CertiK Resolves Extortion Accusations as Kraken Recovers $3M
Cryptocurrency exchange Kraken announced on June 20th that they have successfully retrieved nearly $3 million worth of digital assets from blockchain security firm CertiK, following allegations of extortion that had overshadowed their white-hat hack.
Kraken’s Chief Security Officer Nick Percoco shared the news of the funds’ return on X, mentioning that the amount spent on transaction fees would be deducted from the recovered funds.
The missing $3 million was initially reported by Kraken’s CSO on June 19th, who claimed that a “security researcher” had maliciously withdrawn the funds from the treasury after discovering and disclosing an existing bug.
Kraken accused the security researcher of extortion, stating that they refused to return the funds and demanded a reward along with a call with the exchange’s business development team.
CertiK Clarifies the Accusations
Shortly after Kraken’s announcement, CertiK revealed themselves as the “security researcher” in question, aiming to challenge the allegations and dispel any notions of malicious intent.
In a post on X on June 19th, CertiK informed Kraken of an exploit that allowed them to remove millions of dollars from the exchange’s accounts. They also claimed to have been threatened by Kraken’s security operation team.
To provide clarity, CertiK released a timeline of events, covering the entire discourse from identifying the exploit on June 5th.
Why Withdraw $3M?
Kraken’s CSO initially stated that a first malicious transfer of just $4 would have been enough to prove the bug and earn “sizable rewards” from Kraken’s bounty program.
The security researcher, later revealed to be CertiK, minted nearly $3 million into their Kraken accounts instead.
Following the return of the $3 million, CertiK addressed many prominent questions surrounding the situation. They explained their justification for the large sum, stating that they wanted to test the limit of Kraken’s protection and risk controls.
CertiK also clarified that they had no intentions of bringing a bounty into the picture and highlighted that their efforts were not at the expense of any Kraken users.
Despite their claimed innocence, the situation has sparked debate about the nature of ethical hacking, proper communication protocols, and the appropriate handling of discovered vulnerabilities.
Subscribe to Updates
Get the latest creative news from FooBar about art, design and business.
Related Posts
Add A Comment