As a long-term crypto investor with a background in cybersecurity, I find the recent developments between Kraken and CertiK troubling. The alleged theft of nearly $3 million worth of digital assets by CertiK, as claimed by Kraken, raises serious questions about the ethics and professionalism of some in the security research community.
CertiK, a leading blockchain security company, has acknowledged being implicated in the theft of approximately $3 million in digital assets that Kraken alleges took place.
Approximately two weeks ago, Kraken experienced a significant cyberattack resulting in nearly $3 million in losses. The cryptocurrency exchange responded by viewing this occurrence as a potential crime and initiated collaboration with relevant law enforcement bodies to investigate further.
The Kraken Attack
On June 9th, Kraken, a well-known cryptocurrency exchange, announced that it had suffered from a security breach, resulting in a loss of approximately $3 million in assets. As reported by Kraken’s Chief Security Officer, Nicholas Percoco, the incident involved a security researcher who claimed to have discovered a severe bug that enabled them to inflate their own balance on the platform unnaturally through Kraken’s bug bounty program.
On the 9th of June, 2024, we were notified through our bug bounty program about a reported issue from a security expert. The details of the problem were not initially shared, but they mentioned discovering a “highly critical” flaw enabling them to inappropriately boost their account balance on our system.
As a researcher, I uncovered an intriguing finding during my examination of recent security incidents on Kraken. Upon closer inspection, we identified a solitary glitch that bestowed undeserved privileges upon a malicious actor. This flaw enabled them to instigate deposits and subsequently acquire funds in their account, bypassing the requirement for completing the deposit process. The root cause of this vulnerability could be traced back to a recent user experience modification on Kraken. Maliciously, the attacker was able to “counterfeit assets” within their Kraken account.
CertiK Identifies Itself As Security Researcher
As a crypto investor, I’d put it like this: A few days ago, I came across a troubling announcement. Blockchain security firm CertiK admitted to being the one responsible for the recent $3 million digital asset theft from Kraken’s platform. In a post on their official X channel, they explained that they had brought an exploit to Kraken’s attention beforehand – one that unfortunately allowed them to take millions from the exchange’s accounts.
As a crypto investor, I’ve closely followed the recent developments at KrakenFX exchange. To my concern, I came across critical vulnerabilities highlighted by CertiK that could potentially result in significant losses, reaching hundreds of millions of dollars. Upon recognizing this issue, I promptly contacted Kraken to bring it to their attention. Their security team acknowledged the severity of the matter and classified it as Critical – the most serious level in Kraken’s classification system.
The security team at Kraken reportedly made intimidating statements towards the staff of the blockchain verification company, CertiK.
“Following initial victories in discovering and rectifying a vulnerability, Kraken’s security team has reportedly pressured CertiK employees to reimburse an incongruous amount of cryptocurrency within an unrealistic timeframe. Without disclosing repayment addresses, this demand raises concerns. In the interest of openness and our dedication to the Web3 community, we are making this information public to safeguard all users’ security. We strongly urge Kraken to abandon any intimidation tactics against ethical hackers.”
CertiK also posted a timeline of events, beginning with identifying the exploit on June 5 and ending with Kraken threatening CertiK employees on June 18. The security firm added that it would also transfer the funds to an account that Kraken would be able to access.
Crypto Community Supporting Kraken
Many members of the cryptocurrency community expressed approval towards Kraken, as they believed Certik’s behavior deviated from the usual practices of ethical hackers. Nevertheless, there is uncertainty regarding whether Kraken intends to initiate a lawsuit or possesses sufficient reasons for doing so.
As an analyst, I’ve uncovered some troubling news. Certik, the security firm in question, has confessed to having stolen from Kraken and is currently attempting to extort them for additional funds. Considering the frequency of hacking incidents associated with Certik audits, this revelation comes as a shock. It’s astonishing that such a company, with a record of security breaches, continues to operate. This behavior borders on criminal activity.
As a crypto investor, I’ve kept a close eye on the findings of CertiK, a well-known security audit firm. They’ve previously flagged substantial vulnerabilities within the Wormhole Bridge and Telegram app. In the unfortunate year of 2023, these issues reportedly led to approximately $1 billion in digital assets being misappropriated due to illegal activities.
Read More
- Cookie Run Kingdom Town Square Vault password
- Pi Network’s Grand Migration: 10 Million and Counting!
- Maiden Academy tier list
- Cuddly Cats Take Over in the Wildest Night of the Living Dead Remake!
- Kingdom Come Deliverance 2: Lion’s Crest DLC Quest Guide
- After The Odyssey’s First Look At Matt Damon’s Odysseus, Fans Think They’ve Figured Out Who Tom Holland Is Playing
- Former ‘Bachelorette’ Star Katie Thurston Reveals Breast Cancer Diagnosis: “Waiting on Learning What Stage”
- Nicky Campbell, Rising Fashion Influencer, Inks With The Jeffries for Management
- Rick Owens Gives RIMOWA’s Cabin Roller a Bronze Patina
- Alec Baldwin’s TLC Reality Show Got A Release Date And There’s At Least One Reason I’ll Definitely Be Checking This One Out
2024-06-20 12:10