Kraken reveals a $3 million theft by a "security researcher" who exploited a bug and is now demanding a reward. The exchange emphasizes this as extortion, not ethical hacking.
Cryptocurrency exchange Kraken is embroiled in a controversy involving a "security researcher" who exploited a bug to withdraw $3 million worth of digital assets. The incident has raised questions about the boundaries between ethical hacking and extortion.
Key Points:
Bug Discovery and Exploit: An anonymous security researcher discovered a critical bug in Kraken's system, leading to the unauthorized withdrawal of over $3 million.
Extortion Claims: Kraken's Chief Security Officer, Nicholas Percoco, stated that the researcher demanded a reward for the stolen funds, labeling the act as extortion rather than ethical hacking.
No User Funds Endangered: Kraken confirmed that the stolen assets were from the exchange’s treasury, assuring that no user funds were compromised.
Law Enforcement Involvement: Kraken is collaborating with law enforcement agencies to recover the stolen assets and holds firm on not rewarding the extortionists.
Ongoing Security Measures: Despite the setback, Kraken continues to prioritize its bug bounty programs to enhance security and prevent future incidents.
Kraken's encounter with a rogue security researcher highlights the delicate balance between recognizing ethical contributions and dealing with malicious exploits. As the exchange works to recover the stolen funds, it reaffirms its commitment to robust security measures and transparency.
Source: Cointelegraph
Commentaires