As a researcher with experience in the cryptocurrency industry, I find the recent incident between Kraken and CertiK intriguing. It’s always interesting to see how security vulnerabilities are handled in this space.
Kraken, the crypto exchange, announced that it has recovered the $3 million stolen from its platform earlier this year, according to their statement by the “researchers” involved in the security incident.
“New information: The funds, less some transaction fees, have been successfully restored according to Kraken’s Chief Security Officer, Nick Percoco, in an update posted on Thursday.”
Kraken Gets Its Money Back
CertiK teamed up as the unmasked perpetrators behind the Kraken hack, revealing their involvement on Wednesday despite initial reluctance from Kraken to disclose the identities of those responsible.
Previously in the day, Percoco disclosed that Kraken had recently fixed a glitch enabling skilled users to excessively boost their account balances on the site, thereby allowing them to illicitly siphon off any quantity of funds from the platform starting January.
In June, I received a warning from CertiK’s team about a vulnerability in Kraken’s system. Regrettably, before the issue was resolved, an amount of $3 million was taken from Kraken’s Treasury to showcase the potential risk. However, I want to emphasize that once the problem was identified, it was swiftly addressed and couldn’t be repeated. No client assets were ever in danger throughout this process.
As a researcher looking into the incident between CertiK and Kraken, I’ve come across differing perspectives regarding CertiK’s involvement in Kraken’s security. While CertiK described their actions as beneficial whitehat operations, Kraken and the larger cryptocurrency community did not share the same sentiment.
As a crypto investor, I understand that failing to adhere to Kraken’s standard whitehat bounty program procedures can lead to serious consequences. For instance, not promptly returning all funds once stolen goes against the ethical guidelines of this program. Additionally, taking more funds than necessary to showcase a vulnerability could be perceived as excessive and unjustified. Both actions are likely to result in negative repercussions within the crypto community and potentially legal ramifications.
According to Kraken, CertiK declined to return the funds until they were given a rough calculation of how much potential loss the company would have faced if the vulnerability hadn’t been detected.
CertiK’s Explanation For The Hack
By contrast, CertiK said it had “consistently assured them that we would return the funds.”
The security team at Kraken has demanded that specific CertiK employees return an incorrect quantity of cryptocurrency within an unrealistic timeframe, without disclosing the necessary repayment addresses, as asserted by CertiK on Twitter.
As a crypto investor, I was relieved to receive confirmation from the company on Thursday that all my funds had been returned. However, I noticed that the amount I received was different from what I had originally intended to transfer through Kraken. The company explained that this discrepancy was due to their recent security measures aimed at testing the effectiveness of Kraken’s alerts and risk controls. Despite losing millions during this incident, these safeguards never triggered, leaving me grateful for their proactive approach in ensuring the security of my investments.
CertiK stated, “No bounty request was ever brought up by us. Instead, it was Kraken who initiated the discussion about a bounty, but our focus remained on addressing the issue at hand rather than the reward.”
Read More
- W PREDICTION. W cryptocurrency
- PENDLE PREDICTION. PENDLE cryptocurrency
- AEVO PREDICTION. AEVO cryptocurrency
- AAVE PREDICTION. AAVE cryptocurrency
- REF PREDICTION. REF cryptocurrency
- ERG PREDICTION. ERG cryptocurrency
- CTC PREDICTION. CTC cryptocurrency
- NEXO PREDICTION. NEXO cryptocurrency
- DEGO PREDICTION. DEGO cryptocurrency
- ALCX PREDICTION. ALCX cryptocurrency
2024-06-20 23:36