In the latest CEX News, new claims that the Kraken exploit is being extorted by CertiK ‘White-Hat’ hackers have triggered Kraken lawyers to conduct a criminal investigation.
Blockchain security firm CertiK came forward on Wednesday to claim credit for the recent ‘white hat’ hack on crypto exchange Kraken. The exchange responded, calling Certik’s actions “extortion.”
Kraken Chief Security Officer Speaks Out On CertiK
Instead, they demanded a call with their business development team (i.e. their sales reps) and have not agreed to return any funds until we provide a speculated $ amount that this bug could have caused if they had not disclosed it. This is not white-hat hacking, it is extortion!
— Nick Percoco (@c7five) June 19, 2024
Nick Percoco, Chief Security Officer at Kraken, provided a security update following the hack. In the update, he stated that CertiK could have proved the security flaw with a minimal $4 transaction but disclosed the bug to other individuals.
The parties involved withdrew nearly $3 million from their Kraken accounts using the flaw.
“They ultimately withdrew nearly $3 million from their Kraken accounts. This was from Kraken’s treasuries, not other client assets.” the CSO said, assuring that no customer funds were taken in the process.
Nick added that the security company is now attempting to extort Kraken in return for the stolen funds, and it is being treated as a criminal case. He said, “We’ll not disclose this research company because they don’t deserve recognition for their actions.
We treat this as a criminal case and coordinate with law enforcement agencies accordingly. We’re thankful this issue was reported, but that’s where that thought ends.”
CertiK Goes Public To Dispute Kraken Claims
Although he refuses to name the company, CertiK has come forward to give its side of the story. CertiK took to X to defend itself, claiming that Kraken had threatened its employees.
CertiK also disputed Kraken’s valuation of the funds taken, saying it was “mismatched” to the crypto it had taken.
CertiK recently identified a series of critical vulnerabilities in @krakenfx exchange which could potentially lead to hundreds of millions of dollars in losses.
Starting from a finding in @krakenfx's deposit system where it may fail to differentiate between different internal… pic.twitter.com/JZkMXj2ZCD
— CertiK (@CertiK) June 19, 2024
On their decision to go public as the white-hat hacker, CertiK said, “In the spirit of transparency and our commitment to the Web3 community, we are going public to protect all users’ security. We urge @krakenfx to cease any threats against white-hat hackers.”
CertiK stated that it had used the bug multiple times as part of an investigation while trying to assess the scope of Kraken’s security vulnerability. CertiK said that Kraken did not provide an address for the return of the funds but that it was sending the cryptocurrency to a wallet that its records show the exchange could access.
With Kraken instructing their lawyers and making this a criminal investigation, concluding this story will take some time.
EXPLORE: What Is The Best CEX To Use To Buy Crypto in 2024?
Disclaimer: Crypto is a high-risk asset class. This article is provided for informational purposes and does not constitute investment advice. You could lose all of your capital.
