Phone : +91 95 8290 7788 | Email : sales@itmonteur.net

Register & Request Quote | Submit Support Ticket

Home » Cyber Security News » Vulnerabilities & Exploits » Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw

Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw

Kraken Crypto Exchange Hit by $3 Million Theft Exploiting Zero-Day Flaw

https://firewall.firm.in/wp-content/uploads/2024/06/crypto.png

Jun 19, 2024NewsroomCybercrime / Crypto Security

Zero-Day Flaw

Crypto exchange Kraken revealed that an unnamed security researcher exploited an “extremely critical” zero-day flaw in its platform to steal $3 million in digital assets and refused to return them.

Details of the incident were shared by Kraken’s Chief Security Officer, Nick Percoco, on X (formerly Twitter), stating it received a Bug Bounty program alert about a bug that “allowed them to artificially inflate their balance on our platform” without sharing any other details

The company said it identified a security issue within minutes of receiving the alert that essentially permitted an attacker to “initiate a deposit onto our platform and receive funds in their account without fully completing the deposit.”

Cybersecurity

While Kraken emphasized that no client assets were at risk of the issue, it could have enabled a threat actor to print assets in their accounts. The problem was addressed within 47 minutes, it said.

It also said the flaw stemmed from a recent user interface change that allows customers to deposit funds and use them before they were cleared.

On top of that, further investigation unearthed the fact that three accounts, including one belonging to the supposed security researcher, had exploited the flaw within a few days of each other and siphon $3 million.

“This individual discovered the bug in our funding system, and leveraged it to credit their account with $4 in crypto,” Percoco said. “This would have been sufficient to prove the flaw, file a bug bounty report with our team, and collect a very sizable reward under the terms of our program.”

“Instead, the ‘security researcher’ disclosed this bug to two other individuals who they work with who fraudulently generated much larger sums. They ultimately withdrew nearly $3 million from their Kraken accounts. This was from Kraken’s treasuries, not other client assets.”

In a strange turn of events, on being approached by Kraken to share their proof-of-concept (PoC) exploit used to create the on-chain activity and to arrange the return of the funds that they had withdrawn, they instead demanded that the company get in touch with their business development team to pay a set amount in order to release the assets.

Cybersecurity

“This is not white hat hacking, it is extortion,” Percoco said, urging the concerned parties to return the stolen funds.

The name of the company was not disclosed, but Kraken said it’s treating the security event as a criminal case and that it’s coordinating with law enforcement agencies about the matter.

“As a security researcher, your license to ‘hack’ a company is enabled by following the simple rules of the bug bounty program you are participating in,” Percoco noted. “Ignoring those rules and extorting the company revokes your ‘license to hack.’ It makes you, and your company, criminals.”

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.


Information Security - InfoSec - Cyber Security - Firewall Providers Company in India

 

 

 

 

 

 

 

 

 

 

 

 

What is Firewall? A Firewall is a network security device that monitors and filters incoming and outgoing network traffic based on an organization's previously established security policies. At its most basic, a firewall is essentially the barrier that sits between a private internal network and the public Internet.

 

Secure your network at the gateway against threats such as intrusions, Viruses, Spyware, Worms, Trojans, Adware, Keyloggers, Malicious Mobile Code (MMC), and other dangerous applications for total protection in a convenient, affordable subscription-based service. Modern threats like web-based malware attacks, targeted attacks, application-layer attacks, and more have had a significantly negative effect on the threat landscape. In fact, more than 80% of all new malware and intrusion attempts are exploiting weaknesses in applications, as opposed to weaknesses in networking components and services. Stateful firewalls with simple packet filtering capabilities were efficient blocking unwanted applications as most applications met the port-protocol expectations. Administrators could promptly prevent an unsafe application from being accessed by users by blocking the associated ports and protocols.

 

Firewall Firm is an IT Monteur Firewall Company provides Managed Firewall Support, Firewall providers , Firewall Security Service Provider, Network Security Services, Firewall Solutions India , New Delhi - India's capital territory , Mumbai - Bombay , Kolkata - Calcutta , Chennai - Madras , Bangaluru - Bangalore , Bhubaneswar, Ahmedabad, Hyderabad, Pune, Surat, Jaipur, Firewall Service Providers in India

Sales Number : +91 95 8290 7788 | Support Number : +91 94 8585 7788
Sales Email : sales@itmonteur.net | Support Email : support@itmonteur.net

Register & Request Quote | Submit Support Ticket