CertiK Faces Fallout After Confessing $3 Million Heist From Kraken, What’s Next?


Cryptocurrency
exchange
Kraken
has
announced
that
it
has
fallen
victim
to
a
major
security
flaw
that
has
resulted
in
the
theft
of
$3
million
worth
of
digital
assets.
However,
in
a
surprising
turn
of
events,
the
party
responsible
has
been
identified
as
CertiK.
This
blockchain
security
firm
claims
to
have
initially
reported
the
bug
through
Kraken’s
bug
bounty
program.


CertiK
is
now
accused
of
exploiting
additional
vulnerabilities
and
extorting
the
exchange
for
more
money,
leading
to
calls
for
legal
action
and
concerns
among
crypto
investors.

How To Get Free Crypto  


Kraken
Security
Flaws
Exposed


The
incident
unfolded
when
Kraken’s
Chief
Security
Officer,
Nick
Percoco,


revealed


that
the
exchange
had
received
a
bug
report
on
June
9
from
a
self-described
security
researcher.
The
researcher
claimed
to
have
discovered
an
“extremely
critical”
bug
that
allowed
them
to
inflate
their
balance
on
the
platform
artificially. 


Upon
further
investigation,
CertiK,
which
admitted
its
involvement
in
the
incident
in
its


social
media
post
,
uncovered
several
critical
vulnerabilities
in
Kraken’s
systems
that
could
potentially
result
in
losses
of
hundreds
of
millions
of
dollars.


Related
Reading


CertiK’s
findings
revealed
shortcomings
in
Kraken’s
deposit
system,
indicating
a
failure
to
differentiate
between
internal
transfer
statuses.
Furthermore,
CertiK’s
testing
revealed
that
Kraken
failed
all
these
tests,
exposing
the
compromised
state
of
Kraken’s
defense-in-depth
system.


According
to
CertiK,
“millions
of
dollars”
could
be
deposited
into
any
Kraken
account,
and
a
substantial
amount
of
fabricated


cryptocurrency


(worth
over
$1
million)
could
be
withdrawn
and
converted
into
valid
digital
assets. 


The
security
firm
also
claimed
that
no
alerts
were
triggered
during
a
“multi-day
test
period”
and
that
Kraken
only
responded
and
blocked
the
test
accounts
days
after
the
incident
was
officially
reported. 

Coinbase Banner  


Following
the
identification
of
the
vulnerability,
CertiK
alleges
that
Kraken’s
security
operations
team
“threatened”
individual
CertiK
employees,
demanding
the
repayment
of
a
“mismatched”
amount
of
cryptocurrency
within
an
“unreasonable
time
frame,”
without
providing


repayment
addresses


However,
Kraken’s
Percoco
countered
that
they
had
requested
a
full
accounting
of
the
then-unknown
company’s
activities
and
the
return
of
the
withdrawn
funds.
Percoco
argued
that
CertiK’s
refusal
to
comply
with
these
requests
violated
the
rules
of
ethical
hacking
and
bordered
on
extortion.


Will
CertiK
Face
Legal
Repercussions? 


The
revelation
of
this
incident
has
raised
surprise
and
concerns
within
the
cryptocurrency
community,
leading
to
calls
for
legal
action
against
CertiK. 


One
user


accused


CertiK
of
stealing
the
$3
million
funds
from
Kraken,
holding
it
ransom
for
a
bounty,
refusing
to
return
the
funds,
and
now
transferring
the
money
to
Tornado.cash
to
protect
it
from
potential
seizure
by
authorities. 

FreeBitcoin Banner  


Coinbase’s
Director,
Conor
Grogan,


pointed
out


that
Tornado.cash
is
subject
to
the
Office
of
Foreign
Assets
Control
(OFAC)
sanctions
and
highlighted
CertiK’s
US
domicile,
hinting
at
potential
legal
repercussions
by
US
agencies.


Market
expert
Adam
Cochran
also
weighed
in,

astonished at
CertiK’s
actions
and
highlighting
the
firm’s
history
of
compromised
audits.
Cochran
went
further
to
describe
the
situation
as
“Down
right
criminal.”


Related
Reading


The
next
steps
taken
by
Kraken
and
potential
consequences
for
CertiK
are
yet
to
be
seen.
However,
the
involvement
of
US
agencies
and
potential


legal
actions


loom
over
the
security
firm. 


The
unfolding
developments
in
this
case
will
undoubtedly
shape
the
future
of
bug
bounty
programs
and
impact
the
relationship
between
cryptocurrency
exchanges
and
security
firms.

The
daily
chart
shows
the
total
crypto
market
cap’s
valuation
at
$2.3
trillion.
Source:

TOTAL
on
TradingView.com


Featured
image
from
Shutterstock,
chart
from
TradingView.com

Go to Source
Author: Ronaldo Marquez


Recommended Crypto Services, Products and Strategies:

The first thing any crypto investor needs is is a reliable and secure Crypto Wallet.  Whether you’re looking for an online wallet, hardware wallet, desktop or mobile wallet, Crypto Renegade provides you with all the Best Crypto Wallets in each category.

Best Crypto Wallets Banner

When you’re ready to buy more crypto, or exchange your coins for others, Crypto Renegade’s list of the Best Crypto Exchanges has you covered.  The Crypto Exchanges recommended here offer everything from simplicity and convenience to advanced trading platforms and profit sharing. 

Best Crypto Exchanges Banner

If you want to learn more about the methods and tools that can be used to find Great Crypto Projects, then be sure to check out Crypto Renegade’s strategy for How To Find The Best Cryptocurrency.

Crypto Strategy Banner

For those people that don’t have any money to invest right now, or just want to understand the technology a bit more, you’ll definitely want to check out Crypto Renegade’s Free Crypto Strategy and start collecting Free Coins today!

Free Crypto Banner

What do you think about cryptocurrency? Do you have any questions about it? Be sure to leave a comment below.

You May Also Like

More From Author

This site uses Akismet to reduce spam. Learn how your comment data is processed.