Kraken crypto exchange Archives

19th June 2024

CertiK Faces Fallout After Confessing $3 Million Heist From Kraken, What’s Next?

Cryptocurrency exchange Kraken has announced that it has fallen victim to a major security flaw that has resulted in the theft of $3 million worth of digital assets. However, in a surprising turn of events, the party responsible has been identified as CertiK. This blockchain security firm claims to have initially reported the bug through Kraken’s bug bounty program.

CertiK is now accused of exploiting additional vulnerabilities and extorting the exchange for more money, leading to calls for legal action and concerns among crypto investors.

Kraken Security Flaws Exposed

The incident unfolded when Kraken’s Chief Security Officer, Nick Percoco, revealed that the exchange had received a bug report on June 9 from a self-described security researcher. The researcher claimed to have discovered an “extremely critical” bug that allowed them to inflate their balance on the platform artificially.

Upon further investigation, CertiK, which admitted its involvement in the incident in its social media post, uncovered several critical vulnerabilities in Kraken’s systems that could potentially result in losses of hundreds of millions of dollars.

CertiK’s findings revealed shortcomings in Kraken’s deposit system, indicating a failure to differentiate between internal transfer statuses. Furthermore, CertiK’s testing revealed that Kraken failed all these tests, exposing the compromised state of Kraken’s defense-in-depth system.

According to CertiK, “millions of dollars” could be deposited into any Kraken account, and a substantial amount of fabricated cryptocurrency (worth over $1 million) could be withdrawn and converted into valid digital assets.

The security firm also claimed that no alerts were triggered during a “multi-day test period” and that Kraken only responded and blocked the test accounts days after the incident was officially reported.

Following the identification of the vulnerability, CertiK alleges that Kraken’s security operations team “threatened” individual CertiK employees, demanding the repayment of a “mismatched” amount of cryptocurrency within an “unreasonable time frame,” without providing repayment addresses.

However, Kraken’s Percoco countered that they had requested a full accounting of the then-unknown company’s activities and the return of the withdrawn funds. Percoco argued that CertiK’s refusal to comply with these requests violated the rules of ethical hacking and bordered on extortion.

Will CertiK Face Legal Repercussions?

The revelation of this incident has raised surprise and concerns within the cryptocurrency community, leading to calls for legal action against CertiK.

One user accused CertiK of stealing the $3 million funds from Kraken, holding it ransom for a bounty, refusing to return the funds, and now transferring the money to Tornado.cash to protect it from potential seizure by authorities.

Coinbase’s Director, Conor Grogan, pointed out that Tornado.cash is subject to the Office of Foreign Assets Control (OFAC) sanctions and highlighted CertiK’s US domicile, hinting at potential legal repercussions by US agencies.

Market expert Adam Cochran also weighed in, astonished at CertiK’s actions and highlighting the firm’s history of compromised audits. Cochran went further to describe the situation as “Down right criminal.”

The next steps taken by Kraken and potential consequences for CertiK are yet to be seen. However, the involvement of US agencies and potential legal actions loom over the security firm.

The unfolding developments in this case will undoubtedly shape the future of bug bounty programs and impact the relationship between cryptocurrency exchanges and security firms.

Kraken

Featured image from Shutterstock, chart from TradingView.com

9th February 2024

Kraken Notifies XRP Holders Of Potential Benefits From Zakinov Case

Crypto exchange Kraken started notifying affected XRP holders about the potential monetary benefits they could receive from the class action lawsuit against Ripple.

The exchange recently emerged victorious in the Zakinov v. Ripple Case. The exchange successfully intervened to protect its customers’ data from being shared without their consent.

Kraken Begins The Notification Process

Kraken, one of the largest crypto exchanges in the world, intervened in the Zakinov v. Ripple lawsuit, seeking to protect its customer’s privacy and data. The court ruling allowed Kraken to inform the affected users about the class action against Ripple, ultimately giving the customers the option to decide whether to participate in the lawsuit.

