Live Chat

Crypto News

Cryptocurrency News 4 months ago
ENTRESRUARPTDEFRZHHIIT

Kraken Retrieves $3M Lost to CertiK in a High-Profile Bug Bounty Exploit

Algoine News
Summary:
The digital currency exchange, Kraken, has retraced nearly $3 million lost due to a bug bounty exploit. The saga began when an unknown "security researcher", later identified as security firm CertiK, dishonestly withdrew the funds by exploiting a bug. The firm claimed it was merely testing Kraken's risk controls. While CertiK denied asking for a bounty, Kraken claims that the firm only agreed to return the funds in exchange for a reward and a meeting with Kraken's executives. All reclaimed funds, excluding transaction fees, are now secured, according to Kraken.
The popular crypto exchange platform, Kraken, has successfully recovered nearly $3 million worth of digital assets that were illicitly withdrawn due to a renowned bug bounty exploit. This achievement follows a saga involving Kraken and cybersecurity company, CertiK that began on June 9th. Nicholas Percoco, Kraken's Chief Security Officer, authenticated the retrieval of the digital funds (excluding transaction fees) in a statement on June 20th. Percoco first revealed the situation on June 19th, stating that a self-styled "security researcher" had dishonestly extracted the digital funds from Kraken's treasury, having found and disclosed a bug previously unknown to the exchange. Kraken then alleged financial blackmail by the researcher who refused to return the stolen assets unless given a reward and a discussion with its business development team. The plot thickened when blockchain security firm CertiK came out as the said "security researcher" that Kraken accused of snatching away $3 million in digital assets. In its own report on June 19th, CertiK said it had acquainted Kraken with a flaw that allowed it to funnel out substantial sums from Kraken's coffers. CertiK also hit back at Kraken alleging there had been threats made against its personnel by team-members from Kraken. CertiK delineated a chronology of events, starting from discovering the exploit on June 5, and climaxing with accusations of Kraken threatening one of CertiK's staff on June 18. Stating its intention to Cointelegraph, CertiK expressed plans of transferring the funds to a secure account to which Kraken has access. On the question of why CertiK siphoned almost $3 million, Kraken's CSO initially contended that a single malicious transfer of just $4 would have sufficed to demonstrate the bug and claim an ample reward under Karken's bounty scheme. Contrarily, CertiK retaliated stating that it had removed nearly $3 million to test Kraken's risk controls and protection ceilings. CertiK emphasizes that it never asked for a bounty and it was Kraken who brought up the bounty offer. It also noted that at no point were Kraken user funds at risk because the compromised funds were "minted out of air".

Published At

6/20/2024 5:30:31 PM

Disclaimer: Algoine does not endorse any content or product on this page. Readers should conduct their own research before taking any actions related to the asset, company, or any information in this article and assume full responsibility for their decisions. This article should not be considered as investment advice. Our news is prepared with AI support.

Do you suspect this content may be misleading, incomplete, or inappropriate in any way, requiring modification or removal? We appreciate your report.

Report

Fill up form below please

๐Ÿš€ Algoine is in Public Beta! ๐ŸŒ We're working hard to perfect the platform, but please note that unforeseen glitches may arise during the testing stages. Your understanding and patience are appreciated. Explore at your own risk, and thank you for being part of our journey to redefine the Algo-Trading! ๐Ÿ’ก #AlgoineBetaLaunch