CertiK reveals it found Kraken vulnerability and will return funds, denies extortion allegations

The post CertiK reveals it found Kraken vulnerability and will return funds, denies extortion allegations appeared on BitcoinEthereumNews.com.

Blockchain security firm CertiK confirmed that it was behind the discovery of a critical vulnerability in crypto exchange Kraken’s deposit system and gone public with its account of the events following allegations of extortion by the exchange. The security firm also alleged that Kraken threatened its employees on June 18 and demanded repayment of a “mismatched” amount in an unreasonable amount of time without providing a relevant wallet address. CertiK denied the extortion allegations and said it would transfer the funds used for its “white-hat testing” back to the wallet address it has on hand since Kraken did not provide a new address. The firm said: “Since Kraken has not provided repayment addresses and the requested amount was mismatched, we are transferring the funds based on our records to an account that Kraken will be able to access.” CertiK’s side CertiK said its investigation started on June 5, when its researchers found an issue in Kraken’s deposit system that failed to differentiate between various internal transfer statuses. This led to a deeper probe into whether a malicious actor could fabricate a deposit transaction and withdraw fabricated funds. The firm said the tests also aimed to determine whether a large withdrawal request would trigger any risk controls. CertiK’s tests revealed that millions of dollars could be deposited into any Kraken account, and fabricated crypto worth over $1 million could be withdrawn and converted into valid cryptos. The firm said that no alerts were triggered during the multi-day testing period, and Kraken only responded and locked the test accounts days after it reported the incident. Despite initial successful communications and steps to identify and fix the vulnerability, the situation deteriorated, leading to CertiK’s public disclosure. The timeline of events began with the initial discovery on June 5 and included significant tests, such…

Leave a Reply

Your email address will not be published. Required fields are marked *

Filed under: News - @ June 20, 2024 4:10 am