Kraken's Chief Security Officer: Exploiters extracted nearly $3 million from Kraken, customer assets are not threatened and the vulnerability has been resolved

ChainCatcher news, Kraken's Chief Security Officer Nick Percoco disclosed on the X platform that on June 9, 2024, Kraken received a vulnerability bounty alert from a security researcher, stating that an "extremely serious" vulnerability had been discovered. This vulnerability allowed attackers to increase their account balance without completing deposits under certain circumstances.

The Kraken team quickly fixed the vulnerability and found that three accounts had exploited it, one of which claimed to be a security researcher. This researcher, along with the other two, withdrew nearly $3 million. Kraken's request for the funds to be returned was unsuccessful, stating that their actions constituted extortion, and the matter has been treated as a criminal case. Kraken reiterated the importance and transparency of its vulnerability bounty program.