IB-company Certik has confirmed its involvement in the incident with Kraken crypto accounts, responding to accusations made by the exchange. On June 19, Certik acknowledged that Kraken had reported a vulnerability that led to the unauthorized access of millions of dollars from exchange accounts. Kraken alleged that a security team, later revealed to be Certik, engaged in extortion by demanding a reward for fixing the vulnerability.
Following this, Certik claimed that Kraken representatives began threatening their employees, demanding the funds be returned within an unreasonably short timeframe without providing an appropriate transfer address. In response, Certik opted to address the issue publicly to ensure the safety of users in Web3.
Certik also released a timeline of events, starting from the discovery of the vulnerability on June 5 to the threats made to an employee on June 18. The company expressed its willingness to transfer the funds to an account accessible by Kraken.
The reaction from the cryptocurrency community regarding the incident has been mixed. While some users have sided with Kraken, questioning Certik’s actions, others have pointed out that the behavior of “white” hackers should focus on identifying and rectifying security vulnerabilities. It remains unclear whether Kraken plans to pursue any legal action against Certik.
In a separate development, Kraken announced in June the theft of $3 million due to a critical zero-day vulnerability that was exploited by an unnamed security researcher. The security flaw allowed the researcher to artificially inflate balances on the platform, leading to the unauthorized access and transfer of funds.
| Accusations from Kraken Security Service (left) and Certik’s response (right) |
|---|