Kraken Crypto Exchange Hit by $3 Million Zero-Day Flaw Exploitation

Kraken, a popular crypto exchange, recently fell victim to a cyber attack that saw an unnamed security researcher exploit a zero-day flaw in the platform to steal $3 million in digital assets. The incident was revealed by Kraken’s Chief Security Officer, Nick Percoco, who shared details of the breach on social media.

According to Percoco, the security researcher discovered a bug that allowed them to artificially inflate their balance on the platform. The flaw enabled the attacker to initiate a deposit onto the platform and receive funds in their account without fully completing the deposit process. While Kraken was quick to address the issue within 47 minutes, three accounts, including one belonging to the security researcher, managed to siphon $3 million from the platform.

In a surprising twist, when approached by Kraken to return the stolen funds, the security researcher and their associates demanded a payment in exchange for releasing the assets. Percoco condemned this behavior as extortion and emphasized that such actions revoke the “license to hack” granted to security researchers participating in bug bounty programs.

Kraken is treating the incident as a criminal case and is working with law enforcement agencies to investigate the matter further. The company stressed that no client assets were at risk during the breach and urged the individuals involved to return the stolen funds.

As the investigation unfolds, the crypto community is reminded of the importance of ethical hacking practices and the consequences of exploiting vulnerabilities for personal gain. Stay tuned for more updates on this developing story.