Kraken Security Head Reveals $3M Exploit from UX Bug

American cryptocurrency exchange Kraken sustained a $3 million loss in early June following an exploit in its funding system. The breach, attributed to rogue security researchers, was publicly disclosed by Kraken’s Chief Security Officer Nick Percoco on social media.



According to Percoco, Kraken first received a bug report from a purported “security researcher” on June 9. The flaw, stemming from a recent user experience (UX) update, allowed users to credit their accounts before asset clearance, enabling unauthorized real-time trading. Percoco admitted that the UX change had not been tested against this particular attack vector before deployment.



“This UX change was not thoroughly tested against this specific attack vector,” Percoco stated.



Subsequent investigations revealed that the vulnerability had been exploited on three sep


First found on: Cryptonews from Coinatory