Fun

Kraken recovers $3 million from CertiK, ending bug bounty saga

News Feed - 2024-06-20 11:06:31

Zoltan Vardai9 minutes agoKraken recovers $3 million from CertiK, ending bug bounty sagaCertik has returned the funds to Kraken exchange, putting a happy end to the bug bounty-related saga.61 Total viewsListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTJoin us on social networksCryptocurrency exchange Kraken has recovered missing funds following a high-profile bug bounty exploit fiasco. 


Kraken confirmed the return of the stolen digital assets worth nearly $3 million, putting an end to the Kraken-Certik saga that started on June 9.


The recovery of the funds, minus transaction fees, was confirmed by Nicholas Percoco, chief security officer of Kraken, in a June 20 X post:“Update: We can now confirm the funds have been returned (minus a small amount lost to fees).”


Kraken’s CSO first announced the $3 million worth of missing funds on June 19, when he claimed that a “security researcher” maliciously withdrew them from the treasury after discovering and sharing an existing bug.


Kraken claimed that it was extorted by the security researcher who was refusing to return the funds, demanding a reward and a call with the exchange’s business development team.


Related:Nomura crypto arm Laser Digital bags Abu Dhabi licenseCertiK"s side of the story


Shortly after Kraken’s post about the missing funds, blockchain security firm CertiK publicly identified itself as the “security researcher” that Kraken claimed stole $3 million of digital assets.


In a June 19 X post, CertiK said it had informed Kraken of an exploit that allowed it to remove millions of dollars from the exchange’s accounts. Certik also claimed to have been threatened by the exchange’s team:“After initial successful conversions on identifying and fixing the vulnerability, Kraken’s security operation team has THREATENED individual CertiK employees to repay a MISMATCHED amount of crypto in an UNREASONABLE time even WITHOUT providing repayment addresses.”


The security firm posted a timeline of events, starting with identifying the exploit on June 5 and ending with claims Kraken threatened a CertiK employee on June 18. In a statement to Cointelegraph, CertiK said it planned to transfer the funds “to an account that Kraken will be able to access.”Bug bounty saga timeline. Source: CertiK


Related:Bitcoin ETFs legitimized the crypto industry for investors — Storm PartnersWhy did CertiK withdraw nearly $3 million?


Kraken’s CSO initially said that the first malicious transfer, worth just $4, would have been sufficient to prove the bug and collect “sizable rewards” from Karken’s bounty program.


However, the security researcher, which was later disclosed as CertiK, had minted nearly $3 million into their Kraken accounts.


In a post following the return of the $3 million, CertiK said that the multi-million sum was necessary to test the limits of the exchange:“We want to test the limit of Kraken’s protection and risk controls. After multiple tests across multiple days and close to $3 million worth of crypto, no alerts were triggered and we still haven’t figured out the limit.”


Moreover, CertiK claims that it didn’t initially request a bounty, but it was something mentioned by the exchange:“We never mentioned any bounty request. It was Kraken who first mentioned their bounty to us, while we responded that the bounty was not the priority topic and we wanted to make sure the issue was fixed.”


CertiK added that no Kraken user funds were endangered since the exploited funds were “minted out of air.”


Magazine:Ethereum’s recent pullback could be a gift: Dynamo DeFi, X Hall of Flame# Kraken# Altcoin# Business# Hackers# Cryptocurrency Exchange# Cybersecurity# Hacks# DeFiAdd reaction

News Feed

Avalanche Slides Off The Edge – What Comes After The 4H Trendline Snap?
Reason to trust Strict editorial policy that focuses on accuracy, relevance, and impartiality Created by industry experts and meticulously reviewed The highest standards in reporting and pu
Ana Paula Pereira7 hours agoMicrosoft to form nuclear power team to support AI: ReportMicrosoft is forming a new team of professionals to advance its artificial intelligence plans with Small Modular Reactors and microrea
Turkish Lira Slump Contributes to Rise in Turkey’s Daily Crypto Trades to Over One Million
Turkish Lira Slump Contributes to Rise in Turkey"s Daily Crypto Trades to Over One Million The popularity of cryptocurrencies in economically embattled Turkey has continued to surg
The HUMAN App Delivers Real-World Utility to HMT and the HUMAN Ecosystem
The HUMAN App Delivers Real-World Utility to HMT and the HUMAN Ecosystem sponsored HUMAN Protocol has launched on the Ethereum Mainnet. To complement this launch
Gas DAO Project Forms to Airdrop Tokens to Ethereum Users That Spent $1,559 in Fees
Gas DAO Project Forms to Airdrop Tokens to Ethereum Users That Spent $1,559 in Fees A new type of airdrop has been very popular during the last quarter of 2021 as quickly assembled
Twitter Launches Bitcoin Tipping Feature, Explores NFT Authentication
Twitter Launches Bitcoin Tipping Feature, Explores NFT Authentication Twitter has begun rolling out “Tips,” a feature that allows usersto send bitcoin or cash tips. T
Price analysis 3/22: BTC, ETH, BNB, SOL, XRP, ADA, DOGE, AVAX, SHIB, TON
Rakesh Upadhyay5 hours agoPrice analysis 3/22: BTC, ETH, BNB, SOL, XRP, ADA, DOGE, AVAX, SHIB, TONBitcoin is struggling to sustain its recovery, signaling that higher levels are attracting sellers in BTC and altcoins.195
Why Meta Penguin Island Should Be Your Favorite Place to Look for NFTs This Winter
Why Meta Penguin Island Should Be Your Favorite Place to Look for NFTs This Winter press release PRESS RELEASE.Not only are the financial markets experiencing a revolution due to bl
Bitcoin-Friendly Kanye West Running for US President 2020, Taking on Donald Trump and Joe Biden
Bitcoin-Friendly Kanye West Running for US President 2020, Taking on Donald Trump and Joe BidenKanye West announced on Independence Day that he is running for president of the Unite
Turner Wright4 hours agoMultiple spot crypto ETF applications go to Federal Register in step toward SEC approvalPublishing the ETF applications in the official journal of the U.S. government gives the SEC up to 240 days
Gensokishi Online Announces Listing Metaverse(MV) Token on Gate․io and Campaign
Gensokishi Online Announces Listing Metaverse(MV) Token on Gate․io and Campaign press release PRESS RELEASE.MV/USDT pair will be listed on Gate.io, a leading Cryptocurrency exchan
Taylor Swift Rejected Crypto Exchange FTX’s Sponsorship Offer Over Unregistered Securities Concerns
Taylor Swift Rejected Crypto Exchange FTX"s Sponsorship Offer Over Unregistered Securities Concerns Taylor Swift, a pop icon and 12-time Grammy Award winner, reportedly turned down