Friend
Professional
- Messages
- 2,653
- Reaction score
- 850
- Points
- 113
One vulnerability divided the crypto community into two sides of the dispute.
Information security company CertiK has publicly confirmed its involvement in the incident with the Kraken crypto exchange, which previously accused a certain "security researcher" of stealing $3 million in cryptocurrency.
On June 19, CertiK announced that it had notified Kraken of a vulnerability that allowed millions of dollars to be withdrawn from the exchange's accounts. A Kraken spokesperson then claimed that an unnamed security team (which turned out to be CertiK at the time) was allegedly engaged in "extortion," demanding a reward for fixing the vulnerability.
After that, CertiK noted that Kraken representatives began to threaten the company's employees, demanding to return the funds in an unreasonably short time, without providing an address for the transfer. CertiK decided to go public about the incident, highlighting its commitment to user security in Web3.
The company also published a chronology of events: from the discovery of a vulnerability on June 5 to threats against one of the employees on June 18. CertiK said it is ready to transfer funds to an account that Kraken can access.
The reaction of the cryptocurrency community to the incident was mixed. Many users sided with Kraken, stating that CertiK's actions do not correspond to the behavior of "white" hackers whose activities are aimed at identifying and fixing security vulnerabilities. At the same time, it remains unclear whether Kraken has grounds for filing a lawsuit against CertiK.
Kraken security representative's accusations (left) and CertiK's response (right)
In June, the popular crypto exchange Kraken reported the theft of $3 million due to a critical zero-day vulnerability that was discovered by an unnamed security researcher and "quietly" exploited it himself. Nick Perkoko, chief security officer at Kraken, said that the vulnerability allowed an unscrupulous researcher to artificially increase the balance on the platform.
Source
Information security company CertiK has publicly confirmed its involvement in the incident with the Kraken crypto exchange, which previously accused a certain "security researcher" of stealing $3 million in cryptocurrency.
On June 19, CertiK announced that it had notified Kraken of a vulnerability that allowed millions of dollars to be withdrawn from the exchange's accounts. A Kraken spokesperson then claimed that an unnamed security team (which turned out to be CertiK at the time) was allegedly engaged in "extortion," demanding a reward for fixing the vulnerability.
After that, CertiK noted that Kraken representatives began to threaten the company's employees, demanding to return the funds in an unreasonably short time, without providing an address for the transfer. CertiK decided to go public about the incident, highlighting its commitment to user security in Web3.
The company also published a chronology of events: from the discovery of a vulnerability on June 5 to threats against one of the employees on June 18. CertiK said it is ready to transfer funds to an account that Kraken can access.
The reaction of the cryptocurrency community to the incident was mixed. Many users sided with Kraken, stating that CertiK's actions do not correspond to the behavior of "white" hackers whose activities are aimed at identifying and fixing security vulnerabilities. At the same time, it remains unclear whether Kraken has grounds for filing a lawsuit against CertiK.
Kraken security representative's accusations (left) and CertiK's response (right)
In June, the popular crypto exchange Kraken reported the theft of $3 million due to a critical zero-day vulnerability that was discovered by an unnamed security researcher and "quietly" exploited it himself. Nick Perkoko, chief security officer at Kraken, said that the vulnerability allowed an unscrupulous researcher to artificially increase the balance on the platform.
Source
