Kraken, a cryptocurrency exchange, has announced that a $3 million digital asset bug has been discovered by a research team. An anonymous self-proclaimed ‘security researcher’ identified a critical security flaw and informed Kraken on June 9. However, two accounts linked to the researcher exploited the bug and withdrew over $3 million in digital assets. Kraken’s chief security officer, Nick Percoco, revealed this information. Following the large withdrawal, the researcher demanded a reward for the stolen funds in a post on June 19. Kraken reassures that user funds were not at risk, as the cryptocurrency was taken directly from the exchange’s treasury. Cointelegraph has reached out to Kraken for further comment.
One of the three Kraken accounts linked to the exploit had previously completed Know Your Customer (KYC) verification to an individual claiming to be a security researcher, but the person’s identity remains unknown. The individual who discovered the bug initially proved the flaw with a small crypto transfer worth $4, which would have been enough to receive a reward from Kraken’s bounty program. However, the individual disclosed the bug to two other accounts that fraudulently siphoned nearly $3 million from their Kraken accounts. Percoco stated that this behavior is more like extortion than ethical hacking.
In 2024, crypto hackers and exploiters could have a more successful year compared to 2023. In the first quarter of 2024, hackers stole digital assets valued at $542.7 million, a 42% increase compared to the same period in 2023. Private key leaks were the leading cause of growing exploits, not smart contract-related exploits. The amount of hacked funds lost to smart contract vulnerabilities fell 92% to $179 million in 2023, down from $2.6 billion in 2022, according to Merkle Science’s “2024 Crypto HackHub Report.” Over 55% of the hacked digital assets were lost to private key leaks during 2023.
The cryptocurrency industry has suffered 785 reported hacks and exploits, resulting in nearly $19 billion lost during the past 13 years. Kraken, on the other hand, has had to deal with a $3 million digital asset bug.