Kraken Recovers Nearly $3 Million in Digital Assets Amid CertiK Extortion Allegations
Cryptocurrency exchange Kraken confirmed the recovery of nearly $3 million in digital assets from blockchain security firm CertiK, following a contentious dispute involving extortion allegations related to a white-hat hack.
Kraken’s Chief Security Officer Nick Percoco announced on X that the funds had been returned, minus the amount spent on transaction fees.
The recovery follows the initial report on June 19, where Kraken disclosed that a “security researcher” had maliciously withdrawn $3 million from the exchange’s treasury after identifying and disclosing a bug.
Kraken alleged that the researcher had extorted the company, demanding a reward and a meeting with the exchange’s business development team instead of returning the funds.
Update: We can now confirm the funds have been returned (minus a small amount lost to fees). https://t.co/cHkjPt3m2A
— Nick Percoco (@c7five) June 20, 2024
CertiK’s Response to Allegations
In response to Kraken’s accusations, CertiK identified itself as the “security researcher” involved, refuting claims of malicious intent.
On June 19, CertiK explained in a post on X that it had informed Kraken of an exploit that enabled the withdrawal of millions of dollars from the exchange’s accounts. CertiK accused Kraken of threatening its employees and demanding repayment within an unreasonable time frame, without providing necessary repayment addresses.
CertiK released a detailed timeline of events, starting from the identification of the exploit on June 5, to clarify its actions and intentions.
According to CertiK, the decision to withdraw nearly $3 million was to test Kraken’s security limits and risk controls.
Despite extensive testing over several days, CertiK claimed that no security alerts were triggered by Kraken’s systems.
The Dispute Over $3 Million
Percoco had initially stated that a single malicious transfer worth just $4 would have sufficed to prove the bug and earn a reward from Kraken’s bounty program.
However, CertiK withdrew nearly $3 million, which they justified as necessary for testing Kraken’s security measures comprehensively.
CertiK insisted that they never requested a bounty; rather, Kraken mentioned their bounty program first.
CertiK’s priority, according to their statements, was to ensure the vulnerability was fixed, not to claim a reward.
For more Web3 news, check out the XGA newsfeed.
Institutional Interest in Bitcoin ETFs Surges as Market Dynamics Shift Institutional interest in Bitcoin (BTC)…
MIMOS Berhad Partners with Worldcoin Foundation and MyEG MIMOS Berhad, the applied research and development…
Manchester City and OKX Launch ‘Unseen City: Echoes of Blue’ Virtual Escape Room Manchester City…
Donald Trump Jr. Announces Plans to Launch DeFi Platform to Address Banking Inequality Donald Trump…