Connect with us

News

Cryptocurrency exchange Kraken hit by $3 million theft exploiting zero-day flaw

BlockChainBulletin Staff

Published

on

Zero-Day Flaw

Cryptocurrency exchange Kraken has revealed that an anonymous security researcher exploited a “highly critical” zero-day flaw in its platform to steal $3 million in digital assets and refuse to return them.

The details of the accident were shared from Kraken Chief Security Officer Nick Percoco on other details

Within minutes of receiving the alert, the company said it had identified a security flaw that essentially allowed an attacker to “initiate a deposit on our platform and receive funds into their account without fully completing the deposit.”

While Kraken stressed that no customer assets were at risk from the issue, it could have allowed a threat actor to print assets into their accounts. The problem was resolved within 47 minutes, he said.

Cyber ​​security

It further said that the flaw stems from a recent user interface change that allows customers to deposit funds and use them before they are liquidated.

On top of that, further investigation uncovered the fact that three accounts, including one belonging to the alleged security researcher, had exploited the flaw within days of each other and stolen $3 million.

“This individual discovered the bug in our funding system and exploited it to credit his account with $4 in cryptocurrency,” Percoco said. “This would have been enough to prove the flaw, file a bug bounty report with our team, and collect a very sizable reward under the terms of our program.”

“Instead, the ‘security researcher’ disclosed this bug to two other people they worked with who fraudulently generated much larger sums. They ultimately withdrew nearly $3 million from their Kraken accounts. This came from Kraken’s treasuries, not from other customer assets.”

In a strange turn of events, when they were contacted by Kraken to share their proof-of-concept (PoC) exploit used to create the on-chain asset and to arrange the return of funds they had withdrawn, they instead requested that The company contacts its business development team to pay a set amount in order to free up the resources.

“This is not white hat hacking, it is extortion,” Percoco said, urging affected parties to return the stolen funds.

The company’s name was not revealed, but Kraken said it is treating the security event as a criminal case and is coordinating with law enforcement on the matter.

“As a security researcher, your license to ‘hack’ a company is enabled by following the simple rules of the bug bounty program you are participating in,” Percoco noted. “Ignoring these rules and extorting money from the company revokes your ‘license to hack’. It makes you and your company criminals.”

CertiK responds

Blockchain security firm CertiK has come forward as the entity behind the Kraken breach, claiming to have detected several critical flaws that made it possible to mint (i.e. fabricate) cryptocurrencies on any account, which could then be withdrawn and converted into valid crypto assets. .

“Millions [of] Cryptocurrency dollars were minted [thin] air, and no actual Kraken users were directly involved in our research activities,” the company said he wrote on X, defending his actions.

“For several days, with many fabricated tokens generated and withdrawn into valid cryptocurrencies, no risk control or prevention mechanism was activated until it was reported by CertiK. The real question should be why the Kraken’s thorough defense failed to detect so many test transactions. Continuous large withdrawals from several test accounts were part of our tests.”

Cyber ​​security

CertiK further alleged that “Kraken’s security operations team has THREATENED individual CertiK employees to refund an INCORRECT amount of cryptocurrency in an UNREASONABLE time frame even WITHOUT providing refund addresses.”

That said, there is also some evidence emerged that a CertiK researcher may have conducted investigations and tests as early as May 27, 2024, contradicting the company’s timeline of events.

The development comes as Kraken, in a blog post, accused the “third-party security research firm” to exploit the flaw for profit before reporting it. The now-fixed security vulnerability “allowed some users, for a short period of time, to artificially increase the value of their Kraken account balance without fully completing a deposit.”

Funds returned to Kraken

Kraken CSO Nick Percoco, June 20, published an update stating that all funds have been returned to the company, with a small amount lost due to fees. The company later distributed the recovered $2.9 million to its users via a USDT airdrop.

Did you find this article interesting? Follow us on Twitter AND LinkedIn to read the most exclusive content we publish.


Fuente

We are the editorial team of Blockchainbulletin, where seriousness meets clarity in cryptocurrency analysis. With a robust team of finance and blockchain technology experts, we are dedicated to meticulously exploring complex crypto markets with detailed assessments and an unbiased approach. Our mission is to democratize access to knowledge of emerging financial technologies, ensuring they are understandable and accessible to all. In every article on Blockchainbulletin, we strive to provide content that not only educates, but also empowers our readers, facilitating their integration into the financial digital age.

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Información básica sobre protección de datos Ver más

  • Responsable: Miguel Mamador.
  • Finalidad:  Moderar los comentarios.
  • Legitimación:  Por consentimiento del interesado.
  • Destinatarios y encargados de tratamiento:  No se ceden o comunican datos a terceros para prestar este servicio. El Titular ha contratado los servicios de alojamiento web a Banahosting que actúa como encargado de tratamiento.
  • Derechos: Acceder, rectificar y suprimir los datos.
  • Información Adicional: Puede consultar la información detallada en la Política de Privacidad.

