Odaily Planet Daily News: Nick Percoco, Chief Security Officer of Kraken Exchange, disclosed in an article on the X platform that on June 9, a security researcher issued a Bug Bounty program alert. No specific details were initially disclosed, and only an email claimed to have found an "extremely serious" vulnerability that allowed them to artificially increase the balance on our platform. Kraken receives fake vulnerability bounty reports from people claiming to be "security researchers" every day. This is nothing new for anyone running a vulnerability bounty program. But a few minutes later, Kraken discovered an isolated vulnerability. Under the right circumstances, a malicious attacker can initiate a deposit on the platform and deposit funds into their account without completing the deposit. It should be clear that customers' assets have never been threatened. However, malicious attackers can effectively steal assets from their Kraken accounts for a period of time. Kraken classified this vulnerability as "serious" and the expert team mitigated the problem within an hour (47 minutes to be exact). Within a few hours, this problem was completely fixed and will not happen again. Through a thorough investigation of the situation, it was soon discovered that 3 accounts had exploited this vulnerability within a few days. After further investigation, it was found that the KYC of one of the accounts was owned by a person claiming to be a security researcher. This "security researcher" disclosed the vulnerability to two other people who worked with him. These two people ultimately withdrew nearly $3 million from Kraken accounts through fraudulent means. This money came from Kraken's funds, not other customer assets. In the spirit of transparency, Kraken disclosed this vulnerability incident to the industry today.