Blockchain security company CertiK announces itself, identifying itself as a “security researcher.”
Blockchain security company CertiK has announced itself, identifying itself as the “security researcher” who Kraken claims stole $3 million in digital assets.
In an X post dated June 19, CertiK said it informed Kraken of a vulnerability that allowed it to delete millions of dollars from the exchange’s accounts. Nicholas Percoco, Kraken’s head of security, claimed that an unnamed security team – which was not CertiK at the time – committed an “extortion racket” by refusing to return the funds until that the exchange agrees to provide “a projected dollar amount that could be… Caused by this error.” If only they hadn’t revealed it.
“After successful initial transfers to identify and remediate the vulnerability, Kraken’s security operations team threatened individual CertiK employees with an unreasonable amount of cryptocurrency payments without even providing payment addresses,” CertiK said. “In the spirit of transparency and our commitment to the Web3 community, we will make the matter public to protect the safety of all users. We urge Kraken to end any threats against Whitehat hackers.
The security company published a timeline of events, starting with the identification of the exploit on June 5 and ending with allegations that Kraken threatened a CertiK employee on June 18. In a statement to Cointelegraph, CertiK said it plans to transfer the funds “to a Kraken account that it can access.”
Related: Cryptocurrency Phishing Attacks Have Reached “Worrying Levels” – CertiK Co-Founder
Initial reactions from many cryptocurrency users seemed to support Kraken, saying that CertiK’s actions were not similar to those of the hackers. It is unclear whether Kraken has grounds for legal action.
CertiK announced in April that nearly $1 billion in digital assets would be lost to illicit activities in 2023. The company previously identified vulnerabilities in the Wormhole Bridge on Aptos and in the Telegram app.
review: Cryptocurrency audits and bug bounties are broken: here’s how to fix it
