Kraken Crypto Exchange Bug Exploited, $3M Withdrawn Amid Tension
The Essentials in Brief
A serious bug in the Kraken cryptocurrency exchange system allowed users to withdraw digital assets worth at least 3 million US dollars. This incident, uncovered by a security researcher, not only caused a stir but also strained the relationship between Kraken and the blockchain security company CertiK. CertiK feels threatened by Kraken’s demands to repay the stolen amounts.
How did the theft occur?
Kraken discovered a critical error in their system that allowed users to generate “free money” on their accounts by initiating deposits that were never completed. This error was exploited by a security researcher and his two acquaintances to withdraw nearly 3 million US dollars in digital assets from Kraken.
Kraken’s Reaction
After the incident came to light, Kraken assured that the assets of customers were never at risk, as the stolen funds came exclusively from Kraken’s reserves. Nicholas Percoco, Kraken’s Chief Security Officer, commented on X (formerly Twitter) about the incident and emphasized that they are demanding the “white-hat hackers” to return the stolen amounts.
CertiK in the Line of Fire
CertiK, which later identified itself as the security researcher who discovered the error, criticized the way Kraken handled the situation. The company publicly complained about Kraken’s demands to repay a “non-matching sum” of cryptocurrency in an “inappropriate time frame” without specifying concrete repair addresses. This reaction led to a public debate about the appropriate handling of such security gaps.
Our Assessment
This incident underscores the importance of a strong security infrastructure and effective crisis management within the cryptocurrency industry. While Kraken was striving to control the situation and ensure the security of customer funds, CertiK’s reaction raises questions about the responsibilities and expectations of security researchers. This case serves as a reminder that cooperation between crypto exchanges and security firms is crucial to maintaining user trust and securing the integrity of the crypto market.
Sources
– AMBCrypto
– X (formerly Twitter) posts by Nicholas Percoco and Lefteris Karapetsas
| Wagering requirements | 35x bonus |
| 35x free spins winnings | |
| Minimum deposit | €20 |
| Maximum bet | €5 |
| Bonus validity | 30 days to claim |
| 14 days to wager / 7 days for free spins |
- There is no maximum bonus amount.
- 10 Free Spins per day over ten (10) days on Gates of Olympus or Book of Ra Deluxe.
| Wagering requirements | 40x bonus |
| 40x free spins winnings | |
| Minimum deposit | 0.0005 BTC |
| Maximum bet | 0.00004 BTC |
| Bonus validity | 30 days after registration |
| 14 days (1st), 7 days (2nd), 1 day (3rd) |
- To get the bonus, enter the bonus code before the deposit.
- Minimum deposit: 0,07 BCH • 0,4 LTC • 233 DOG • 45 XRP • 0,01 ETH • 20 USDT • 69 ADA • 0,05 BNB • 184 TRX • 20 USDC.
- Maximum bet: 0.007 BCH • 0.0009 ETH • 0.04 LTC • 23 DOGE • 2 USDT • 4 XRP • 18 TRX • 7 ADA • 0.005 BNB • 2 USDC • 2 EUR • 2 USD.
- Free spins are provided in batches of 25 per day.
- Free spins are credited on the Gamebeat slots: Max Miner (1st), Book of Elixir (2nd) and Odin’s Tree (3rd).
| Wagering requirements | 40x bonus |
| Minimum deposit | 0,1 mBTC |
| Maximum bet | $5 per spin |
| Bonus validity | 7 days to wager |
- There is no cap on winnings or withdrawals.
Advertising transparency