Chief Security Officer at @krakenfx, hacker, @THOTCON OPER, @IamTheCavalry, @DEFCON NOC, @SpiderLabs founder - Opinions are my own, not my employer’s - #bitcoin
Jun 19 • 20 tweets • 4 min read
Kraken Security Update:
On June 9 2024, we received a Bug Bounty program alert from a security researcher. No specifics were initially disclosed, but their email claimed to find an “extremely critical” bug that allowed them to artificially inflate their balance on our platform.
Everyday we receive fake bug bounty reports from people claiming to be “security researchers”. This is not new to anyone who runs a bug bounty program. However, we treated this seriously and quickly assembled a cross functional team to dig into this issue. Here is what we found.
Jun 8, 2019 • 8 tweets • 2 min read
ATTN: There is an organized crime group actively targeting members of the #cryptocurrency industry. You MUST remove mobile phone numbers from your personal email, work email & exchange/bank account recovery processes NOW! 1/ #crypto#bitcoin
They are visiting US-based phone carrier stores with fake IDs and personal information (likely from other data breaches). 2/
Feb 7, 2018 • 15 tweets • 6 min read
Big spike in chatter about #bugbounty programs over the last 48 hours. That’s a very good thing. I would like to share my thoughts on this topic from the experience I’ve had leading security at a company with ~500 software engineers.
First, thanks to folks like @k8em0 & @caseyjohnellis and companies like @Hacker0x01 & @Bugcrowd - #bugbounty programs can built and managed much easier than they could 5 years ago. But if you are someone who is in a position that can implement a program...