To be clear, no clients assets were ever at risk.
The team also thoroughly tested the solution to guard against similar issues in the future.
This UX change was not thoroughly tested against this specific attack vector, Percoco added.
He emphasized that these stolen funds were from Krakens treasuries, and no other client accounts.
Instead, they demanded a call with their business development team (i.e.
This is not white-hat hacking, it is extortion!
Krakens response to the incident has been transparent.
Ignoring those rules and extorting the company revokes your license to hack.
Percoco says Kraken is not revealing the researchers identities as they dont deserve recognition for their actions.
source: www.techworm.net
