Back to Markets
Crypto▼ Bearish
Kraken Rejects Extortion Demand Following Security Breach
The exchange refused to pay hackers who exploited a balance-inflation bug. Kraken is now working with law enforcement to recover assets and secure its platform.
Continue with
A Stand Against Extortion
Crypto exchange Kraken has taken a hard line against hackers who recently accessed sensitive user data. The company confirmed it was targeted by a security researcher who obtained private information through a bug bounty program. Rather than paying a ransom to the attackers, Kraken stated it would not meet their demands.
Chief Security Officer Nick Percoco detailed the incident in a public statement. He explained that a security researcher discovered a bug that allowed them to artificially inflate their balance on the platform. The researcher then used this vulnerability to withdraw funds from the exchange.
The Anatomy of the Breach
According to Kraken, the incident involved a small number of accounts that were exploited to withdraw funds. The company quickly patched the vulnerability after it was reported. However, the situation escalated when the security researcher and their associates refused to return the funds unless the exchange provided a massive payout.
Percoco noted that the group behind the theft demanded a payment that was not part of the standard bug bounty process. The exchange declined these terms, labeling the request as extortion. The company is now working with law enforcement to recover the stolen assets.
"We have a bug bounty program, but this was a blatant extortion attempt. We will not be coerced into paying for the return of stolen property," said Nick Percoco.