The bug resulted in at least $3 million worth of stolen funds, but no user funds were endangered, according to Kraken.