Kraken recovers funds after the saga with CertiK, researchers tell their version – DiarioBitcoin

By Hannah Perez

The saga of the white hat hack that extracted USD $3 million in cryptocurrencies from Kraken ends. CertiK, who was responsible for the feat, rejected the accusations of extortion and told his version of the events.

***

• Kraken recovered nearly $3 million in cryptocurrency lost in a white hat hack
• CertiK researchers identified themselves as those responsible and told their version of the events
• They rejected extortion accusations and said the exchange “threatened” an employee
• The saga ended after funds were diverted in a questionable direction

---

The cryptocurrency exchange Kraken has officially recovered nearly USD $3 million in cryptocurrencies that were mined on the platform in a controversial hacking exploit from “White hat“.

In a statement yesterday, the company had informed its customers about the resolution of a vulnerability in its systems. The fix was implemented after external security researchers alerted Kraken about the fault. Despite the warning, the exchange was not happy and refused to make a bounty.

In a lengthy message thread, Nick Percoco, director of security at Krakenaccused ethical hackers of “extort” to the company and assured that they refused to return USD $3 million that were withdrawn taking advantage of the system failure.

Kraken calls himself a victim of extortion

Percoco told the story in great detail, indicating that the investigators had not acted following the protocols expected for this type of case, while questioning the intentions and expressing his rejection of the actions taken by the group; although at no time did he reveal who or who were involved.

In particular, the revealed security issue would have allowed users to artificially increase the balance value of their accounts in Kraken without completing a deposit. The company assured that although this flaw was exploited by the group of external researchers, no client funds had been compromised and that everything was resolved.

The director of Kraken noted that the exchange was treating the million-dollar loss as a “Criminal case” in one of his posts, coordinating efforts with the police to recover funds. But the stoy did not end there.

CertiK defends himself against accusations

Shortly after the information became known, the security firm’s team Blockchain, Certik, was identified as the person responsible behind the exploitation. The investigators defended themselves against the accusations, claiming that Kraken there was “threatened“ to the company’s employees. They further stated that the total value of the funds demanded by the exchange “didn’t match“.

CertiK He also argued that he had been given too little time to return the allegedly stolen funds.

“Following the first successful conversions to identify and fix the vulnerability, Kraken’s security operations team has THREATENED individual CertiK employees to refund an INCOMPARABLE amount of cryptocurrency in an UNREASONABLE amount of time even WITHOUT providing payment addresses”, wrote CertiK.

The security company published a chronology of events, beginning with the identification of the vulnerability on June 5 and ending with the alleged threat to an employee on June 18. The team also promised to transfer the funds “to an account that Kraken will be able to access“, rejecting accusations that he refused to return the coins.

Likewise, security experts, who have previously identified errors on other platforms, addressed the allegations about their lack of professionalism and the large amount of money they extracted to test the vulnerability.

“The real question should be why Kraken’s deep defense system failed to detect so many test transactions“, he claimed CertiK in response to a statement and justifying that the million-dollar sum was necessary to test the limits of the exchange. “This is actually what we were testing.“.

Cryptocurrencies return to their origin

In the midst of the dispute, the saga took an unexpected turn on Thursday afternoon, when it was reported that supposedly CertiK had sent part of the mined cryptocurrencies to the decentralized exchange Tornado Cash, apparently in an effort to safeguard assets. The movement caused controversy, especially due to the sanctions against that tool.

The security firm meanwhile alleged in its security account x that he had returned the funds to Kraken, specifically detailing the amounts sent for each token. However, that company initially denied receiving the coins.

The saga seems to be finally behind us now that Percoco confirmed this Thursday on its account x that Kraken actually received the cryptocurrencies. “Update: We can now confirm that the funds have been returned (minus a small amount lost to fees)”, he wrote, without specifying the sum.

He did not say whether a reward was given to CertiK for his feat.

It is worth noting that they are known as “hackers”.White hat” to security experts who engage in exploitation practices or technical manipulation of systems with the objective of identifying vulnerabilities. Cryptocurrency companies often have “Bug Bounty” programs to reward these technicians for their contributions.

---

Article by Hannah Estefanía Pérez / DailyBitcoin

Picture of Unsplash

WARNING: This is an informative article. DiarioBitcoin is a media outlet, it does not promote, endorse or recommend any particular investment. It is worth noting that investments in cryptoassets are not regulated in some countries. They may not be suitable for retail investors as the entire amount invested could be lost. Check the laws of your country before investing.