Security News > 2024 > June > "Researchers" exploit Kraken exchange bug, steal $3 million in crypto
The Kraken crypto exchange disclosed today that alleged security researchers exploited a zero-day website bug to steal $3 million in cryptocurrency and then refused to return the funds.
The hack was disclosed by Kraken Chief Security Officer Nick Percoco on X, explaining that the exchange's security team received a vague bug report on June 9th about an "Extremely critical" that allowed anyone to increase the balances in a Kraken wallet artificially.
Kraken says they investigated the report and discovered a bug allowing attackers to initiate deposits and receive the funds, even if the deposit failed.
After fixing the bug, they discovered that three users exploited it as a zero-day to steal $3 million from the exchange's treasury.
Percoco says that the bug was disclosed to two other people associated with the researcher, who used it to withdraw an additional $3 million in stolen funds from their Kraken accounts.
After contacting the researcher about this withdrawal, Percoco says the researchers refused to return the crypto or share any information regarding the vulnerability as expected in a bug disclosure.
News URL
Related news
- Canadian charged with stealing $65 million using DeFI crypto exploits (source)
- Researchers Find New Exploit Bypassing Patched NVIDIA Container Toolkit Vulnerability (source)
- ⚡ THN Weekly Recap: Alerts on Zero-Day Exploits, AI Breaches, and Crypto Heists (source)
- US seizes domain of Garantex crypto exchange used by ransomware gangs (source)
- International cops seize ransomware crooks' favorite Russian crypto exchange (source)
- U.S. Secret Service Seizes Russian Garantex Crypto Exchange Website (source)
- Uncle Sam charges alleged Garantex admins after crypto-exchange web seizures (source)
- Garantex crypto exchange admin arrested while on vacation (source)
- BlackLock Ransomware Exposed After Researchers Exploit Leak Site Vulnerability (source)