As a researcher with experience in cybersecurity and blockchain technology, I find this situation between Kraken and CertiK deeply troubling. It is clear that a significant vulnerability was exploited, resulting in the theft of $3 million from Kraken. The fact that CertiK managed to siphon away such a large sum without raising any red flags is a stark reminder of the importance of robust security measures in the Web3 space.
CertiK, the Web3 security company, has taken advantage of a weakness in Kraken’s software, resulting in the transfer of approximately $3 million. However, Kraken alleges that CertiK refuses to return the funds and demands exorbitant sums instead.
On June 9th, CertiK transferred $3 million from Kraken’s account, following a trivial transaction worth only $4. This insignificant activity raised suspicion and prompted Kraken to take action, preventing the large-scale withdrawal of funds without any impact on user accounts.
Nick Percoco, the Chief Security Officer at Kraken, publicly announced, “For the sake of openness, we’re revealing this security issue to the community today. Some are criticizing us for asking ‘ethical hackers’ to give back what they allegedly took from us. Incredulous.”
On June 19, he published several messages addressing the chaos without specifically mentioning CertiK. Instead, he labeled them as “white-hat hackers” and a “security researcher.” Shortly after, CertiK went public to confirm that they were the “security researcher” Kraken’s Chief Security Officer had referred to when disclosing the bug bounty incident in the crypto community.
In their recent announcement on X, CertiK disclosed the gravity of the discovered bug and revealed that it took Kraken several days to identify the cause, a feat they accomplished only after being notified by CertiK. The same post contained allegations against Kraken, accusing their security team of pressuring individual CertiK employees to return an incorrect amount of cryptocurrency in an excessively short time frame and without supplying them with appropriate repayment addresses.
As a security analyst at CertiK, I can share that during our audit of Kraken’s smart contracts, we identified potential vulnerabilities and reached out to Kraken to disclose these findings. However, Kraken did not provide us with a repayment address for the recovered funds despite their employees reportedly pressuring us to return the crypto. Consequently, we have decided to transfer the funds into an account that Kraken should be able to access based on our records.
Image by Buffik from Pixabay
Read More
- PENDLE PREDICTION. PENDLE cryptocurrency
- W PREDICTION. W cryptocurrency
- FIO PREDICTION. FIO cryptocurrency
- AAVE PREDICTION. AAVE cryptocurrency
- BONE PREDICTION. BONE cryptocurrency
- WALV PREDICTION. WALV cryptocurrency
- Bitcoin’s Unreliable Death Cross Is Looming Again
- Did the Megalopolis Trailer Make Up All Those Movie-Critic Quotes?
- Ethereum Suffers $61M Outflows, Worst Performance Since August 2022
- Decoding the Cosmic Conundrum in Honkai: Star Rail – Why So Serious?
2024-06-21 12:46