As a researcher with experience in blockchain security, I find Certik’s recent clarification on the Kraken incident both informative and reassuring. The company’s assertion that no real user funds were affected during their testing activities is an important point to make clear. It’s essential to differentiate between research activities and actual user transactions when evaluating security incidents.
As a security analyst at CertiK, I’d like to shed some light on the recent allegations made by Kraken against us concerning the alleged theft of funds. While we take these accusations seriously, I want to clarify a few key points from our perspective.
In the post X, Certik raised inquiries and responses, initiating with the statement that no real Kraken users’ funds were compromised during their testing procedures. These tests included generating crypto assets as a byproduct, exclusively intended for research, consequently insulating actual user assets from any direct influence.
As a security analyst at CertiK, I can confirm that we were indeed the ones who identified and reported a vulnerability to Kraken. However, it’s important to clarify that our involvement was in the capacity of responsible disclosure – we did not exploit the vulnerability for malicious purposes or steal any digital assets. Instead, we responsibly disclosed the issue to Kraken, giving them an opportunity to address it before any potential harm could be caused. Unfortunately, despite our best efforts, the vulnerability was exploited by an unknown actor before Kraken had a chance to fully patch it, resulting in the loss of $3 million in digital assets from their exchange.
In response to your query about the returned funds and their total amount, CertiK confirms that they have returned all the funds they had in their possession. However, the sum returned may vary slightly from the amount instructed by Kraken. The discrepancy arises due to our records being used as the basis for the return process.
CertiK has repaid the requested funds in the following cryptocurrencies: 29,001 USD Tether, 1,021.1 Monero, and 734.19215 Ethereum. However, Kraken had originally asked for different quantities of various cryptocurrencies: 155,818.4468 Matic Tokens, 907,400.1803 USD Tether, 475.5557871 Ethereum, and 1,089.794737 Monero.
CertiK took approximately five days to thoroughly examine Kraken’s protective measures and risk management systems. Following this assessment, CertiK shared the uncovered vulnerability information with Kraken and kept them updated through various communication channels. Kraken is said to have addressed the issue within 47 minutes of receiving the comprehensive report from CertiK.
Additionally, CertiK didn’t join Kraken’s bounty program at the outset but reached out to Kraken’s executives and CSO Nick via social media and email to share their discoveries.
As a crypto investor, I’d put it this way: “No one from our team initiated the discussion about a bounty. Instead, Kraken brought up their bounty program to us. We made it clear that the priority wasn’t the bounty itself but rather addressing the issue at hand and ensuring its resolution through CertiK.”
After Kraken’s announcement, they added that the funds have been restored, albeit with a minimal fee deduction.
To provide clarity and promote openness, CertiK’s explanations aim to address any raised concerns and ensure transparency during their collaboration with Kraken on testing and disclosure procedures.
Read More
- AI16Z PREDICTION. AI16Z cryptocurrency
- POL PREDICTION. POL cryptocurrency
- Hong Kong Treasury says crypto is not a ‘target asset’ for its Exchange Fund
- Crypto ETPs hit $44.5b in YTD inflows amid Bitcoin surge
- Li Haslett Chen to Leave Warner Bros. Discovery Board
- EXCLUSIVE: Alia Bhatt in talks with Dinesh Vijan for a supernatural horror thriller; Tentatively titled Chamunda
- Blockaid new dashboard to track Web3 activity and threats
- SEN PREDICTION. SEN cryptocurrency
- Kakele Online unleashes its biggest update yet with the Orcs of Walfendah
- PYTH PREDICTION. PYTH cryptocurrency
2024-06-20 16:37