Share this text
Cryptocurrency trade Kraken has reclaimed almost $3 million from blockchain safety agency CertiK, concluding a controversial bug bounty challenge.
Kraken’s Chief Safety Officer Nicholas Percoco confirmed the return of the funds, minus transaction charges. The incident started on June 9 when CertiK, figuring out itself as a “safety researcher,” withdrew the funds after discovering a vulnerability in Kraken’s system.
CertiK claimed it exploited the bug to check Kraken’s safety limits, minting near $3 million over a number of days with out triggering alerts. The agency said it by no means initially requested a bounty, contradicting Kraken’s assertion of extortion makes an attempt.
Kraken’s CSO had initially reported the lacking funds on June 19, accusing the then-unnamed researcher of malicious intent and refusing to return the belongings. CertiK countered by alleging threats from Kraken’s safety crew to repay a mismatched quantity inside an unreasonable timeframe.
Whereas each corporations have supplied detailed accounts of the incident, a number of questions stay unanswered on each side.
The incident has additionally raised questions about accountable disclosure practices within the crypto safety sector. CertiK’s actions, which included changing USDT to ETH and sending funds to ChangeNOW, a non-KYC trade, have been scrutinized by trade specialists.
This occasion has additional broken CertiK’s already controversial popularity within the crypto safety group. The agency has confronted criticism for earlier safety checks on initiatives that have been later hacked, and its personal social media account was compromised earlier this 12 months.
Kraken, however, has been criticized by authorities entities such because the SEC for allegedly working as an unregistered securities trade. A listening to is scheduled in the present day, June 20, close to Kraken’s movement to dismiss the SEC’s enforcement motion.
Share this text