According to blockchain security firm CertiK, they have discovered a vulnerability in Kraken’s deposit system. As a result, they are in the process of returning funds to the exchange amidst a dispute over a bug bounty.
Kraken’s Chief Security Officer Nick Percoco revealed that approximately $3 million had been taken from the platform’s wallets due to this bug.
He also claimed that three individuals associated with a research company were responsible for the withdrawals and had refused to return the funds until Kraken disclosed the potential impact of the exploit.
CertiK explained that the vulnerability allowed for millions of dollars to be deposited to any Kraken account, and the fake cryptocurrency could then be withdrawn and converted into valid coins, amounting to over $1 million USD.
The company also stated that no alerts were triggered during their multi-day testing period and that Kraken only responded and locked their test accounts after the disclosure was made.
