CertiK, the Web3 cybersecurity firm, has exploited a vulnerability in Kraken’s software to siphon away million. Kraken has accused CertiK of not returning the funds and trying to extort it for unreasonable amounts. On June 9, CertiK siphoned away the million despite making a minute transaction of just , which was enough to alert Kraken. So, the exchange felt there was no reason to drain its treasury of the millions. No user funds were affected during this fiasco. Nick Percoco, Chief Security Officer at Kraken, posted online, “In the essence of transparency, we are disclosing this bug to the industry today. We are being accused of being unreasonable and unprofessional for requesting that “white-hat hackers” return what they stole from us. Unbelievable.” He made numerous posts on
Topics:
Suraj Manohar considers the following as important: Exchange News, News, Security & Ransomware
This could be interesting, too:
Suraj Manohar writes Coinbase Strikes Deal with Stripe for Stablecoin Integration
Suraj Manohar writes No Mention of Crypto in the First Presidential Debate
Suraj Manohar writes VanEck Wants to Issue SOL ETFs in the US
Suraj Manohar writes The EU Will Enforce Strict Stablecoin Regulations by June End
CertiK, the Web3 cybersecurity firm, has exploited a vulnerability in Kraken’s software to siphon away $3 million. Kraken has accused CertiK of not returning the funds and trying to extort it for unreasonable amounts.
On June 9, CertiK siphoned away the $3 million despite making a minute transaction of just $4, which was enough to alert Kraken. So, the exchange felt there was no reason to drain its treasury of the millions. No user funds were affected during this fiasco.
Nick Percoco, Chief Security Officer at Kraken, posted online, “In the essence of transparency, we are disclosing this bug to the industry today. We are being accused of being unreasonable and unprofessional for requesting that “white-hat hackers” return what they stole from us. Unbelievable.”
He made numerous posts on June 19 addressing the tumult but refrained from namedropping CertiK. Instead, he referred to the cybersecurity firm as ‘white-hat hackers’ and a ‘security researcher.’ CertiK went public shortly after to reveal that it was the ‘security researcher’ that Kraken’s Chief Security Officer spoke about while they divulged the bug bounty gone wrong to the crypto community.
CertiK posted on X their revelations about how serious the bug was and how it took Kraken days to figure out what had happened, which they did only after CertiK informed them of the issue. In that same post, CertiK accused Kraken of threatening its employees to return a mismatched amount of the obtained funds. “Kraken’s security operation team has THREATENED individual CertiK employees to repay a MISMATCHED amount of crypto in an UNREASONABLE time even WITHOUT providing repayment addresses.”
Furthermore, CertiK claimed Kraken never offered them a repayment address despite threatening its employees to return the crypto. So, CertiK has stated it will be “transferring the funds based on our records to an account that Kraken will be able to access.” Nevertheless, many in the community have questioned CertiK’s approach to dealing with the vulnerability when Kraken has strict rules for its bug bounty program.