$10 000 000 USD

JUNE 2019




"Kraken is a United States-based cryptocurrency exchange and bank, founded in 2011. The exchange provides cryptocurrency-to-fiat-money trading, and provides price information to Bloomberg Terminal." "As of 2021, Kraken is available to residents of 48 US states and 176 countries, and lists 72 cryptocurrencies available for trade."


"Sign up today and buy 50+ cryptocurrencies in minutes. Get started with as little as $10."


"Earning the trust of our clients has always been our highest priority. We earn that trust through the best security in the business — most of our crypto is held safely in cold wallets so bad actors can't reach it. Our platform provides world class financial stability by maintaining full reserves, healthy banking relationships and the highest standards of legal compliance."


At "the time of [the incidenent], there [was] not more than 75 BTC worth of buy orders above $5,000. On any other reputable exchange or pair, buy orders above $5,000 would likely amount to hundreds, if not thousands of BTC. What this means is that a single order of 100 BTC, let’s say, can absolutely destroy the BTC/CAD pair."


"On June 2, Bitcoin flash-crashed on a major Bitcoin trading platform Kraken." "A screenshot published on Twitter by trader Nick Cote shows a red candle on Friday 31 May, with the price suddenly falling from about $11,000 Canadian dollars to $101, and then immediately returning to the previous quota." "The near vertical drop from $11,200 CAD to $100 CAD within moments initially appeared to have resulted from a technical glitch or a fat-fingered trading error by a whale." A "Bitcoin pair on Kraken, one of the more respected trading platforms in the space, experienced a flash crash, during which BTC lost most of its value and traders scrambled to pick up what remained of the ruined market." "[I]n the minutes that followed, the price stabilized, with the rapid drop not having a material effect on the wider Bitcoin market." "The price instantly pumped back up, leaving little more than a red wick trailing all the way down to the depths."


"This price’s graph of the Canadian dollar/bitcoin pair on Kraken, which is a pair with very small volumes. At the bottom of the screenshot, there is also clearly an incredible surge in volumes in conjunction with the flash crash, which suggests a planned operation."


"Speaking on the crash, exchange boss Jesse Powell tried to allay fears as to whether the drop was an inside job…"


“I think the community has already answered but what keeps us from trading against/front running our own clients is 1. It’s bad for business 2. It’s immoral. An orderly market is one that does not prevent you from making the trade you want to make. We welcome government liquidity.”


"According to a new analysis, however, this might not have been the fault of a faulty algorithm or market maker, but a hacker trying to siphon funds from Kraken." "Some speculate that it was a clever hacker that was using a separate account to place low bids that were market sold into, allowing the hacker to withdraw “clean” Bitcoin that isn’t tied to any hack from the exchange." "In this case, the available evidence suggests a hacker compromised a whale’s account, stole 1200 BTC worth $10.45 million on that date, and then dumped this huge amount of BTC into a highly illiquid BTC/CAD marke[t]." "Beetcoin writes that a hacker used the skimpy order book to his advantage. He suggests that said entity compromised a whale’s account with 1,200 BTC, created orders to purchase BTC against CAD at low prices, and then dumped the hack BTC on the open market to trigger his buy orders on his other account."


"Looks like someone sold 1,155 BTC for $101 each? That's an economic loss of $10m."

On the Kraken platform, there was a very large sell order for 1,200 bitcoin to CAD placed on June 2nd. The majority of the sold bitcoin (1,155 of them) ended up in a single account.


As Kraken has existed since 2011, the most likely explanation is that an early adopter purchased 1,200 bitcoin and left them on the exchange. Their account likely was breached due to not setting up 2FA or any additional security measures. They then sold the funds via the stolen account, to another account they owned.


It is unknown whether Kraken acted to prevent the withdrawal of the bitcoins (and maybe return them), however it should be noted that Kraken does have withdrawal limits in place, and this event was likely to have been noticed by their team.


The primary prevention has to take place in the authentication of accounts, by the use of multi-factor authentication. Kraken does provide these protections and continues to encourage their use.


Other prevention strategies would include preventing transactions above a certain size or more than 20% outside of the present market price.


In cases like this, there is no advantage for the platform nor user to have poor security. Platforms in general already place a strong emphasis and offer the necessary protections for users, though many may not take advantage of them.


Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.