Key Takeaways:
- Kraken recovered nearly $3 million after a security researcher exploited a bug, initially withdrawing the funds from Kraken’s treasury.
- CertiK, the blockchain security firm, claimed Kraken threatened its employees during the incident, but the funds were returned on June 20, excluding transaction fees.
- Despite the controversy, CertiK emphasized that no user funds were at risk throughout the incident.
Kraken has successfully recovered nearly $3 million in digital assets following a bug bounty exploit incident involving blockchain security firm CertiK.
The issue began on June 9 when a security researcher maliciously withdrew the funds from Kraken’s treasury after discovering and sharing a bug.
Update: We can now confirm the funds have been returned (minus a small amount lost to fees). https://t.co/cHkjPt3m2A
— Nick Percoco (@c7five) June 20, 2024
Despite initial claims by CertiK that Kraken threatened its employees over the matter, the funds were returned on June 20, minus transaction fees.
CertiK detailed the incident timeline, stating they had informed Kraken of the exploit, which allowed the removal of millions from the exchange’s accounts.
Q&A to recent CertiK-Kraken whitehat operations:
— CertiK (@CertiK) June 20, 2024
1. Did any real user lose fund?
No. Cryptos were minted out of air, and no real Kraken user’s assets were directly involved in our research activities.
2. Have we refused to return the funds?
No. In our communication with…
CertiK conducted extensive testing, minting nearly $3 million into their Kraken accounts to assess the exchange’s protection and risk controls.
Kraken’s Chief Security Officer, Nicholas Percoco, clarified that a minimal transfer could have proven the bug and earned a reward, but CertiK argued the large amount was necessary for thorough testing.
This individual discovered the bug in our funding system, and leveraged it to credit their account with $4 in crypto. This would have been sufficient to prove the flaw, file a bug bounty report with our team, and collect a very sizable reward under the terms of our program.
— Nick Percoco (@c7five) June 19, 2024
Despite initial tensions and CertiK’s claims of threats from Kraken, the incident concluded with the safe return of the funds, and CertiK emphasized that no user funds were at risk.
About The Author
Efe Bravo, a seasoned journalist, delivers compelling insights into the cryptocurrency and blockchain industry.
His articles offer a deep dive into the latest trends, projects, and technological advancements shaping the future of digital finance.
Check Efe out on:
