Audit Firm Accused of SelfTheft CertiK Allegedly Exploits Kraken Exchange Vulnerability and Engages in Malicious Extortion

US cryptocurrency exchange Kraken recently disclosed that a hacker claiming to be a security researcher exploited a severe vulnerability on its platform and stole digital assets worth $3 million, engaging in extortion. The researcher reported the vulnerability on June 9 but instead of protecting the funds, they used the loophole to extract funds from Kraken’s finances.

Kraken’s Chief Security Officer, Nick Percoco, revealed that the researcher and their two associated accounts used the loophole to extract over $3 million. After exploiting the vulnerability, the researcher demanded a reward for the stolen funds before agreeing to return them. Percoco stated in a June 19th post on X that this behavior is not that of a white hat hacker but rather extortion.

In response to these events, Kraken emphasized that the stolen cryptocurrencies originated from its exchange treasury and that no user funds were affected.

In regards to this, security auditing company CertiK directly acknowledged on the X platform that the security researcher mentioned by Kraken is one of CertiK’s white hat hackers. CertiK argued that after successfully identifying and fixing the vulnerability, Kraken’s security operations team threatened CertiK’s individual employees with unreasonable repayment of unmatched amounts of cryptocurrencies, even without providing a repayment address.

However, when the community began to delve deeper into the incident, it was discovered that after the attacker stole funds from Kraken, they actually deposited a portion of the funds into a mixing service, which does not seem like typical behavior for a clean-cut white hat hacker.

Additionally, blockchain detective 0xBoboShanti pointed out that an address previously publicly disclosed by a CertiK security researcher had already been probed and tested on May 27, contradicting CertiK’s timeline of events.

The conclusion of this incident has yet to be reached, but considering all the information, the overall sentiment seems to be unfavorable towards CertiK.

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

Successful Conclusion of CoinEx Taiwan’s 7th Anniversary Celebration, Embracing the Arrival of the Web3 Era Hand in Hand with Users

Since its establishment in 2017, CoinEx has been a professional cryptocurrency trading pla…