{"id":32694,"date":"2024-06-19T15:35:10","date_gmt":"2024-06-19T15:35:10","guid":{"rendered":"https:\/\/crowdfundjunction.com\/blog\/kraken-patches-isolated-bug-says-no-user-funds-stolen\/"},"modified":"2024-06-19T15:35:10","modified_gmt":"2024-06-19T15:35:10","slug":"kraken-patches-isolated-bug-says-no-user-funds-stolen","status":"publish","type":"post","link":"https:\/\/crowdfundjunction.com\/blog\/kraken-patches-isolated-bug-says-no-user-funds-stolen\/","title":{"rendered":"Kraken patches &#8220;isolated bug&#8221;, says no user funds stolen"},"content":{"rendered":"<p><b>(Originally posted on : CoinJournal: Latest Crypto News, Altcoin News and Cryptocurrency Comparison )<\/b><br \/>\n<\/p>\n<div>\n<div class=\"post-article-image  -mt-24  mb-8  lg:-mt-32  rounded  overflow-hidden\">\n<picture><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2024\/02\/1635414824384-bd25f2c6-511d-4aca-92ca-a65c494deeb7-smartcrop-750x375.webp\" type=\"image\/webp\" media=\"(min-width: 750px)\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2024\/02\/1635414824384-bd25f2c6-511d-4aca-92ca-a65c494deeb7-smartcrop-363x181.webp\" type=\"image\/webp\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2024\/02\/1635414824384-bd25f2c6-511d-4aca-92ca-a65c494deeb7-smartcrop-750x375.jpg\" type=\"image\/jpeg\" media=\"(min-width: 750px)\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2024\/02\/1635414824384-bd25f2c6-511d-4aca-92ca-a65c494deeb7-smartcrop-363x181.jpg\" type=\"image\/jpeg\"\/>\n<\/picture>                    <\/div>\n<ul>\n<li><span style=\"font-weight: 400\">Kraken says it patched a bug that would have allowed exploiters to inflate account balances<\/span><\/li>\n<li>Bug discovered by a security researcher, whose connected accounts reportedly siphoned $3 million from Kraken treasury by exploiting the vulnerability.<\/li>\n<\/ul>\n<p><span style=\"font-weight: 400\"><a href=\"https:\/\/coinjournal.net\/news\/tag\/kraken\/\">Kraken<\/a> has announced that its security team has patched a bug that would have allowed certain users to potentially inflate their account balances on the exchange.<\/span><\/p>\n<p><span style=\"font-weight: 400\">The announcement follows Kraken\u2019s revelation that a security researcher had identified the vulnerability as part of the exchange\u2019s bug bounty program.<\/span><\/p>\n<p><span style=\"font-weight: 400\">\u201cOn June 9 2024, we received a Bug Bounty program alert from a security researcher. No specifics were initially disclosed, but their email claimed to find an \u201cextremely critical\u201d bug that allowed them to artificially inflate their balance on our platform,\u201d Kraken chief security officer Nick Percoco <a href=\"https:\/\/x.com\/c7five\/status\/1803403565865771370\" target=\"_blank\" rel=\"noopener\">posted<\/a> on X.<\/span><\/p>\n<h2><span style=\"font-weight: 400\">$3 million stolen, not user funds<\/span><\/h2>\n<p><span style=\"font-weight: 400\">Specifically, the flaw would have allowed certain users, albeit a short period of time, to \u201cartificially increase the value of their Kraken account balance without fully completing a deposit,\u201d the exchange said in a <a href=\"https:\/\/blog.kraken.com\/product\/security\/kraken-bug-bounty-program-patches-isolated-bug\" target=\"_blank\" rel=\"noopener\">blog post<\/a>.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Kraken has since patched this bug in its deposit and funding system and noted that it did not impact any customer funds.<\/span><\/p>\n<p><span style=\"font-weight: 400\">However, while the exchange has fixed the isolated bug, the report came after two users had already exploited the vulnerability to withdraw $3 million from their accounts. These accounts are reportedly related to the same security researcher that identified the bug and informed Kraken.<\/span><\/p>\n<p><span style=\"font-weight: 400\">Allegedly, the unnamed individual informed Kraken of the bug after the $3 million withdrawal.<\/span><\/p>\n<p><span style=\"font-weight: 400\">According to Percoco, despite the huge withdrawal, the security researcher has demanded that they get his bounty reward.<\/span><\/p>\n<p><span style=\"font-weight: 400\">\u201cWe\u2019ll not disclose this research company because they don\u2019t deserve recognition for their actions. We are treating this as a criminal case and are coordinating with law enforcement agencies accordingly. We\u2019re thankful this issue was reported, but that\u2019s where that thought ends,\u201d Percoco added.<\/span><\/p>\n<div class=\"post-meta\">\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Share this article<\/h6>\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Categories<\/h6>\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Tags<\/h6>\n<\/p><\/div>\n<\/p><\/div>\n<p><a href=\"https:\/\/coinjournal.net\/news\/kraken-patches-isolated-bug-says-no-user-funds-stolen\/\">Source link <\/a><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>(Originally posted on : CoinJournal: Latest Crypto News, Altcoin News and Cryptocurrency Comparison ) Kraken says it patched a bug that would have allowed exploiters to inflate account balances Bug discovered by a security researcher, whose connected accounts reportedly siphoned $3 million from Kraken treasury by exploiting the vulnerability. Kraken has announced that its security [&hellip;]<\/p>\n","protected":false},"author":13,"featured_media":32695,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[35],"tags":[],"_links":{"self":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/32694"}],"collection":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/users\/13"}],"replies":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/comments?post=32694"}],"version-history":[{"count":0,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/32694\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media\/32695"}],"wp:attachment":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media?parent=32694"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/categories?post=32694"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/tags?post=32694"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}