Kraken Critical Vulnerabilities Could Lead To Hundreds Of Millions Of Dollars In Losses
Key Points:
- CertiK found Kraken critical vulnerabilities allowing counterfeit crypto withdrawals.
- Kraken allegedly threatened CertiK after initial fixes, demanding returns of funds.
Security agency CertiK recently announced the discovery of Kraken critical vulnerabilities, potentially leading to losses worth hundreds of millions of dollars.
CertiK Uncovers Kraken Critical Vulnerabilities in Security System
The investigation revealed that Kraken’s deposit system was unable to effectively distinguish between different internal transfer states. Kraken critical vulnerabilities allowed malicious actors to forge deposit transactions and withdraw these counterfeit funds without triggering any alarms.
During CertiK’s testing, millions of dollars in fake funds were successfully deposited into Kraken accounts, and over $1 million in fabricated cryptocurrencies were withdrawn and converted into valid assets. Despite initially acknowledging the issue and classifying it as “extremely critical,” Kraken’s response took a contentious turn.
CertiK reported that Kraken’s security team threatened its employees, demanding the return of unmatched cryptocurrencies within an unreasonably short timeframe without providing a repayment address. The timeline provided by CertiK detailed their use of Polygon’s MATIC token for testing deposit transactions.
“The real issue is why Kraken’s in-depth defense system failed to detect numerous test transactions,” CertiK stated. “Weak exchanges often boast about their strong risk controls and defense systems, but Kraken‘s failed miserably during our tests.”
CertiK decided to go public to protect user safety, urging Kraken to cease threats against white hat hackers and emphasizing the importance of collaboration to address security risks and safeguard the future of Web3.
Kraken Reports $3 Million Loss, Pursues Legal Action
Kraken Chief Security Officer Nick Percoco acknowledged that three accounts exploited the vulnerability, withdrawing nearly $3 million in total. He claimed that this behavior violated the vulnerability bounty program rules, crossing into extortion rather than white hat hacking.
Percoco alleged that three individuals linked to an unnamed research company were responsible for the withdrawals and refused to return any funds until Kraken disclosed the potential exploit’s size. Kraken is treating the matter as a criminal case and is cooperating with law enforcement agencies.
| DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing. |
Author
News
Kraken Critical Vulnerabilities Could Lead To Hundreds Of Millions Of Dollars In Losses
Key Points:
- CertiK found Kraken critical vulnerabilities allowing counterfeit crypto withdrawals.
- Kraken allegedly threatened CertiK after initial fixes, demanding returns of funds.
Security agency CertiK recently announced the discovery of Kraken critical vulnerabilities, potentially leading to losses worth hundreds of millions of dollars.
CertiK Uncovers Kraken Critical Vulnerabilities in Security System
The investigation revealed that Kraken’s deposit system was unable to effectively distinguish between different internal transfer states. Kraken critical vulnerabilities allowed malicious actors to forge deposit transactions and withdraw these counterfeit funds without triggering any alarms.
During CertiK’s testing, millions of dollars in fake funds were successfully deposited into Kraken accounts, and over $1 million in fabricated cryptocurrencies were withdrawn and converted into valid assets. Despite initially acknowledging the issue and classifying it as “extremely critical,” Kraken’s response took a contentious turn.
CertiK reported that Kraken’s security team threatened its employees, demanding the return of unmatched cryptocurrencies within an unreasonably short timeframe without providing a repayment address. The timeline provided by CertiK detailed their use of Polygon’s MATIC token for testing deposit transactions.
“The real issue is why Kraken’s in-depth defense system failed to detect numerous test transactions,” CertiK stated. “Weak exchanges often boast about their strong risk controls and defense systems, but Kraken‘s failed miserably during our tests.”
CertiK decided to go public to protect user safety, urging Kraken to cease threats against white hat hackers and emphasizing the importance of collaboration to address security risks and safeguard the future of Web3.
Kraken Reports $3 Million Loss, Pursues Legal Action
Kraken Chief Security Officer Nick Percoco acknowledged that three accounts exploited the vulnerability, withdrawing nearly $3 million in total. He claimed that this behavior violated the vulnerability bounty program rules, crossing into extortion rather than white hat hacking.
Percoco alleged that three individuals linked to an unnamed research company were responsible for the withdrawals and refused to return any funds until Kraken disclosed the potential exploit’s size. Kraken is treating the matter as a criminal case and is cooperating with law enforcement agencies.
| DISCLAIMER: The information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your own research before investing. |
Other Posts
Related Posts
Press Releases
PlayDoge ($PLAY) Achieves $5 Million Milestone in ICO, a Tamagotchi-Style Meme Coin
News
Notcoin Token Airdrop Is Superior to zkSync and LayerZero in Number of Users and Value
News
ZkSync Token Launch Doesn’t Bring Excitement as Expected as Price Continues to Drop
News
Circle USDC Stablecoin May Be The Biggest Beneficiary Under New European Guidelines
Press Releases
After Raising $5 Million, Sealana Announces Presale Ends in 5 Days – Last Chance to Buy
News
LayerZero Foundation Launches Airdrop Eligibility Checker for EVM and Aptos Addresses!
Knowledge
Everyone Is An Analyst: Recommend 7 Free On-chain Data Analysis Tools
News
Ripple’s XRP Sale Worth $78 Million Is Putting Great Pressure on Token Prices
News
Bitcoin Whale Wallets With Over 1,000 BTC Are Almost At A New All Time High
Latest
First US Government Bitcoin Transfer Worth $240M Made To Coinbase Prime
Hashed Expands To Abu Dhabi, Seeking New Era For Korean Startups
Missing Cryptoqueen Ruja Ignatova Wanted in US With New $5 Million Reward
Press Release
Copper & Sui partner to build out full institutional accessibility
Minutes Network closes in on its first 1.2 billion users with Smart Energy Water
