{"id":327036,"date":"2024-06-20T05:38:01","date_gmt":"2024-06-20T00:08:01","guid":{"rendered":"https:\/\/dripp.zone\/news\/?p=327036"},"modified":"2024-06-20T05:40:56","modified_gmt":"2024-06-20T00:10:56","slug":"kraken-security-officer-says-black-hat-entity-exploited-exchange-for-3000000-upon-finding-isolated-bug-in-code-crypto-news","status":"publish","type":"post","link":"https:\/\/dripp.zone\/news\/kraken-security-officer-says-black-hat-entity-exploited-exchange-for-3000000-upon-finding-isolated-bug-in-code-crypto-news\/","title":{"rendered":"Kraken Security Officer Says Black Hat Entity Exploited Exchange for $3,000,000 Upon Finding \u2018Isolated Bug\u2019 in Code &#8211; Crypto News"},"content":{"rendered":"<p><\/p>\n<div>\n<p>A Kraken executive says that a black hat entity stole $3 million from the firm after finding a bug in the exchange\u2019s systems.<\/p>\n<p>In a lengthy thread on the social media platform X, Nick Percoco, Kraken\u2019s chief security officer, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/x.com\/c7five\/status\/1803403632689189154\">says<\/a> that earlier this month, Kraken received an update from their Bug Bounty program claiming there was an \u201cextremely critical\u201d bug that would allow hackers to artificially inflate their funds.<\/p>\n<p>Says Percoco,<\/p>\n<p><em>\u201cWithin minutes we discovered an isolated bug. This allowed a malicious attacker, under the right circumstances, to initiate a deposit onto our platform and receive funds in their account without fully completing the deposit. <\/em><\/p>\n<p><em>To be clear, no client\u2019s assets were ever at risk. However, a malicious attacker could effectively print assets in their Kraken account for a period of time.\u201d <\/em><\/p>\n<p>According to Percoco, after patching the bug, Kraken discovered that three accounts had used this flaw to their advantage. Eventually, through know-your-customer (KYC) forms, Kraken was able to link one of the accounts to a person who claimed to be a security expert.<\/p>\n<p>However, instead of <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/x.com\/c7five\/status\/1803403604667277520\">reporting<\/a> this exploit to Kraken, the individual allegedly told two other people, who went on to curate and withdraw nearly $3 million from their accounts.<\/p>\n<p>Percoco goes on to <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/x.com\/c7five\/status\/1803403617543888940\">allege<\/a> the person and his unnamed accomplices are refusing to give the money back, instead demanding the crypto exchange hand over a speculated amount of money that the bug would have caused had they not found it.<\/p>\n<p>Bug bounty programs allow companies to offer compensation to individuals if they find and report bugs. Known as \u201cwhite-hat hackers,\u201d these bug hunters allow companies to protect themselves from hacks and exploits.<\/p>\n<p>Percoco <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/x.com\/c7five\/status\/1803403622853779962\">says<\/a> that taking advantage of Bug bounty programs to exploit firms makes one a criminal.<\/p>\n<p><em> \u201cAs a security researcher, your license to \u2018hack\u2019 a company is enabled by following the simple rules of the bug bounty program you are participating in. Ignoring those rules and extorting the company revokes your \u2018license to hack.\u2019 It makes you, and your company, criminals.\u201d <\/em><\/p>\n<p><em><span style=\"font-size: 13pt\">Don&#8217;t Miss a Beat \u2013 <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/dailyhodl.com\/join-the-daily-hodl-email-list\/\">Subscribe<\/a> to get email alerts delivered directly to your inbox <\/span><\/em><br \/>\n<br \/>\n<em><span style=\"font-size: 13pt\">Check <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/dailyhodl.com\/crypto-markets\/\">Price Action<\/a><\/span><\/em><br \/>\n<br \/>\n<em><span style=\"font-size: 13pt\">Follow us on <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/TheDailyHodl\">X<\/a>, <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.facebook.com\/thedailyhodl\/\">Facebook<\/a> and <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/t.me\/thedailyhodl\">Telegram<\/a><\/span><\/em><br \/>\n<br \/>\n<em><span style=\"font-size: 13pt\">Surf <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/dailyhodl.com\/daily-hodl-mix\">The Daily Hodl Mix<\/a><\/span><\/em><br \/>\n<\/p>\n<div class=\"hideinamp\">\n<p>&amp;nbsp<\/p>\n<h6>Disclaimer: Opinions expressed at The Daily Hodl are not investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please be advised that your transfers and trades are at your own risk, and any losses you may incur are your responsibility. The Daily Hodl does not recommend the buying or selling of any cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.<\/h6>\n<\/div>\n<p><em><span style=\"font-size: 10pt\">Generate<\/span> Image: Midjourney<\/em><\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>A Kraken executive says that a black hat entity stole $3 million from the firm after finding a bug in the exchange\u2019s systems. In a lengthy thread on the social media platform X, Nick Percoco, Kraken\u2019s chief security officer, says that earlier this month, Kraken received an update from their Bug Bounty program claiming there [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":327044,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[173],"tags":[201,248,251,246,257,255,250,252,247,253,249,256,254],"class_list":["post-327036","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-others","tag-blockchain","tag-bsc","tag-chainlink","tag-coin","tag-cryptocurrency","tag-gta","tag-looks-rare","tag-oracle","tag-polygon","tag-quickswap","tag-safe-moon","tag-wallet","tag-wordpress"],"_links":{"self":[{"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/posts\/327036","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/comments?post=327036"}],"version-history":[{"count":3,"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/posts\/327036\/revisions"}],"predecessor-version":[{"id":327060,"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/posts\/327036\/revisions\/327060"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/media\/327044"}],"wp:attachment":[{"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/media?parent=327036"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/categories?post=327036"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dripp.zone\/news\/wp-json\/wp\/v2\/tags?post=327036"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}