Blockchain security firm CertiK admitted to being behind the white-hat hack that affected Kraken crypto exchange on Wednesday, June 19.
The security firm downplays Kraken’s alleged extortion, arguing it was not granted sufficient time to refund the proceeds from assessing the exploit scope.
The on-chain security firm responded to cryptocurrency exchange Kraken’s claims as extortion. Kraken chief security executive Nick Percoco indicated that the exchange treated the nearly $3M loss as a criminal case.
Percoco revealed they were running coordinated efforts with the enforcement agencies to recover funds lost when the tech-savvy researchers exploited an ‘isolated bug.’
Certik Defends Actions, Downplays Extortion Claims
CertiK defended the actions via a post on X (formerly Twitter), indicating that Kraken lodged threats targeting its employees. CertiK added that Kraken’s total value demands mismatch the crypto taken by the security firm.
Besides, CertiK argues that Kraken granted too little time for the firm to refund the allegedly stolen funds.
Percoco had earlier indicated that unnamed researchers were behind the theft of million-dollar crypto from the Kraken treasury. The security executive explained that they withdrew the funds credited to the account before the completion of the deposits, thus effectively printing assets.
CertiK admitted leveraging the isolated bug several times in investigating the scope of Kraken’s security vulnerability. The security firm asserted that the crypto exchange failed to offer an address where it could return the stolen funds.
Nonetheless, CertiK revealed it will send the crypto to a digital wallet available in its record belonging to Kraken.
White-hat hacking involves the ethical practice of technically tampering with a system to identify vulnerabilities. Percoco clarified that a bug bounty submitted following the exploit failed to yield the anticipated outcome, as it only disclosed $4 of the lost crypto.
Percoco added that the malicious actor would not agree to the return of the funds until the dollar amount estimated the potential costs of running the exploit.
Kraken Defense System Vulnerability
CertiK defended its actions, ruling out that it minted millions of dollars worth of crypto from user’s assets. Instead, the research activities directly targeted Kraken’s treasury, a fact earlier admitted by Percoco while assuring users’ funds security.
Ethereum wallet manager MyCrypto founder Taylor Monahan weighed into the Kraken versus Certik issue. The executive whose firm was acquired two years ago by Consensys and absorbed within MetaMask warns of legal consequences.
Monahan warns that CertiK could suffer reputation damage and that the White-hat hack would affect the blockchain security firm’s internal culture.
The former MyCrypto chief illustrated that several projects that CertiK audited fell victim to exploits. The present case involving Kraken triggered speculation regarding the possibility of inside jobs in past incidents.
Certik responded to Monahan’s claims, questioning why the in-depth defense system that Kraken reportedly utilizes failed to detect the test transactions. CertiK informed the executive that they were indeed testing the inadequacy.
Kraken indicated that they resolved the bug that enabled the platform users to earn free money in their accounts. The company admitted on Wednesday, June 19, that the team discovered the “isolated bug” early this month that facilitated the artificial inflation of balances.
Percoco admits the security team was aware of it after a security researcher issued a bug bounty program on June 9. The researcher termed it an extremely critical bug.
Kraken’s head of communications, Alexander Cassells, admitted the feature became present in January. A malicious actor could exploit it to print crypto assets inflating their accounts.
Editorial credit: rafapress / Shutterstock.com