Kraken’s chief security officer disclosed that a bug in the exchange’s funding system led to a $3 million loss after being exploited by rogue security researchers.

American crypto exchange Kraken lost around $3 million worth of crypto in early June after a rogue “security researcher” exploited a bug in the exchange’s funding system. Kraken’s chief security officer Nick Percoco disclosed the incident in an X thread, emphasizing the breach of ethical standards by the individuals involved.

As per Percoco, the team first received a notification from a “security researcher” about a potential bug on Jun. 9. Later on, the team found a “flaw deriving from a recent UX change” that would allow credit client accounts before their assets cleared, enabling clients to effectively trade crypto markets in real-time. The Kraken CSO admitted the exchange didn’t test the UX change against that specific attack vector prior to the attack.

Get to know Trustleak

Trustleak crypto signal is a  service which provide profitable crypto and forex signals. Trustleak tried to provide you signals of best crypto channels in the world.

It means that you don’t need to buy individual crypto signal vip channels that have expensive prices. We bought all for you and provide you the signals with bot on telegram without even a second of delay.

Trustleak crypto leak service have multiple advantages in comparision with other services:

•  Providing signal of +100 best crypto vip channels in the world
• Using high tech bot to forward signals
• Without even a second of delay
• Joining in +160 separated channels on telegram
• 1 month, 3 months , 6 months and yearly plans
• Also we have trial to test our services before you pay for anything

For joining Trustleak and get more information about us only need to follow trustleak bot on telegram and can have access to our free vip channels. click on link bellow and press start button to see all features

Join for Free

☟☟☟☟☟

https://t.me/Trustleakbot

Also you can check the list of available vip signal channels in the bot. by pressing Channels button.

“This UX change was not thoroughly tested against this specific attack vector  Percoco wrote.

After patching the vulnerability, Kraken discovered that three accounts had earlier exploited the same flaw within a few days of each other. Instead of reporting the bug directly, the security researcher allegedly shared the information with two associates, Percoco said, adding that the unknown individuals ultimately withdrew nearly $3 million from Kraken’s treasuries.

Percoco pointed out that the initial report from the “security researcher” didn’t fully disclose the bug, so the team had to re-confirm some details to progress with rewarding them for successfully identifying a security flaw.

Kraken requested a full account of their activities, a proof of concept, and the return of the withdrawn funds. However, the individuals refused to comply, which Percoco described as “not white-hat hacking” but rather “extortion.” It remains unclear whether Kraken identified all the attackers or managed to recover the stolen funds.