CertiK Clears up Extortion Allegations as Kraken Recovers $3M

CertiK Kraken White-hat
Last updated:
Junior Content Creator
Junior Content Creator
Harvey Hunter
About Author

Harvey Hunter is a Junior Content Creator at Cryptonews.com. With a background in Computer Science, IT, and Mathematics, he seamlessly transitioned from tech geek to crypto journalist.

Last updated:
Why Trust Cryptonews
Cryptonews has covered the cryptocurrency industry topics since 2017, aiming to provide informative insights to our readers. Our journalists and analysts have extensive experience in market analysis and blockchain technologies. We strive to maintain high editorial standards, focusing on factual accuracy and balanced reporting across all areas - from cryptocurrencies and blockchain projects to industry events, products, and technological developments. Our ongoing presence in the industry reflects our commitment to delivering relevant information in the evolving world of digital assets. Read more about Cryptonews
Ad DisclosureWe believe in full transparency with our readers. Some of our content includes affiliate links, and we may earn a commission through these partnerships.

Cryptocurrency exchange Kraken confirmed on June 20 the recovery of nearly $3 million in digital assets from blockchain security firm CertiK following extortion allegations that had overshadowed their white-hat hack.Kraken’s Chief Security Officer Nick Percoco took to X to announce the return of the funds, minus the amount spent on transaction fees.

Kraken’s CSO first reported the $3 million in missing funds on June 19, stating that a “security researcher” had maliciously withdrawn them from the treasury after discovering and disclosing an existing bug.

Kraken alleged that the security researcher had extorted them, refusing to return the funds and demanding a reward along with a call with the exchange’s business development team.

CertiK Clears Up the Allegations

Shortly after Kraken’s post about the missing funds, blockchain security firm CertiK publicly identified itself as the “security researcher” that Kraken claimed stole $3 million of digital assets. This came in an effort to challenge the allegations and dispel any notions of malicious intent. In a June 19 X post, CertiK said it had informed Kraken of an exploit that allowed it to remove millions of dollars from the exchange’s accounts. CertiK also claimed to have been threatened by the exchange’s team.

“After initial successful conversions on identifying and fixing the vulnerability, Kraken’s security operation team has THREATENED individual CertiK employees to repay a MISMATCHED amount of crypto in an UNREASONABLE time even WITHOUT providing repayment addresses,” CertiK stated.

To clarify their side of the story, CertiK also released a timeline of events, covering the entire discourse, starting with identifying the exploit on June 5.

CertiK-Kraken discourse timeline. Source: CertiK.

Why Did They Withdraw $3M?

Kraken’s CSO initially stated that the first malicious transfer, worth just $4, would have been sufficient to prove the bug and earn “sizable rewards” from Kraken’s bounty program.The security researcher, later revealed to be CertiK, had instead minted nearly $3 million into their Kraken accounts.In an X post following the return of the $3 million, CertiK answered many prominent questions surrounding the situation. Most importantly, they explained their justification for the big sum.

“We want to test the limit of Kraken’s protection and risk controls,” CertiK stated. “After multiple tests across multiple days and close to $3 million worth of crypto, no alerts were triggered and we still haven’t figured out the limit.”

Additionally, CertiK claims that they had no intentions of bringing a bounty into the picture; it was something mentioned in the exchange.

“We never mentioned any bounty request,” CertiK said. “It was Kraken who first mentioned their bounty to us, while we responded that the bounty was not the priority topic and we wanted to make sure the issue was fixed.”

CertiK highlighted that their efforts were not at the expense of any Kraken users. The funds were “minted out of air.”

Despite their claimed innocence, the situation has sparked debate about the nature of ethical hacking, proper communication protocols, and the appropriate handling of discovered vulnerabilities.

More Articles

Altcoin News
Scammers Exploit Telegram Bots to Inject Malware and Steal Crypto, Warns Scam Sniffer
Ruholamin Haqshanas
Ruholamin Haqshanas
2024-12-11 08:30:01
Altcoin News
Circle and Binance Partner to Boost USDC and Crypto Adoption
Tanzeel Akhtar
Tanzeel Akhtar
2024-12-11 07:49:38
Crypto News in numbers
editors
Authors List + 66 More
2M+
Active Monthly Users Around the World
250+
Guides and Reviews Articles
8
Years on the Market
70
International Team Authors