Kraken, a leading cryptocurrency exchange, has reported a security breach in which an undisclosed white-hat hacker group exploited a bug and stole digital assets worth approximately $3 million from the platform's treasury. The group, claiming to be security researchers, are demanding a speculated amount of money that could have been lost if the bug was not disclosed before returning the stolen funds.
The bug allowed users to artificially inflate their balance on the platform. While customer funds were not at risk, the flaw enabled attackers to deposit and withdraw funds from Kraken's treasury without completing the deposits. The issue was resolved within two hours of identification.
Upon investigation, Kraken discovered that three accounts had exploited the bug, one of which belonged to a user claiming to be a security researcher. The researcher found the bug first and informed two colleagues who exploited the flaw for larger sums, collectively withdrawing roughly $3 million in crypto.
When asked to return the assets, the group refused and demanded Kraken provide an estimate of the potential damage caused by the bug. Kraken's chief security officer, Nick Percoco, has stated that the case is being treated as a criminal matter and is coordinating with law enforcement agencies.