Kraken

Kraken
Security Labs

Kraken is the most secure digital asset exchange because we live and breathe security – in fact, we have multiple world-class teams dedicated to testing our products and services. 

 

However secure we might be, though, we know our success is linked to the success of others within the cryptocurrency community.

Kraken Security Labs

Kraken
Security Labs

That’s why we created Kraken Security Labs, an elite team of security researchers that aims to protect and grow the cryptocurrency ecosystem by:

Beaker

일반적인 타사 제품 및 서비스 테스트

Tools

Working with vendors to fix those issues

Loudspeaker

Informing the public about ways they can best protect themselves

A Commitment to Responsible Disclosure

When a security researcher finds a vulnerability, the best practice is to contact the vendor so the vendor can fix the issue.

 

While simple in theory, many issues can arise in practice:

 

What if the affected vendor doesn’t respond?

 

Maybe the vendor doesn’t want to acknowledge the issue or they do not have a bug bounty program.

 

 

How long should the vendor be given to fix the issue?

 

Some security issues are not easy to fix and vendors often want to prioritize new features instead of fixing problems.

 

 

연구자가 대중에게 문제들을 공개해야 할까요? 만일 그렇다면 언제 해야 할까요?

 

모든 화이트해커들은 그들이 찾은 문제가 알려져 범죄자들에게 악용되는 것을 우려합니다. 공급 업체가 문제에 대한 해결책을 마련하지 못했을 때마다 대중은 이에 대해 무지하며 자신들을 보호할 지식을 갖고 있지 않은 상황에 놓이게 됩니다. 대중에게 문제를 공개하는 것이 공급 업체들이 문제 해결에 뛰어들 수 있는 연구자들이 갖는 유일한 방법입니다.

Kraken Security Labs

Simply put, disclosing vulnerabilities responsibly means something different to everyone – it’s inherently difficult to balance the needs of vendors and users.  

 

We strongly believe it’s essential for research teams like us to partner with vendors to fix issues in their products and disclose them to the public.

 

In pursuit of that goal, Kraken Security Labs has disclosed and worked with vendors to fix issues across a wide range of cryptocurrency products and services. The details of our vulnerability disclosure policy are published here

Cryptocurrency Hardware Wallets

저희는 고객님이 저희를 포함하여 그 어떤 거래소에도 고객님의 모든 자금을 보관하는 것을 추천하지 않습니다. 

 

이 때문에 저희는 고객들에게 암호화 자산을 저장하고 자체 관리할 수 있는 기능을 제공하고 있는 제품들을 정기적으로 구매하고 테스트합니다. 

 

저희는 다음 제품들에 대한 문제 및 권고 사항을 게시하였습니다:

Cryptocurrency Services

At Kraken, we encourage all our clients to test and verify any cryptocurrency service they might decide to trust with their funds or data.

 

We’ve published issues and advisories for the following services: 

Our Disclosure Philosophy

Hearing conflicting reports about a Kraken Security Labs disclosure? 

 

Know it’s common for vendors and researchers to disagree on the severity of an issue. 

 

Put simply, researchers want their work to have maximum impact, while vendors typically want to downplay the extent of the issue. 

 

 

Interpreting Severity

 

Security vulnerabilities are typically given a severity range from Low to Critical, but not all vulnerabilities disclosed by Kraken Security Labs or other researchers will be Critical. 

 

Still, we believe it is crucial these faults be exposed.

 

Even a handful of low, medium and high severity vulnerabilities might be used by an attacker in a coordinated way to result in a big impact to the target device.

Compounding Benefits

 

Releasing these findings can power additional work. 

 

It’s common for security researchers to build upon the work of others, to release issues that should be fixed but don’t allow full compromise and to release research that the vendor doesn’t immediately think is worth fixing. 

 

Because of this, it would not be responsible for a security researcher to remain quiet because they did not find an issue of Critical severity. 

 

We strive to put out disclosures that are as understandable and transparent as possible to the public, so that you can make informed choices as to the severity of the issue.

Follow Us!

To follow our work and remain up-to-date on our announcements, bookmark our official blog or enter your email address to subscribe and receive notifications of new posts by email.