The post CertiK returns funds on its own terms after hacking Kraken for $3M appeared on BitcoinEthereumNews.com.

Notorious crypto audit firm CertiK’s security ‘researchers’ spent five days gaming Kraken’s systems before alerting the exchange, according to public statements from both companies Facing significant backlash from the crypto security community, CertiK claims to have returned the funds, despite apparently not having been provided with a repayment address. Although both companies have provided detailed statements on their own versions of events, some questions remain on both sides. Kraken’s chief security officer Nick Percoco took to X (formerly Twitter) to describe the highly irregular nature of the disclosure. The initial communication reported having generated a $4 discrepancy, which Percoco says would have been sufficient to qualify for Kraken’s bug bounty program. Kraken Security Update: On June 9 2024, we received a Bug Bounty program alert from a security researcher. No specifics were initially disclosed, but their email claimed to find an “extremely critical” bug that allowed them to artificially inflate their balance on our platform. — Nick Percoco (@c7five) June 19, 2024 Read more: Crypto security firms more concerned with social media clout than the details On further inspection, however, it soon became clear that almost $3 million had been withdrawn via the vulnerability. Shockingly, when asked to disclose further details and organize the return of funds, Percoco says CertiK refused, insisting on negotiating via its business development team. Percoco ends his thread by stating that Kraken is treating the incident as a criminal case, though he neglects to name the company so as not to credit it with the discovery. Some three hours later, CertiK took responsibility. The sequence of events it describes mirrors the ‘hack first, negotiate a bounty later’ approach that has become a standard practice for ‘blackhats’ in decentralized finance (DeFi). CertiK has argued that its investigation aimed to explore Kraken’s internal security alert system, which…

---

Filed under: News - @ June 20, 2024 1:28 pm