Kraken Bug Bounty Program Helps Exchange Detects Extremely Critical Vulnerability

Key Points:

• Kraken identified and quickly resolved an “extremely critical” vulnerability on June 9, preventing unauthorized balance increases without compromising customer assets.
• The bug allowed malicious actors to initiate deposits and withdraw funds under specific conditions, resulting in a $3 million loss from Kraken’s funds, not affecting customer assets.
• Chief Security Officer Nick Percoco assured users of enhanced security measures post-incident with the Kraken Bug Bounty program being effective.

Kraken Exchange’s Chief Security Officer, Nick Percoco, recently addressed a significant security incident following the discovery of an “extremely critical” vulnerability in their platform.

Critical Security Vulnerability Discovered Thanks to Kraken Bug Bounty Program

On June 9, the Kraken Bug Bounty program was announced from a researcher highlighting the exploit. Initially, details were scant, but the vulnerability allowed for unauthorized balance increases on the platform without endangering customer assets.

According to Percoco, the issue stemmed from a specific bug that enabled malicious actors to initiate deposits and receive funds without completing the process under certain conditions.

Kraken Enhances Security Measures Following Swift Resolution

Although Kraken swiftly categorized the vulnerability as “extremely critical,” they acted promptly, resolving the issue within just 47 minutes of its discovery. A comprehensive investigation revealed that the exploit affected three accounts, resulting in the withdrawal of approximately $3 million from Kraken’s own funds, not affecting customer assets.

Percoco emphasized that such vulnerabilities are swiftly addressed, despite occasional false bug reports received under the Kraken Bug Bounty program. Following the incident, Kraken has reinforced its security measures to prevent similar occurrences in the future.

The exchange assured its users that their assets remained secure throughout the incident and reiterated its commitment to maintaining robust security protocols. With the issue fully resolved within hours of detection, Kraken continues to operate without disruption.