Here Are Lessons To Learn From CertiK’s Dispute With Kraken
The post Here Are Lessons To Learn From CertiK’s Dispute With Kraken appeared on BitcoinEthereumNews.com. White hat hacking is a crucial component of cybersecurity, but it can come with controversy — as recently illustrated in CertiK’s dispute with Kraken. White hat hacking, or ethical hacking, is a crucial component of cybersecurity. It’s hacking that allows “good guys” to dissect applications, report security vulnerabilities to vendors, and use the information to improve the ecosystem’s security posture. This is not a unique concept in blockchain. it exists in places including the cloud, artificial intelligence, operating system security and more. However, in all cases, vendors and security researchers have created a delicate but powerful relationship based on the balancing act of trust. In the blockchain space, auditors such as Trail of Bits, Halborn, and Open Zeppelin have been analyzing and repairing various smart contracts for years and have operated with utmost professionalism, building a strong sense of trust. CertiK And Kraken’s Dispute On May 17, researchers from CertiK discovered a vulnerability in Kraken’s Digital Asset Exchange balance calculation and deposit mechanism. CertiK recently identified a series of critical vulnerabilities in @krakenfx exchange which could potentially lead to hundreds of millions of dollars in losses. Starting from a finding in @krakenfx‘s deposit system where it may fail to differentiate between different internal… pic.twitter.com/JZkMXj2ZCD — CertiK (@CertiK) June 19, 2024 The Kraken Security Team rightly defined this as a critical issue and reported it resolved within 47 minutes. While seemingly innocent at first, this type of vulnerability allows attackers to “double spend,” meaning they have the ability to fake a deposit into the exchange. Once their balance on the exchange mistakenly updates, they then turn around and withdraw the same amount. This act removes money from the exchange’s main treasury wallet (which is what the majority of centralized exchanges use to manage custodial funds, similar to banks). CertiK also published…
The post Here Are Lessons To Learn From CertiK’s Dispute With Kraken appeared on BitcoinEthereumNews.com.
White hat hacking is a crucial component of cybersecurity, but it can come with controversy — as recently illustrated in CertiK’s dispute with Kraken. White hat hacking, or ethical hacking, is a crucial component of cybersecurity. It’s hacking that allows “good guys” to dissect applications, report security vulnerabilities to vendors, and use the information to improve the ecosystem’s security posture. This is not a unique concept in blockchain. it exists in places including the cloud, artificial intelligence, operating system security and more. However, in all cases, vendors and security researchers have created a delicate but powerful relationship based on the balancing act of trust. In the blockchain space, auditors such as Trail of Bits, Halborn, and Open Zeppelin have been analyzing and repairing various smart contracts for years and have operated with utmost professionalism, building a strong sense of trust. CertiK And Kraken’s Dispute On May 17, researchers from CertiK discovered a vulnerability in Kraken’s Digital Asset Exchange balance calculation and deposit mechanism. CertiK recently identified a series of critical vulnerabilities in @krakenfx exchange which could potentially lead to hundreds of millions of dollars in losses. Starting from a finding in @krakenfx‘s deposit system where it may fail to differentiate between different internal… pic.twitter.com/JZkMXj2ZCD — CertiK (@CertiK) June 19, 2024 The Kraken Security Team rightly defined this as a critical issue and reported it resolved within 47 minutes. While seemingly innocent at first, this type of vulnerability allows attackers to “double spend,” meaning they have the ability to fake a deposit into the exchange. Once their balance on the exchange mistakenly updates, they then turn around and withdraw the same amount. This act removes money from the exchange’s main treasury wallet (which is what the majority of centralized exchanges use to manage custodial funds, similar to banks). CertiK also published…
What's Your Reaction?
