TL;DR
-
An ‘ethical hacker’ found a bug in Kraken’s code, and before reporting it, stole $3M – now they’re asking for even more.
Full Story
There’s nothing worse than trying to do the right thing, and then getting taken advantage of.
Take Erik from Season 16 of Survivor who gave up his immunity necklace, only to be voted out of the game minutes later.
(We’re huge Survivor fans! Don’t @ us).
Wondering how this all relates to crypto?
The crypto exchange, Kraken, just suffered from a similar fate to Erik.
As most exchanges do, Kraken offers a bounty program.
(I.e. a way for ‘ethical hackers’ to find bugs and be paid to tell the exchange about them, before the exchange gets exploited).
But, an anonymous self-proclaimed ‘security researcher’ recently found a critical security bug and alerted the cryptocurrency exchange…after exploiting the bug for $3M.
Where a typical bounty program may pay tens or even hundreds of thousands of dollars for finding a bug, $3M is not even within the ballpark for Kraken.
In Nicholas Percoco, Chief Security Officer of Kraken’s words: “This is extortion!”
The good news is that the security team at Kraken have now fixed the bug; and apparently no users’ funds were accessed or stolen (the $3M was from Kraken’s treasury fund).
All we can say is, to the ‘security researcher’ out there: c’mon – do the right thing and return those funds! The tribe has spoken.
(Too far? Yeah k).