Cryptocurrency exchange Kraken says it has recovered its money from “security researchers” who took $3 million from the platform this year.
“Update: We can now confirm the refund (minus a small amount missing due to fees)” chirp Nick Percoco, Kraken's chief security officer, said on Thursday.
Kraken gets its money back
Although Kraken initially declined to identify the culprits, blockchain security experts at CertiK did They went out themselves on Wednesday as those behind the hack.
Earlier that day, Percoco revealed that Kraken had recently patched a bug that allowed technically sophisticated individuals to artificially inflate their balance on the platform, allowing them to steal virtually any amount of money from the exchange since January.
CertiK experts informed them of the vulnerability in June, but not before draining $3 million from Kraken's vault as evidence. “Within a few hours, the problem was completely fixed and could not happen again,” Percoco explained, noting that “no client assets were ever at risk.”
While CertiK described its actions as a “white hat” operation to help bolster Kraken’s security, the way the company went about its actions did not sit well with Kraken nor the broader cryptocurrency community.
This includes failing to follow Kraken's standard Whitehat Rewards Program procedures, such as not immediately returning all funds once stolen, and arguably stealing far more money than necessary to prove the vulnerability.
When CertiK was asked to return the funds, it explicitly refused until it was provided with an estimate of how much money was at risk if the company did not identify the vulnerability, according to Kraken.
CertiK's explanation of the hack
By contrast, CertiK said it “consistently assured them that we would return the money.”
“Kraken’s security operations team threatened individual CertiK employees with unreasonable payments of an unmatched amount of cryptocurrency without even providing payment addresses,” CertiK protested on Twitter.
Company Certain On Thursday, all the funds were returned, but in a different cryptocurrency amount than what Kraken requested. It also justified the scale of its attack as necessary to test Kraken's maximum alerts and risk controls – which never went off after losing millions.
“We never mentioned any reward request,” Sertic added. “Kraken was the first to mention their bounty to us, while we responded that the bounty was not a priority issue and we wanted to make sure the issue was fixed.”
Free Binance $600 (Exclusively for CryptoPotato): Use this link to register a new account and get an exclusive $600 welcome offer on Binance (Full details).
BYDFi Exchange 2024 Limited Offer: Welcome Bonus up to 2,888 USD, use this link to register and open a position worth 100 USDT-M for free!