Fun

Kraken-CertiK saga turns murky as part of exploited funds go ‘missing’

News Feed - 2024-06-20 06:06:28

Prashant Jha5 hours agoKraken-CertiK saga turns murky as part of exploited funds go ‘missing’Kraken is planning to take legal action against security firm CertiK as the “white hat” operation by the security firm turns into a legal blunder.1021 Total views23 Total sharesListen to article 0:00NewsOwn this piece of crypto historyCollect this article as NFTJoin us on social networksThe Kraken-CertiK saga has taken another turn. Security firm CertiK claims it carried out a white hat operation on specific Kraken accounts not belonging to customers, draining nearly $3 million, according to Kraken. However, the exchange claims the total exploited amount was not returned to it, while CertiK claims to have returned all funds as per their record.


On June 20, CertiK took to X to give an update on the situation and claimed it had returned 734 Ether (ETH), 29,001 Tether (USDT) tokens and 1,021 Monero (XMR) coins, while Kraken requested 155,818 Polygon (MATIC) tokens, 907,400 USDT, 475.5 ETH and 1,089.8 XMR.Kraken claims exploit, CertiK says white hat operation


The Kraken-CertiK saga began on June 9, when Kraken claimed it had received a bug bounty program alert from an alleged security researcher. The alert highlighted a bug in Kraken’s system that allowed users to inflate their account balances. When the crypto exchange rushed to patch the bug, it discovered three accounts that had leveraged the flaw, stealing $3 million from Kraken’s account.


Kraken found that one of the three accounts was Know Your Customer (KYC) verified and used the bug to credit $4 to their account.


Kraken chief security officer Nick Percoco said that this would have been enough to prove the bug and claim the bounty, but the account allegedly then shared the flaw with two other accounts, with all three pocketing $3 million from the exchange in the days that followed.


When the crypto exchange asked the alleged “security researcher” to return the funds and collect its bounty after offering the required onchain proofs, the white hat hacker allegedly refused to entertain the request and asked for the bounty to be paid first. Although Kraken didn’t reveal the name of the security firm behind the “white hat” exploit, CertiK revealed that it was behind the Kraken exploit.


CertiK claimed that its employee who discovered the vulnerability was threatened to return the stolen funds, but did not receive a wallet address to send the funds to. Ronghui Gu, co-founder at CertiK, told Cointelegraph:“The verbal consensus reached during our meeting was not confirmed afterward. Ultimately, they [Kraken] publicly accused us of theft and even directly threatened our employees, which is completely unacceptable.”


CertiK reportedly sent the stolen funds to crypto mixing service Tornado Cash to avoid having them frozen by crypto exchanges. The move triggered much criticism from the crypto community, which questioned CertiK’s motive behind the “white hat” operation.


Related: Crypto phishing attacks reached ‘alarming levels’ — CertiK co-founderCrypto community calls out CertiK


The crypto community raised questions about why CertiK researchers moved millions of dollars worth of funds when a single transaction could have proven the vulnerability. Others reminded them that Tornado Cash is an Office of Foreign Assets Control (OFAC)-sanctioned tool, and using it could attract legal trouble for the security firm. Others questioned whether it planned to return the funds and why it sent them to Tornado Cash.Crypto community calls out CertiK. Source: X


A majority of the crypto community sided with Kraken on the issue and called out CertiK for its ruthless behavior. Many accused them of “stealing” and blackmailing Kraken for the bounty.Crypto community reaction to Kraken Certik saga. Source: X


Kraken told Cointelegraph that it is in touch with law enforcement agencies regarding the situation.


Update: This article will be updated with comments from Kraken and CertiK.


Magazine:Crypto audits and bug bounties are broken: Here’s how to fix them# Blockchain# Kraken# Cryptocurrencies# Hackers# Cybersecurity# Hacks# DeFi# RegulationAdd reaction

News Feed
Starknet targets increased throughput, lower fees with parallel transactions in 2024
Gareth Jenkinson12 hours agoStarknet targets increased throughput, lower fees with parallel transactions in 2024Ethereum scaling protocol Starknet expects to increase its throughput and further fee reductions through the
2024-03-20 21:00 PM
How NFL Bet Odds Have Changed With 3 Dinged Franchise QBs
With NFL franchise quarterbacks dropping like flies, bookmakers have found it necessary to dramatically change the betting odds of affected teams winning their respective divisions, conferences, and the Super Bowl. My, H
2019-09-20 09:29 AM
Helen Partz13 hours agoGrayscale officially abandons post-Merge PoW Ethereum tokensOne year after the Ethereum Merge, Grayscale has finally made the decision to abandon all the rights to proof-of-work Ethereum tokens.343
2023-09-20 19:20 PM
Ezra Reguerra11 hours agoWhale reclaims $74M in ETH locked in ENS auctionENS founder Nick Johnson urged users to check their addresses and reclaim their deposited funds.2738 Total views50 Total sharesListen to article 0:
2023-07-31 21:20 PM
Japan's Sony Bank tests yen-backed stablecoin for gaming and sports IP payments
Savannah Fortis24 minutes agoJapan"s Sony Bank tests yen-backed stablecoin for gaming and sports IP paymentsSony Bank says it is experimenting with the possibility of issuing its own yen-backed stablecoin as a form of pa
2024-04-05 17:35 PM
William Suberg9 hours agoBitcoin traders hope $27K holds as BTC price ignores volatile US dollarBitcoin looked like a stablecoin compared to the U.S. Dollar Index on Oct. 4, with BTC price levels of interest close to the
2023-10-04 23:03 PM
Daily Earnings of Typical Axie Infinity Player ‘Fall Below the Philippines’ Minimum Wage Line:’ Report
Daily Earnings of Typical Axie Infinity Player "Fall Below the Philippines" Minimum Wage Line:" Report This year, the Sky Mavis-crafted blockchain game Axie Infinity has seen incre
2021-11-15 15:30 PM
White House Says Reports of National Security Reviews on Elon Musk Are ‘Not True’ — Tesla CEO Prepares to Close Twitter Deal Friday
White House Says Reports of National Security Reviews on Elon Musk Are "Not True" — Tesla CEO Prepares to Close Twitter Deal Friday The White House has clarified that the Biden A
2022-10-26 23:00 PM
JPMorgan CEO Jamie Dimon to Shareholders: Decentralized Finance, Blockchain Are Real
JPMorgan CEO Jamie Dimon to Shareholders: Decentralized Finance, Blockchain Are Real JPMorgan Chase CEO Jamie Dimon sees decentralized finance (defi) and blockchain as real, new te
2022-04-08 09:30 AM
Peter Schiff Pounces, Chalks Up Bitcoin to Marketing Success for Early Whales
Thebitcoin price is once again hovering below the $10,000 level, which the bulls see as a buying opportunity and the skeptics take as a chance to make digs. Gold bug Peter Schiff is among the first to pounce and rather t
2019-07-28 21:45 PM
Donald Trump picks crypto-friendly JD Vance as running mate
Turner Wright4 hours agoDonald Trump picks crypto-friendly JD Vance as running mateThe Ohio senator reported holding up to $250,000 worth of Bitcoin in 2022 and has supported specific pro-crypto legislation.2702 Total vi
2024-07-16 04:55 AM
Brayden Lindrea17 minutes agoAmazon launches ‘Q’ — a ChatGPT competitor purpose-built for businessEmployees in HR, legal, product management, design, manufacturing and operations departments will benefit from Q, sa
2023-11-29 08:42 AM