Kraken has now begun to notify eligible customers about the potential monetary benefits from the Zakinov v. Ripple lawsuit. The notification is aimed at Kraken users who purchased XRP during the previously established period, as the email stated:

Our records indicate that you have purchased XRP on Kraken between July 2, 2017 and June 30, 2023, which means that it might be within your rights to receive money or benefits that come from the lawsuit, depending on the outcome.

Yassin Mobarak, Dizer Capital Founder, was among the recipients, and he shared part of the email on X (formerly known as Twitter), expressing his surprise about the notification and the possibility of earning a profit from his XRP holdings through the class action lawsuit.

I always thought I would make money from my $XRP holdings, but not like this

PS. First I thought this was a scam email, but now I think it's real. pic.twitter.com/4jhLuUSqEt

— Yassin Mobarak (@Dizer_YM) February 9, 2024

Mobarak expressed his initial disbelief in the email’s legitimacy, as recent phishing attacks exploited official email accounts of actors in the Web3 industry and exposed users to a massive and sophisticated phishing campaign.

The legitimacy of the emails was doubted by several Kraken customers who sought confirmation from the exchange’s official X account. Kraken’s support team confirmed the email as safe and authorized by the exchange.

Next Steps For XRP Holders

Following the notification, Kraken has updated its support page to provide customers with further details about the class action lawsuit.

The exchange addressed doubts such as who the affected parties are, clarifying that it “only applies to class members who purchased XRP within the United States during the relevant class period” and offering further information about the lawsuit:

The lawsuit also claims that persons or entities who purchased XRP during the class period (July 3, 2017, to June 30, 2023) have the right to recover (a) the consideration paid for the XRP, with interest, if they retained the XRP, less the current price of the XRP or upon tendering the XRP, or (b) damages if they sold the XRP at a loss.

Lastly, the exchange presented two options for the affected customers: do nothing or ask for an exclusion from the lawsuit.

As mentioned in the email you received, you have the option to either do nothing or exclude yourself. For more details, please visit the support article linked below.

https://t.co/qGViqcahTw

Best,Kraken Support

— Kraken Support (@krakensupport) February 8, 2024

If the customer decides to do nothing, they will keep the possibility of getting the money or benefits from the lawsuit’s resolution. However, they automatically give up on any rights to sue Ripple separately in the future.

If they decide to be excluded from the class action and the potential benefits, XRP holders maintain the right to sue the defendant and must send a signed “Exclusion Request” statement by April 5, 2024.

XRP, XRPUSDT, Ripple, Kraken

28th December 2022

Prolonged Crypto Winter Pushes Kraken Exchange Out Of Japan

The crypto winter is a drawn-out one exacerbated by the collapse of large players such as Terra and the FTX crypto exchange. As crypto businesses continue to feel the effects of the current bear market, another major player, Kraken, has been affected to the point that it has, once again, put a pause on operations in Japan.

Kraken Consolidating For Crypto The Bear Market

Crypto exchange Kraken plans to stop operations in the Japanese market. The exchange said this in a government publication in the country which states that it will deregister from the Japan Financial Services Agency (JFSA) on Jan. 31, 2023.

The company cites the current global crypto market state as the reason for this move, saying that “the resources needed to further grow our business in Japan aren’t justified at this time.” As such, the exchange plans to stop providing services to users in the country.

The decision comes just a month after Kraken revealed that it was laying off about 30% of its workforce. Given the size of the company and the amount of labor it employs, this came out to about 1,100 employees who lost their jobs at the crypto exchange.

As for its users in Japan, the exchange assured that it would allow users to withdraw all of their funds held on the exchange. Users are advised to withdraw all of their fiat currencies and cryptocurrencies being held on Kraken Japan before the Jan. 31 date. Kraken says it has enough funds to enable all users to withdraw assets.

It further added:

“We value the trust our clients put in us and we will do what we can to minimise the impact of our decision for you. That’s why we are committed to ensure a seamless transition and we hope the information in this email will help you decide what is the best option for you.”

In November, the U.S. Treasury Department’s Office of Foreign Assets Control (OFAC) fined Kraken over $362,000 over sanctions violation for providing access to users in Iran. The crypto exchange agreed to settle for this figure with an additional $100,000 committed to implementing sanctions compliance controls.