News
Blockchain Security Firm Certik Returns $3,000,000 in Leveraged Funds to Cryptocurrency Exchange Kraken
A digital asset security research firm has returned $3 million in funds to cryptocurrency exchange Kraken after an unusual saga following the Bug Bounty program exploit.
YesterdayKraken Security Manager Nick Percoco She said A long X thread reads that the exchange was alerted days ago to the discovery of an “extremely critical” code exploit that allows hackers to artificially inflate their funds.
“Within minutes we discovered an isolated bug. This allowed an attacker, under the right circumstances, to initiate a deposit on our platform and receive funds into their account without fully completing the deposit.
Let’s be clear, no client assets were ever at risk. However, an attacker could actually print assets into their Kraken account over a period of time.”
According to Percoco, the anonymous “security researchers” who discovered the bug acted unprofessionally by returning the exploited funds.
“We have never had issues with legitimate researchers like this and we are always responsive.
In the essence of transparency, today we are disclosing this bug to the industry. We have been accused of being unreasonable and unprofessional for asking “white hackers” to return what they stole from us. Incredible.
As a security researcher, your license to “hack” a company is enabled by following the simple rules of the bug bounty program you are participating in. Ignoring such rules and extorting the company revokes your “hacking license”. It makes you and your company criminals.
We will not reveal this research firm because they do not deserve recognition for their actions. We are treating this as a criminal case and are coordinating with law enforcement accordingly. We are grateful that this issue was reported, but the thinking ends there.”
However today Percoco She said The funds have since been returned to the U.S.-based exchange, although the security chief has still declined to name who returned them.
“Update: We can now confirm that the funds have been returned (minus a small amount lost due to fees).”
Crypto security firm Certik did this claimed responsibility to identify the exploit, turning to social media platform X to tell its side of the story:
“After initial successful conversions in identifying and remediating the vulnerability, the Kraken security operations team THREATENED individual CertiK employees to refund an INCORRECT amount of cryptocurrency in an UNREASONABLE amount of time even WITHOUT providing refund addresses.”
Source: Certik/X
According to Certik, Kraken is avoiding the deeper issues revealed by the company’s audit.
“The fact of Operation Whitehat: millions of dollars of cryptocurrencies were minted from the sky and no real assets of Kraken users were directly involved in our research activities.
Most Serious Security Issue: For several days, with many fabricated tokens generated and withdrawn into valid cryptocurrencies, no risk control or prevention mechanism was activated until reported by CertiK.
The real question should be: why Kraken’s defense-in-depth system failed to detect so many test transactions. Continuous and consistent withdrawals from several test accounts were part of our tests.”
Don’t miss a beat – subscribe to receive email alerts directly to your inbox
Check Price action
Follow us on X, Facebook AND Telegram
surf Hodl’s daily mix
 
Disclaimer: The opinions expressed on The Daily Hodl do not constitute investment advice. Investors should do their due diligence before making any high-risk investments in Bitcoin, cryptocurrency or digital assets. Please note that transfers and transactions are at your own risk and that any losses you may incur are your responsibility. The Daily Hodl does not recommend the purchase or sale of cryptocurrencies or digital assets, nor is The Daily Hodl an investment advisor. Please note that The Daily Hodl participates in affiliate marketing.
Image generated: mid-trip