News

Cryptocurrency Price August 1: Bitcoin Dips Below $65K; Solana, XRP Down Up To 8%

BlockChainBulletin Staff

Published

on

WhatsApp Banners

Major cryptocurrencies fell in Thursday trading following the Federal Reserve’s decision to keep its key interest rate unchanged. Overnight, the U.S. Federal Reserve kept its key interest rate at 5.25-5.5% for the eighth consecutive time, as expected, while also signaling the possibility of a rate cut at its next meeting in September. The unanimous decision by the Federal Open Market Committee reflects a continued wait-and-see approach as it monitors inflation trends.

CoinSwitch Markets Desk said: “Bitcoin has fallen below $65,000 after the US Federal Reserve announced it would keep interest rates unchanged. However, with markets now anticipating rate cuts at the next Federal Reserve meeting in September, the outlook for a Bitcoin rally by the end of the year has strengthened.”

Meanwhile, CoinDCX research team said: “The crypto market has plunged after the Fed decision. Tomorrow’s US unemployment rate announcement is expected to induce more volatility, with the ‘actual’ figure coming in higher than the ‘expected’ one, which is positive for cryptocurrencies.”

At 12:21 pm IST, Bitcoin (BTC) was down 3.2% at $64,285, while Ethereum was down nearly 4.5% at $3,313. Meanwhile, the global market cryptocurrency The market capitalization fell 3.6% to around $2.3 trillion in the last 24 hours.

“Bitcoin needs to clear its 200-day EMA at $64,510 to consolidate further. Otherwise, a retest of $62,000 could be in the cards,” said Vikram Subburaj, CEO of Giottus.

Altcoins and meme coins, such as BNB (3%), Solana (8%), XRP (5.7%), Dogecoin (5%), Cardano (4.6%), Avalanche (4.3%), Shiba Inu (3.8%), Polkadot (3.4%), and Chainlink (4%) also saw declines.

The volume of all stablecoins is now $71.64 billion, which is 92.19% of the total cryptocurrency market volume in 24 hours, according to data available on CoinMarketCap. Bitcoin’s dominance is currently 54.99%. BTC volume in the last 24 hours increased by 23.3% to $35.7 billion.

(Disclaimer: Recommendations, suggestions, opinions and views provided by experts are personal. They do not represent the views of the Economic Times)

(You can now subscribe to our )

Fuente

Continue Reading

News

Altcoins WIF, BONK, RUNE, JUP Down 10% While Bitcoin Drops 4%

BlockChainBulletin Staff

Published

on

Altcoins WIF, BONK, RUNE and JUP drop 10% as Bitcoin recedes 4%

Altcoins dogwifhat, Bonk, THORChain, and Jupiter have suffered losses of more than 10%, while Bitcoin is down 4% in the last 24 hours.

After a period of relative calm yesterday, July 31, Bitcoin (BTC) price action has seen a drastic change as the cryptocurrency dropped by more than $3,500, bringing its value to $63,300. At the same time, altcoins mirrored this trend, with the total value of liquidated positions rising to nearly $225 million over the course of the day.

Initially, the week started on a positive note for Bitcoin, which reached its highest point since early June, hitting $70,000. However, this peak was short-lived, as it was quickly rejected, leading to a substantial decline, with Bitcoin falling below $65,500.

The cryptocurrency managed to regain some stability, trading comfortably at around $66,800. However, following a Press conference According to Federal Reserve Chairman Jerome Powell, the value of Bitcoin has fallen again to $64,300, down more than 3% in 24 hours.

BTC Price Chart 24 Hours | Source: crypto.news

The recession coincided with a relationship from the New York Times stating that Iran had called for retaliatory measures against Israel following the assassination of Hamas leader Ismail Haniyeh in Tehran, increasing the risk of further conflict in the region.

Meanwhile, on the economic front, the Federal Reserve decided to keep its benchmark interest rates in place, offering little information on a planned September rate cut. Powell also hinted that while no concrete decisions have been made on the September adjustment, there is growing consensus that a rate cut is likely.

Amid Bitcoin’s decline, altcoins have suffered even more significant losses. For example, dogwifhat (Wife) saw a 12.4% drop and (DISGUST) has suffered a 10% drop. Other altcoins such as THORChain (RUNE) also fell by 10%, while Jupiter (JUPITER) and the Ethereum naming service (ENS) decreased by 8% and 9% respectively.

Among the largest-cap cryptocurrencies, the biggest losers are Solana (SOL) with a decrease of 8%, (Exchange rate risk) down 6%, Cardano (ADA) down 4%, and both Ethereum (ETH) and Dogecoin (DOGE) recording a decrease of 4.4%.

Data from CoinGlass indicates that approximately 67,000 traders have been negatively impacted by this increased volatility. BTC positions have seen $61.85 million in liquidations, while ETH positions have faced $61 million. In total, the value of liquidated positions stands at $225.4 million at the time of writing.

