Nick Percoco, chief security officer at Kraken, confirmed that the cryptocurrency exchange recently recovered funds stolen from its account after a security vulnerability.
On June 20, Percoco posted on X that the exchange was able to recover these funds. Although Kraken CSOs did not say where the disclosure was made, previous revelations have identified the security research company involved in the fiasco as Certik.
Kraken accused the security research company of being behind the accounts that stole money from the stock exchange's treasury after discovering an error.
What happened?
Published by Certic A statement on
Specifically, Certic said the vulnerability would have allowed exploiters to mint millions of digital assets from Kraken.
Interestingly, the research company's employees proceeded to withdraw $3 million from Kraken, exploiting the same vulnerability. Then they demanded that the stock exchange respect the error reward.
According to Kraken and Certik's post, the aforementioned employees did not return the money when asked to do so.
“After successful initial transfers to identify and fix the vulnerability, Kraken’s security operations team threatened individual CertiK employees with an unreasonable amount of cryptocurrency payments without even providing payment addresses,” the platform noted.
Kraken called this extortion “honest actions” by white hat hackers.
Certik offered a refund
Later, Certik posted on X that it would move said funds to a wallet accessible to Kraken.
Her statement He said:
“Since Kraken did not provide payment addresses and the amount requested did not match, we are transferring the funds based on our records to an account that Kraken will have access to.”
Kraken confirmed on Thursday that it had recovered the funds, with a small amount lost due to fees. In a previous report, Kraken told customers that no user funds were lost during the bug failure.