loader image
    Crypto

    Kraken Recovers Nearly $3 Million in Digital Assets Amid CertiK Extortion Allegations

    By Updated:No Comments3 Mins Read

    Kraken Recovers Nearly $3 Million in Digital Assets Amid CertiK Extortion Allegations

    Cryptocurrency exchange Kraken confirmed the recovery of nearly $3 million in digital assets from blockchain security firm CertiK, following a contentious dispute involving extortion allegations related to a white-hat hack.

    Kraken’s Chief Security Officer Nick Percoco announced on X that the funds had been returned, minus the amount spent on transaction fees.

    The recovery follows the initial report on June 19, where Kraken disclosed that a “security researcher” had maliciously withdrawn $3 million from the exchange’s treasury after identifying and disclosing a bug.

    Kraken alleged that the researcher had extorted the company, demanding a reward and a meeting with the exchange’s business development team instead of returning the funds.

    CertiK’s Response to Allegations

    In response to Kraken’s accusations, CertiK identified itself as the “security researcher” involved, refuting claims of malicious intent.

    On June 19, CertiK explained in a post on X that it had informed Kraken of an exploit that enabled the withdrawal of millions of dollars from the exchange’s accounts. CertiK accused Kraken of threatening its employees and demanding repayment within an unreasonable time frame, without providing necessary repayment addresses.

    CertiK released a detailed timeline of events, starting from the identification of the exploit on June 5, to clarify its actions and intentions.

    According to CertiK, the decision to withdraw nearly $3 million was to test Kraken’s security limits and risk controls.

    Despite extensive testing over several days, CertiK claimed that no security alerts were triggered by Kraken’s systems.

    The Dispute Over $3 Million

    Percoco had initially stated that a single malicious transfer worth just $4 would have sufficed to prove the bug and earn a reward from Kraken’s bounty program.

    However, CertiK withdrew nearly $3 million, which they justified as necessary for testing Kraken’s security measures comprehensively.

    CertiK insisted that they never requested a bounty; rather, Kraken mentioned their bounty program first.

    CertiK’s priority, according to their statements, was to ensure the vulnerability was fixed, not to claim a reward.

    For more Web3 news, check out the XGA newsfeed.

    Share.

    Related Posts

    Add A Comment

    Leave A Reply