CertiK Reveals Kraken Bug, Alleges Threats from Crypto Exchange

CertiK stated in a post on X on June 19 that it had informed Kraken of a critical vulnerability, which allowed them to withdraw millions from the crypto exchange's accounts.

According to Nicholas Percoco, Chief Security Officer at Kraken, CertiK's team refused to return the funds until the exchange provided a "speculated $ amount that this bug could have caused if they had not disclosed it."

Did you know?

Want to get smarter & wealthier with crypto?

Subscribe - We publish new crypto explainer videos every week!

What is AVAX? (Avalanche Network Explained With Animations)

SUBSCRIBE

ON YOUTUBE

CertiK's post countered these allegations, stating that after the company identified and helped fix the vulnerability, Kraken's security team allegedly threatened CertiK employees:

After initial successful conversions on identifying and fixing the vulnerability, Kraken's security operation team has THREATENED individual CertiK employees to repay a MISMATCHED amount of crypto in an UNREASONABLE time even WITHOUT providing repayment addresses.

The firm also shared a timeline of events, from identifying the bug on June 5 to the alleged threats on June 18. They added that they were making this information public to ensure transparency and protect users' security, calling on Kraken to stop any threats against white-hat hackers and announcing plans to transfer the funds "to an account that Kraken will be able to access."

The incident has sparked reactions from the crypto community, with many criticizing CertiK's actions as inconsistent with those of white-hat hackers and even criminal. It is yet to be determined if Kraken will pursue legal action.

Both parties are standing firm in their narratives, each claiming to have acted in the best interest of the crypto community.

In other news, CertiK recently helped identify the reasons for the $3.7 million theft from UwU Lend.