Kraken Recovers $3M After CertiK’s Equivocal White Hat Hack
- CertiK cracked Kraken’s vault for over $3 million in a dubious white-hat hack.
- The security firm and popular American exchange point fingers at each other.
- CertiK returns $3M and nags about Kraken’s deceptive aggressive communication.
The popular American cryptocurrency exchange Kraken and blockchain security audit company CertiK were entangled in an extortion scandal over millions of missing digital funds. On June 9, 2024, Kraken’s crypto exchange received a bug bounty program alert from a security researcher.
Just a Regular Bounty Hunt Gone Rogue?
According to Kraken’s Chief Security Officer Nick Percoco, the email didn’t disclose many details about the security breach. Still, it was worded as “extremely critical” due to the bug allowing the white-hat hackers to inflate their balances on Kraken artificially.
Within minutes we discovered an isolated bug. This allowed a malicious attacker, under the right circumstances, to initiate a deposit onto our platform and receive funds in their account without fully completing the deposit.
— Nick Percoco (@c7five) June 19, 2024
Percoco explained that the isolated bug was found minutes after the communication from CertiK. According to Percoco, the bug allowed hackers to “initiate a deposit onto our platform and receive funds in their account without fully completing the deposit.”
$3 Million in Question: Two Sides of the Story
Moments after Kraken’s elaborate thread on X about malicious hackers who found a loophole in the platform’s code, CertiK confessed to having performed the white-hat hack. However, the well-known blockchain security company denied any malicious intentions.
Read More
SHIB, PEPE, WIF, BONK Fall Off Hard as Major Players Exit
Binance Rolls Out LUNC Revival Campaign to Repeg USTC to $1
SHIB, BONE Primed for Rebound Ahead of Shiba Eternity Launch
CertiK claims to have received threats from Kraken’s staff members, including a demand to return unreasonably large amounts of digital assets. In response to Kraken’s allegations that $3 million was stolen intentionally, CertiK released a timeline of events, starting with June 5, 2024.
QA to recent CertiK-Kraken whitehat operations:
— CertiK (@CertiK) June 20, 2024
1. Did any real user lose fund?
No. Cryptos were minted out of air, and no real Kraken user’s assets were directly involved in our research activities.
2. Have we refused to return the funds?
No. In our communication with…
CertiK’s executive team also constructed a QA summary of the events to clarify what happened, asserting: “Cryptos were minted out of air, and no real Kraken user’s assets were directly involved in our research activities.”
CertiK ultimately returned the $3 million in digital assets to Kraken.
Glad you found it! pic.twitter.com/OCJidXslGj
— Gabriel Haines (@gabrielhaines) June 20, 2024
However, it remains an open question of who’s in the right in this ambiguous situation. While Kraken’s CSO claimed that the $3 million withdrawal by CertiK was over the top, CertiK begs to differ. According to their statement, CertiK was bound to test the limits of such an exploit before it tackled investor’s money.
Sponsored
“After multiple tests across multiple days and close to $3 million worth of crypto, no alerts were triggered, and we still haven’t figured out the limit,” states the blockchain security audit company on X.
On the Flipside
- According to Kraken’s Chief Security Officer, CertiK intentionally left some information out of the initial bug report and refused to return funds unless Kraken provided an estimated amount that the bug could have caused.
- The security audit company in question has disclosed the bug to “two other individuals who they work with,” who successfully assisted CertiK in draining $3 million from Kraken’s reserves.
Why This Matters
Due to rising hacks and scams in the digital realm, identifying and solving security issues on popular crypto platforms is a top priority.
Discover DailyCoin’s top crypto news:
Did Do Kwon Plan Montenegro Escape Before Terra-Luna Crash?
Vitalik on Crypto’s “Idealist Hippies”: “We’re Still Here!”
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
EU crypto traders urged to convert non-compliant stablecoins to regulated ones as MiCA framework takes effect
Quick Take EU stablecoin users are urged to convert non-compliant stablecoins to regulated ones as the bloc’s MiCA regulation goes live. The new regulations prohibit stablecoins from exceeding one million daily transactions used to pay for goods or services, whether settled off-chain or on-chain.
Mamori raises $5 million in Blockchain Capital-led seed funding
Quick Take The web3 security firm Mamori raised $5 million in seed funding led by the venture capital firm Blockchain Capital. Mamori aims to augment web3 security by developing an algorithm that can find issues in blockchain-based software.
