We do the research, you get the alpha!
Get exclusive reports and access to key insights on airdrops, NFTs, and more! Subscribe now to Alpha Reports and up your game!
Go to Alpha Reports
The blockchain security firm CertiK stepped forward Wednesday as the entity behind a white-hat hack that the cryptocurrency exchange Kraken has slammed as “extortion.”
Kraken CSO Nick Percoco signaled the exchange was treating a nearly $3 million loss as a “criminal case” earlier in the day, coordinating efforts with law enforcement to recover funds after a group of tech-savvy researchers had exploited an “isolated bug.”
CertiK defended its actions on Twitter (aka X), stating that Kraken had threatened employees at the firm. CertiK stated that the total value of funds that Kraken had demanded back was “mismatched” compared to the crypto it had pilfered as well.
In addition, CertiK argued that it had been given too little time to return the stolen funds.
The previously unnamed researchers were able to steal millions of dollars of crypto from Kraken by withdrawing funds credited to their account before deposits were completed, according to Percoco. The attackers “could effectively print assets,” he wrote.
CertiK stated that it had leveraged the bug multiple times as part of an investigation while trying to assess the scope of Kraken’s security vulnerability. Though the exchange purportedly failed to provide an address for the return of stolen funds, CertiK said it was sending cryptocurrency taken, based on its records, to a digital wallet Kraken could access.
White-hat hacking is often described as an ethical form of technical tampering, done with the goal of identifying vulnerabilities within a given system. A bug bounty submitted in relation to the exploit, however, only disclosed $4 of stolen crypto, Percoco wrote.
On top of that, Percoco claimed that the malicious actor would not agree to return any funds until a dollar amount estimating the exploit’s potential costs was provided.
“Millions [of] dollars of crypto were minted out of [thin] air, and no real Kraken user’s assets were directly involved in our research activities,” CertiK wrote in its defense, echoing Percoco’s assurance that funds had only been lost from Kraken’s treasury.
Taylor Monahan, the former CEO and founder of Ethereum wallet manager MyCrypto, wrote on Twitter that CertiK should be scared of Kraken’s lawyers, damage to its reputation, and how the brouhaha could impact CertiK’s internal culture.
She also pointed out that, because several crypto projects audited by CertiK have fallen victim to exploits in the past, new speculation was spreading online about the possibility of previous inside jobs.
“The real question should be why Kraken’s in-depth defense system failed to detect so many test transactions,” CertiK stated in response to Monahan. “This is indeed what we were testing.”
Edited by Ryan Ozawa.
Daily Debrief Newsletter
Start every day with the top news stories right now, plus original features, a podcast, videos and more.
Source: https://decrypt.co/236152/certik-kraken-extortion-white-hat-hack