thêm