Back to Markets
Crypto▲ Bullish
Kraken Patches Extortion Bug in 47 Minutes; No BTC Funds Lost
Only three accounts were impacted by the UI flaw before the exchange resolved the issue. Traders should monitor upcoming security audits for further updates.
Continue with
Security Incident Details
Kraken confirmed this week that it successfully blocked an extortion attempt involving a security vulnerability. The exchange stated that while a researcher exploited a bug to gain access to limited client information, the company’s core systems remained secure. No user funds were at risk during the incident.
Chief Security Officer Nick Percoco clarified that the issue stemmed from a flaw in the platform’s user interface. A security researcher contacted Kraken on June 9, claiming they had discovered a way to artificially inflate their balance. The researcher provided proof of concept, which triggered an internal investigation.
The Timeline of Exposure
According to the exchange, the security flaw existed for a limited window. The firm moved to resolve the issue within hours of the report. The internal audit identified that the vulnerability allowed a user to deposit a specific asset and receive a credit of a much higher value.
- Incident discovery: June 9, 2024
- Resolution time: Within 47 minutes of the report
- System impact: Zero unauthorized withdrawals of customer funds
"We were contacted by a security researcher regarding a bug that allowed them to artificially inflate their balance in their account. They didn't conduct a standard bug bounty program report but instead demanded an exorbitant amount of money to disclose the details," said Nick Percoco, Kraken’s Chief Security Officer.