Fuente

Continue Reading

News

Riot Platforms Sees 52% Drop in Bitcoin Production in Q2

BlockChainBulletin Staff

Published

on

Riot Platforms posts 52% decrease in Bitcoin production for Q2

Bitcoin mining firm Riot Platforms has released its second-quarter financial results, highlighting a decline in cryptocurrency mined due to the recent halving.

Colorado-based Bitcoin (BTC) mining company Riot platforms revealed its second quarter financial results, highlighting a significant reduction in mined cryptocurrencies attributed to the recent halving event that took place in early April.

The company reported total revenue of $70 million for the quarter ended July 31, a decline of 8.7% compared to the same period in 2023. Riot Platforms attributed the revenue decline primarily to a $9.7 million decrease in engineering revenue, which was partially mitigated by a $6 million increase in Bitcoin extraction income.

During the quarter, the company mined 844 BTC, representing a decline of over 50% from Q2 2023, citing the halving event and increasing network difficulty as major factors behind the decline. Riot Platforms reported a net loss of $84.4 million, or $0.32 per share, missing Zacks Research forecast a loss of $0.16 per share.

Halving increases competitive pressure

The Colorado-based firm said the average cost of mining one BTC in the second quarter, including energy credits, rose to $25,327, a remarkable 341% increase from $5,734 per BTC in the same quarter of 2023. Despite this significant increase in production costs, the firm remains optimistic about maintaining competitiveness through recent deals.

For example, following the Recent acquisition Cryptocurrency firm Block Mining, Riot has increased its distributed hash rate forecast from 31 EH/s to 36 EH/s by the end of 2024, while also increasing its 2025 forecast from 40 EH/s to 56 EH/s.

Riot Platforms Hashrate Growth Projections by 2027 | Source: Riot Platforms

Commenting on the company’s financials, Riot CEO Jason Les said that despite the halving, the mining company still managed to achieve “significant operational growth and execution of our long-term strategy.”

“Despite this reduction in production available to all Bitcoin miners, Riot reported $70 million in revenue for the quarter and maintained strong gross margins in our core Bitcoin mining business.”

Jason Les

Following its Q2 financial report, Riot Platforms shares fell 1.74% to $10.19, according to Google Finance data. Meanwhile, the American miner continues to chase Canadian rival Bitfarms, recently acquiring an additional 10.2 million BITF shares, increasing its stake in Bitfarms to 15.9%.

As previously reported by crypto.news, Riot was the first announced a $950 million takeover bid for Bitfarms in late May, arguing that Bitfarms’ founders were not acting in the best interests of all shareholders. They said their proposal was rejected by Bitfarms’ board without substantive engagement.

In response, Bitfarms She said that Riot’s offer “significantly understates” its growth prospects. Bitfarms subsequently implemented a shareholder rights plan, also known as a “poison pill,” to protect its strategic review process from hostile takeover attempts.

Fuente

Continue Reading

News

Aave Price Increases Following Whales Accumulation and V3.1 Launch

BlockChainBulletin Staff

Published

on

Aave price surges amid whale accumulation and V3.1 launch

Decentralized finance protocol Aave is seeing a significant spike in whale activity as the market looks to recover from the recent crash that pushed most altcoins into key support areas earlier this week.

July 31, Lookonchain shared details indicating that the whales had aggressively accumulated Aave (AAVE) over the past two days. According to the data, whales have withdrawn over 58,848 AAVE worth $6.47 million from exchanges during this period.

In one instance, whale address 0x9af4 withdrew 11,185 AAVE worth $1.23 million from Binance. Meanwhile, another address moved 21,619 AAVE worth over $2.38 million from the exchange and deposited the tokens into Aave.

These withdrawals follow a previous transfer of 26,044 AAVE from whale address 0xd7c5, amounting to over $2.83 million withdrawn from Binance.

AAVE price has surged over 7% in the past 24 hours amid buy-side pressure from these whales. The DeFi token is currently trading around $111 after jumping over 18% in the past week.

Recently, the price of AAVE increased by over 8% after Aave founder Marc Zeller announced a proposed fee change aimed at adopting a buyback program for AAVE tokens.

Aave v3.1 is available

The total value locked in the Aave protocol currently stands at around $22 billion. According to DeFiLlamaApproximately $19.9 billion is on Aave V3, while the V2 chain still holds approximately $1.9 billion in TVL and V1 approximately $14.6 million.

Aave Labs announced Previously, Aave V3.1 was made available on all networks with active Aave V3 instances.

V3.1 features improvements that are intended to improve the overall security of the DeFi protocol. The Aave DAO governance has approved the v3.1 improvements, which also include operational efficiency and usability for the network.

Meanwhile, Aave Labs recently outlined a ambitious roadmap for the projectwith a 2030 vision for Aave V4, among other developments.

Fuente

Continue Reading

Trending

Copyright © 2024 BLOCKCHAINBULLETIN.ORG. All rights reserved. This website provides educational content and highlights that investing involves risks. It is essential to conduct thorough research before investing and to be prepared to assume potential losses. Be sure to fully understand the risks involved before making investment decisions. Important: We do not provide financial or investment advice. All content is presented for educational purposes only.