The Kraken cryptocurrency exchange was exploited recently, with hackers making away with $3 million worth of cryptocurrencies.
The hackers behind the exploit stole funds after exploiting a recently detected security vulnerability. The attacker behind the exploit has been draining funds from the exchange since January this year to steal digital assets.
Kraken Loses $3M to Hacking Exploit
The hack in question was conducted by a security researcher who detected the bug on the exchange’s system on June 9.
Despite the researcher using the Kraken bug bounty program to find the flaw, they never recommended a patch and exploited it.
According to the chief security officer at Kraken, Nicholas Percoco, two accounts linked to the cybersecurity researcher exploited the flaw and stole the digital assets in question.
The researcher withdrew over $3 million of digital assets from the exchange and is now seeking a reward to return the stolen funds.
When the hacker exploited the flaw and stole the funds, they sought a call with the business development team. However, they said they would return the funds once reimbursed for the amount a threat actor would have stolen if they had exploited the flaw.
“We are being accused of being unreasonable and unprofessional for requesting that “white-hat hackers” return what they stole from us. Unbelievable,” Percoco said.
The funds in question were stolen from the Kraken treasury. The exchange has also assured users that their funds were not endangered.
Kraken Says Researchers Behind Exploit Are Not White Hats
The Kraken exchange has said that the exploit in question is related to three accounts on the Kraken exchange.
One of the accounts in question has previously completed a Know Your Customer (KYC) verification process. This account is associated with a security researcher, but their identity remains unknown.
The individual who detected the security flaw initially proved its existence by transferring crypto assets worth $4. Given that the hacker had demonstrated the existence of the hack, they qualified for “sizable rewards” from the Kraken bounty program.
However, the individual later revealed the bug’s existence to two other accounts, which later exploited it and stole nearly $3 million from the Kraken Treasury.
The exchange now says that the behavior of these hackers resembles extortion and not white hat hacker behavior.
The exploit comes as hacks across the crypto industry continue to increase in 2024. During the first three months of the year, threat actors made away with digital assets worth $542 million. This represented a 42% growth from Q1 2023.
