Crypto exchange Kraken says it got its money back from the âsecurity researchersâ that took $3 million from the platform this year.
âUpdate: We can now confirm the funds have been returned (minus a small amount lost to fees),â tweeted Nick Percoco, Chief Security Officer for Kraken, on Thursday.
Though Kraken first refused to identify the culprits, blockchain security experts at CertiK outed themselves on Wednesday as the ones behind the hack.
Earlier that day, Percoco revealed that Kraken had recently patched a bug that let technically sophisticated individuals artificially inflate their balance on the platform, effectively letting them steal any amount of money from the exchange since January.
CertiK experts notified them of the vulnerability in June, but not before draining $3 million from Krakenâs Treasury as a demonstration. âWithin a few hours, the issue was completely fixed and could not reoccur again,â Percoco clarified, noting that âno clientâs assets were ever at risk.â
While CertiK characterized its actions as a âwhitehatâ operation to help reinforce Krakenâs security, the way the company went about its actions did not sit well with Kraken nor the wider crypto community.
These include having failed to follow Krakenâs standard whitehat bounty program procedures, such as not immediately returning all funds once stolen, and arguably stealing far more money than necessary to demonstrate the vulnerability.
When asked to return the funds, CertiK explicitly refused until provided with an estimate of how much money was at risk had the company not identified the vulnerability, according to Kraken.
By contrast, CertiK said it had âconsistently assured them that we would return the funds.â
âKrakenâs security operation team has threatened individual CertiK employees to repay a mismatched amount of crypto in an unreasonable time even without providing repayment addresses,â CertiK contested over Twitter.
The company confirmed on Thursday that all funds had been returned, though in a different crypto amount than Kraken had commanded. It also justified the size of its attack as necessary to test the limit of Krakenâs alerts and risk controls â which still never went off after losing millions.
The post Kraken Confirms Return Of Funds From CertiKâs Controversial âWhitehatâ Hack appeared first on CryptoPotato.
âUpdate: We can now confirm the funds have been returned (minus a small amount lost to fees),â tweeted Nick Percoco, Chief Security Officer for Kraken, on Thursday.
Kraken Gets Its Money Back
Though Kraken first refused to identify the culprits, blockchain security experts at CertiK outed themselves on Wednesday as the ones behind the hack.
Earlier that day, Percoco revealed that Kraken had recently patched a bug that let technically sophisticated individuals artificially inflate their balance on the platform, effectively letting them steal any amount of money from the exchange since January.
CertiK experts notified them of the vulnerability in June, but not before draining $3 million from Krakenâs Treasury as a demonstration. âWithin a few hours, the issue was completely fixed and could not reoccur again,â Percoco clarified, noting that âno clientâs assets were ever at risk.â
While CertiK characterized its actions as a âwhitehatâ operation to help reinforce Krakenâs security, the way the company went about its actions did not sit well with Kraken nor the wider crypto community.
These include having failed to follow Krakenâs standard whitehat bounty program procedures, such as not immediately returning all funds once stolen, and arguably stealing far more money than necessary to demonstrate the vulnerability.
When asked to return the funds, CertiK explicitly refused until provided with an estimate of how much money was at risk had the company not identified the vulnerability, according to Kraken.
CertiKâs Explanation For The Hack
By contrast, CertiK said it had âconsistently assured them that we would return the funds.â
âKrakenâs security operation team has threatened individual CertiK employees to repay a mismatched amount of crypto in an unreasonable time even without providing repayment addresses,â CertiK contested over Twitter.
The company confirmed on Thursday that all funds had been returned, though in a different crypto amount than Kraken had commanded. It also justified the size of its attack as necessary to test the limit of Krakenâs alerts and risk controls â which still never went off after losing millions.
The post Kraken Confirms Return Of Funds From CertiKâs Controversial âWhitehatâ Hack appeared first on CryptoPotato.
![[DK]](/data/avatars/s/57/57999.jpg?1720990206){kind=avatar}
