Top Exchange Kraken Discovers “Extremely Critical” Bug

As a seasoned researcher with extensive experience in the field of cybersecurity and cryptocurrencies, I find the recent discovery of a critical bug on Kraken exchange both intriguing and concerning. While it’s reassuring to learn that no client assets were actually at risk, the potential for free money is always an allure for bad actors.


Kraken, a prominent cryptocurrency exchange, uncovered a significant issue: this glitch inadvertently enabled users to generate an unlimited supply of digital currency for free.

Despite the bug’s severity, the exchange says that no client’s assets were actually at risk. 

A security researcher brought a potential weakness in the worldwide cryptocurrency trading platform to their attention through an email communication.

As a dedicated crypto investor, I’ve encountered my fair share of false alerts, particularly in the form of bogus bug bounty reports. Yet, when I received that specific warning, I was reassured to find out that the exchange took it seriously. Their team sprang into action, meticulously investigating the matter to ensure the security and integrity of the platform for all users, including myself.

A member of Kraken’s support team uncovered an issue where malicious users could initiate a deposit on the platform, yet still receive the deposited funds into their own accounts without completing the necessary deposit steps.

A actor with questionable intentions could generate nonexistent assets on the Kraken platform as claimed by Nick Percoco, Kraken’s head of security. This issue arose from a recent user interface modification that allowed assets to be credited to accounts prior to their clearance.

A money-printing spree  

According to Percoco’s statement, three different accounts exploited a discovered bug, with one being a security researcher who gained a minimal profit of $4 in cryptocurrency before disclosing the issue to the other two individuals, resulting in significant prints of millions of dollars worth of crypto.

“Following the application of the fix, we conducted a comprehensive investigation and unearthed that three separate accounts had exploited this vulnerability within a short timeframe. Upon further examination, we identified one account belonging to an individual who had undergone Know Your Customer (KYC) verification, allegedly as a security researcher,” Percoco explained.

Read More

2024-06-19 16:30