Experts from the company CertiK, specializing in blockchain security, identified several critical vulnerabilities in the centralized exchange Kraken. They reported that these vulnerabilities could lead to losses of hundreds of millions of US dollars (USD). Additionally, the specialists stated that representatives of the exchange threatened them. The experts pointed out a vulnerability in the deposit system.
The CertiK team conducted a thorough investigation into three main issues: the possibility for an attacker to fabricate a deposit transaction, withdraw fake funds, and the risk control and asset protection measures activated when requesting a large sum transfer.
After CertiK notified Kraken of the issues, the exchange's security service classified the incident as «critical», the highest level of danger for the platform.
Despite resolving the issue, Kraken's security team threatened individual CertiK employees, stating they would not pay the due reward. Furthermore, Kraken did not specify the transfer deadlines and did not request addresses for sending the reward.
Comments