Kraken, one of the largest cryptocurrency exchanges in the world, has accused a trio of security researchers of discovering a critical bug, exploiting it to steal millions in digital cash, and then using the stolen funds to pressure the exchange for more.
Quick guide to investing in cryptocurrency 🚀 #kraken #trading #stockmarket #investeringstips #cripto
The exchange wrote about the issue yesterday, saying the exploit allowed some users "to artificially increase the value of their Kraken account balance without fully completing a deposit." Kraken security chief Nicholas Percoco told X that the researchers didn't provide any details in their bug report, but that his team discovered the flaw within an hour.
According to Percoco, the issue stemmed from a recent UX change that would credit customer accounts before the assets were actually cleared to create an artificial sense of real-time cryptocurrency trading. "This UX change was not thoroughly tested against this specific attack vector," admitted Percoco at X.
Just reporting the bug would have been enough for a sizable reward, Percoco added. The researcher who disclosed the vulnerability, which Kraken did not name "because they did not conform to industry expectations for [bug bounty]," did not stop there, however.