Kraken cryptocurrency exchange announced that a group of white hat hackers avoided returning approximately $3 million worth of digital assets they stole from the exchange's treasury by exploiting a bug in its systems. 🕵️‍♂️💰🔒 These hackers demand an estimated amount the exchange could lose before reporting bugs.

Kraken's security research team received a Bug Bounty program alert claiming to have found a "highly critical" bug that allowed users to artificially inflate their balances on the platform. While this bug did not put customer funds at risk, it did allow an attacker to add assets to their accounts and make withdrawals from Kraken's treasury.

This revealed that a security researcher was the first to find the trick and used the bug to add $4 worth of cryptocurrency to his Kraken account. However, instead of filing a bug bounty report with the appropriate team, the researcher notified two colleagues and they exploited the bug for larger amounts. In total, they withdrew approximately $3 million worth of cryptocurrency from their accounts.

Kraken approached security researchers and requested the return of the assets they had withdrawn, but they refused. They called Kraken's request unreasonable and unprofessional and demanded that the platform provide an estimate of the damage the bug could cause.

Kraken treats the situation as a criminal case and acts in accordance with the law. Let me know what you think about this situation in the comments! 💬👇