CertiK revealed it identified a $3 million Kraken exploit and claimed Kraken threatened them after reporting the issue.
CertiK, a blockchain security firm, has disclosed that it is the “security researcher” that Kraken, a cryptocurrency exchange, claimed misappropriated $3 million in digital assets.
CertiK disclosed an exploit that had enabled it to withdraw millions of dollars from Kraken’s accounts in a post on June 19, as reported by X. Nicholas Percoco, the Chief Security Officer of Kraken, asserted that an unidentified security team, which was not identified as CertiK at the time, had engaged in “extortion” by refusing to return any funds until the exchange agreed to provide “a speculated $ amount that this bug could have caused if they had not disclosed it.”
“Kraken’s security operation team has THREATENED individual CertiK employees to repay a MISMATCHED amount of crypto in a UNREASONABLE time, even without providing repayment addresses, after initial successful conversions on identifying and fixing the vulnerability,” stated CertiK.
“We are making this information public in order to safeguard the security of all users and demonstrate our dedication to the Web3 community and the spirit of transparency.” We strongly encourage [Kraken] to discontinue any threats directed at white-hat hackers.
The security firm published a timeline of events that commences with the identification of the exploit on June 5 and concludes with allegations that Kraken intimidated a CertiK employee on June 18. CertiK declared in a statement that it intended to transfer the funds to an account that Kraken would have access to.
Many crypto users initially expressed their support for Kraken, asserting that CertiK’s actions were not comparable to those of white-hat hackers. It is uncertain whether Kraken has a legitimate basis for taking legal action.
In April, CertiK disclosed that illicit activity had resulted in the loss of approximately $1 billion in digital assets in 2023. The company has previously identified vulnerabilities in the Telegram app and the Wormhole bridge on Aptos.
