Nick Percoco, Kraken’s chief security officer, said the Crypto exchange recovered the money stolen due to a technological fault.
Percoco said on X on June 20 that the exchange had successfully recovered the monies. The security research firm engaged in the incident was named Certik in previous disclosures, albeit the Kraken CSO did not specify where they learned of this information.
After finding a bug, Kraken accused the security research company of being behind the accounts that stole money from the exchange’s treasury.
What took place?
On June 19, Certik published a statement on X identifying the members of its staff who had been in touch with Kraken regarding a serious problem found in the exchange’s accounts system.
Certik added that the flaw would have enabled hackers to obtain millions of dollars worth of digital assets from Kraken. It’s interesting to note that research company employees had gone on to remove $3 million from Kraken using this identical weakness.
Then, they insisted that the bug bounty be honored by the exchange. According to Kraken and Certik’s post, the employees in question refused to return the money when requested. The platform noted:
“After initial successful conversions on identifying and fixing the vulnerability, Kraken’s security operation team has threatened individual CertiK employees to repay a mismatched amount of crypto in an unreasonable time even without providing repayment addresses”
Kraken called this extortion rather than honest actions of a white hat hackers.
Certik Offered to Return Funds
Later, Certik announced on X that the aforementioned amounts would be transferred to a wallet accessible by Kraken. According to its statement:
“Since Kraken has not provided repayment addresses and the requested amount was mismatched, we are transferring the funds based on our records to an account that Kraken will be able to access.”
The money was recovered, the Kraken announced on Thursday, with a tiny amount lost to fees. Kraken informed customers in a previous report that no user cash were lost during the bug incident.
