Kraken Recovers $3 Million from Certik Following Bounty Fiasco
Nick Percoco, Kraken’s chief security officer, reported that the crypto exchange had regained the $3 million stolen from its account after a bug vulnerability was exploited. On June 20, Percoco declared on X (previously Twitter) that the exchange had obtained this money. The reference did not mention the source, although earlier reports referred to the company as the potential connection in question.
What Happened?
Released on X on June 19, a statement was issued by Certik, saying that their personnel informed Kraken about a critical software flaw had been discovered in the exchange’s network account system. This loophole was dangerous because it might have allowed scammers to make millions in digital earnings out of Kraken.
They surprisingly did so and withdrew $3 million out of the account at Kraken using the said bug. They then requested for the bug bounty to be provided by the exchange for their enviable talent and told the Binance founder about it.
They have been given some time to send back the funds but the employees of the firms did not return the money, according to Kraken and Certik’s statements. The security research firm that is accused of blackmailing the operators instead of being white ship hackers answered by calling Kraken’s operation team the executioners that had coerced several employees to pay all the crypto back in a short time or find themselves working at other companies, which moreover did not provide them with repayment addresses.
Certik Offered to Return Funds
In a follow-up statement on X, Certik expressed willingness to transfer the stolen money to a wallet that Kraken could use. They said:
“As Kraken has not disclosed the refund addresses and the amount they asked for was wrong, we are going to send the funds according to our list to an account that later will be able to be retrieved by Kraken.”
The exchange is confirmed on Thursday that Kraken regained the fund, but only a little money was lost to fees. Kraken reassured its customers that there were no lost user funds during the bug embarrassment.
The occurrence shows the unceasing problems and intricacies of the cryptocurrency industry and the challenges arising in finding and managing weaknesses in security of exchanges and tokens.