CertiK Faces Fallout After Confessing $3 Million Heist From Kraken, What’s Next?
19 Giugno 2024 - 9:38PM
NEWSBTC
Cryptocurrency exchange Kraken has announced that it has fallen
victim to a major security flaw that has resulted in the theft of
$3 million worth of digital assets. However, in a surprising turn
of events, the party responsible has been identified as CertiK.
This blockchain security firm claims to have initially reported the
bug through Kraken’s bug bounty program. CertiK is now accused of
exploiting additional vulnerabilities and extorting the exchange
for more money, leading to calls for legal action and concerns
among crypto investors. Kraken Security Flaws Exposed The incident
unfolded when Kraken’s Chief Security Officer, Nick Percoco,
revealed that the exchange had received a bug report on June 9 from
a self-described security researcher. The researcher claimed to
have discovered an “extremely critical” bug that allowed them to
inflate their balance on the platform artificially. Upon
further investigation, CertiK, which admitted its involvement in
the incident in its social media post, uncovered several critical
vulnerabilities in Kraken’s systems that could potentially result
in losses of hundreds of millions of dollars. Related Reading:
Whales Dump Over $1 Billion In Bitcoin: Fire Sale Or Foreshadowing?
CertiK’s findings revealed shortcomings in Kraken’s deposit system,
indicating a failure to differentiate between internal transfer
statuses. Furthermore, CertiK’s testing revealed that Kraken failed
all these tests, exposing the compromised state of Kraken’s
defense-in-depth system. According to CertiK, “millions of dollars”
could be deposited into any Kraken account, and a substantial
amount of fabricated cryptocurrency (worth over $1 million) could
be withdrawn and converted into valid digital assets. The
security firm also claimed that no alerts were triggered during a
“multi-day test period” and that Kraken only responded and blocked
the test accounts days after the incident was officially
reported. Following the identification of the vulnerability,
CertiK alleges that Kraken’s security operations team “threatened”
individual CertiK employees, demanding the repayment of a
“mismatched” amount of cryptocurrency within an “unreasonable time
frame,” without providing repayment addresses. However,
Kraken’s Percoco countered that they had requested a full
accounting of the then-unknown company’s activities and the return
of the withdrawn funds. Percoco argued that CertiK’s refusal to
comply with these requests violated the rules of ethical hacking
and bordered on extortion. Will CertiK Face Legal
Repercussions? The revelation of this incident has raised
surprise and concerns within the cryptocurrency community, leading
to calls for legal action against CertiK. One user accused
CertiK of stealing the $3 million funds from Kraken, holding it
ransom for a bounty, refusing to return the funds, and now
transferring the money to Tornado.cash to protect it from potential
seizure by authorities. Coinbase’s Director, Conor Grogan,
pointed out that Tornado.cash is subject to the Office of Foreign
Assets Control (OFAC) sanctions and highlighted CertiK’s US
domicile, hinting at potential legal repercussions by US agencies.
Market expert Adam Cochran also weighed in, astonished at
CertiK’s actions and highlighting the firm’s history of compromised
audits. Cochran went further to describe the situation as “Down
right criminal.” Related Reading: Bitcoin Takes Control In Market
Meltdown, Dominance Climbs To 9-Week Peak The next steps taken by
Kraken and potential consequences for CertiK are yet to be seen.
However, the involvement of US agencies and potential legal actions
loom over the security firm. The unfolding developments in
this case will undoubtedly shape the future of bug bounty programs
and impact the relationship between cryptocurrency exchanges and
security firms. Featured image from Shutterstock, chart from
TradingView.com
Grafico Azioni Sei (COIN:SEIUSD)
Storico
Da Ago 2024 a Set 2024
Grafico Azioni Sei (COIN:SEIUSD)
Storico
Da Set 2023 a Set 2024