• CertiK revealed itself as the security firm that Kraken accused of extorting the exchange over a security exploit that allowed the removal of $3 million in crypto
• CertiK claimed that Kraken threatened its employees and demanded an unreasonable amount of crypto be repaid within an unreasonable timeframe after CertiK reported the exploit
• CertiK stated it plans to transfer the exploited funds to an account accessible by Kraken, urging the exchange to cease threats against white hat hackers
Cryptocurrency exchange Kraken recently accused an unnamed security firm of extorting them after discovering a vulnerability. The security company has now revealed itself as CertiK, claiming Kraken threatened its employees.
The Exploit
CertiK says it informed Kraken about an exploit that allowed it to remove millions of dollars worth of crypto from Kraken’s accounts. Kraken’s Chief Security Officer said CertiK committed extortion by refusing to return the funds until Kraken paid them an unspecified amount.
CertiK’s Response
CertiK claims that after initially working together to fix the vulnerability, Kraken’s security team threatened individual CertiK employees, demanding they return a mismatched amount of crypto in an unreasonable timeframe without providing repayment addresses. CertiK says they are going public to protect white hat hackers and urges Kraken to stop threatening them.
Returning the Funds
CertiK says they plan to transfer the funds obtained in the exploit to an account Kraken can access. Many crypto users have questioned CertiK’s motives, arguing their actions do not match those of ethical white hat hackers.
The Aftermath
This situation highlights the complex ethics around disclosing and profiting from discovered vulnerabilities. As Kraken and CertiK continue disputing the details, the crypto community awaits further clarity on exactly what transpired between the two firms.
