TL; DR
-
An “ethical hacker” found a flaw in Kraken’s code and stole $3 million before reporting it. Now they’re asking for even more.
Full story
There’s nothing worse than trying to do the right thing and having it taken advantage of.
To take Erik from season 16 of Survivor who gave up his immunity chain but was voted out of the match minutes later.
(We are big Survivor fans! Don’t @ us).
Wondering how this all ties into crypto?
The crypto exchange, Kraken, just suffered a similar fate as Erik.
Like most exchanges, Kraken offers a bounty program.
(That is, a way for “ethical hackers” to find bugs and get paid to tell the exchange about them before the exchange is exploited).
But an anonymous, self-proclaimed “security researcher” recently discovered a critical security bug and alerted the cryptocurrency exchange… after exploiting the bug for $3 million.
While a typical bounty program might pay tens or even hundreds of thousands of dollars for finding a bug, $3 million isn’t even in the ballpark for Kraken.
In the words of Kraken Chief Security Officer Nicholas Percoco: βThis is extortion!β
The good news is that Kraken’s security team has now fixed the bug; and apparently no users’ money was accessed or stolen (the $3 million came from Kraken’s treasury fund).
All we can say to the ‘security researcher’ is: come on, do the right thing and give that money back! The tribe has spoken.
(Too far? Yes k).