Kraken, a popular crypto exchange, is currently facing extortion from a research team that managed to exploit a bug in its funding system, resulting in the withdrawal of $3 million from the company’s funds. The hack was discovered by Kraken’s Chief Security Officer, Nick Percoco, who revealed the details on Wednesday.
According to Percoco, the security researcher responsible for finding the flaw in the funding system informed two other individuals about it, leading to the withdrawal of millions of dollars from Kraken’s treasury. However, the researcher failed to include this information in their initial bug bounty report, causing suspicion within the company.
In response, Kraken requested a detailed account of the researcher’s activities, proof of concept regarding the on-chain activity, and the return of the withdrawn funds. However, the security researchers refused to comply. Percoco labeled this behavior as extortion rather than white-hat hacking.
This incident comes at a time when crypto hacking cases are on the rise. According to a report by blockchain analytics firm Chainalysis, hackers stole approximately $1.7 billion worth of digital assets in 2023 alone, with 231 hacking incidents recorded, an increase from the previous year.
In an effort to combat scams and fraud, Kraken, along with other major companies like Ripple, Coinbase, and Gemini, recently joined forces with the Global Anti-Scam Organization to establish the “Tech Against Scams” coalition. The coalition aims to share best practices and collaborate on initiatives to protect users from security risks.
While Kraken has not disclosed the identity of the research team involved in the extortion, the company has classified the situation as a criminal matter and is cooperating with law enforcement. Despite this setback, Kraken remains committed to its Bug Bounty program and intends to work with ethical researchers in the future to enhance the security of the crypto ecosystem.
