Turner Wright5 hours agoCertiK identified Kraken exploit, claims exchange ‘threatened’ its teamThe security firm said it was transferring the digital assets obtained in the exploit of Kraken back to the exchange, but many crypto users questioned its motives.1144 Total views5 Total sharesListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTJoin us on social networksBlockchain security firm CertiK has gone public, identifying itself as the “security researcher” that cryptocurrency exchange Kraken claimed stole $3 million worth of digital assets.
In a June 19 X post, CertiK said it had informed Kraken of an exploit that allowed it to remove millions of dollars from the exchange’s accounts. Kraken chief security fficer Nicholas Percoco claimed that an unnamed security team — not revealed to be CertiK at the time — had committed “extortion” by refusing to return any funds until the exchange agreed to provide “a speculated $ amount that this bug could have caused if they had not disclosed it.”
“After initial successful conversions on identifying and fixing the vulnerability, Kraken’s security operation team has THREATENED individual CertiK employees to repay a MISMATCHED amount of crypto in an UNREASONABLE time even WITHOUT providing repayment addresses,” said CertiK. “In the spirit of transparency and our commitment to the Web3 community, we are going public to protect all users’ security. We urge [Kraken] to cease any threats against whitehat hackers.”
The security firm posted a timeline of events, starting with identifying the exploit on June 5 and ending with claims Kraken threatened a CertiK employee on June 18. In a statement to Cointelegraph, CertiK said it planned to transfer the funds “to an account that Kraken will be able to access.”
Related: Crypto phishing attacks reached ‘alarming levels’ — CertiK co-founder
Initial reactions from many crypto users seemed to support Kraken, claiming that CertiK’s actions were not akin to white hat hackers. It’s unclear if Kraken has grounds for pursuing legal action.Source: Lefteris Karapetsas
CertiK reported in April that there had been roughly $1 billion in digital assets lost to illicit activity in 2023. The firm has previously identified vulnerabilities in the Wormhole bridge on Aptos and the Telegram app.
Magazine:Crypto audits and bug bounties are broken: Here’s how to fix them# Kraken# Business# Hackers# Cryptocurrency Exchange# HacksAdd reaction