|

CertiK says it's behind Kraken's $3 million bug exploitation

  • Kraken Exchange revealed that its platform suffered a bug-related incident.
  • Two other research accounts involved in locating the bug are in possession of $3 million of the exchange's treasury funds.
  • Certik claims to be behind the extraction, stating that Kraken's defenses were "compromised on several fronts."

Kraken's Chief Security Officer disclosed on Wednesday that the exchange lost at least $3 million in treasury funds due to a now-solved bug. CertiK claimed that its employees were behind the bug discovery, but Kraken is being "unreasonable" about the resolution.

Kraken suffers $3 million ‘white hack’ from CertiK employees

Kraken, one of the oldest crypto exchanges in the world, recently revealed that its platform was subject to a hack that exploited a bug related to funds in its treasury.

Nick Percoco, Kraken's Chief Security Officer, said in an X post on Wednesday that the company received the bug bounty program alert on June 9. The alert followed a report from a security researcher who claimed they had found an extremely crucial bug that "allowed them to artificially inflate their balance" on the platform.

Also read: North Korean hackers leveraged Tornado Cash to launder $147.5 million in stolen crypto funds

However, Kraken's security team quickly investigated the issue, and within a few hours, the bug was fixed without affecting user funds.

According to Percoco, the flaw stemmed from a new UX change that credited clients before their assets cleared. He claimed that the researcher who identified this flaw did not mention that two other accounts had been involved and had altogether extracted nearly $3 million from the platform to prove the security lapse.

Kraken claimed that the hackers refused to return the funds in exchange for the bug bounty, so it opted to involve law enforcement agencies in the case.

Read more: Solana kicks out validators extracting value from users through sandwich attacks

However, in response to Kraken's actions, CertiK, a blockchain auditing firm, claimed in an X post that its employees were responsible for the breach on Kraken.

The firm claims to have tested the exchange's defense system and found faults on several key fronts. The hallmark of CertiK's stance is that the bug was a test to see if Kraken's defenses would sense a breach in its protocol, and after several tests, no alerts were triggered.

"After initial successful conversions on identifying and fixing the vulnerability, Kraken's security operation team has THREATENED individual CertiK employees to repay a MISMATCHED amount of crypto in an UNREASONABLE time even WITHOUT providing repayment addresses," CertiK wrote in an X post.

Also read: US Department of Justice charges brothers for alleged 12-second MEV fraud

CertiK was the subject of criticism from several crypto community members after the reveal, with many claiming it planned to steal the funds. However, CertiK responded:

"The real question should be why Kraken's in-depth defense system failed to detect so many test transactions. Continuous large withdrawals from different testing accounts were a part of our testing."

This adds to a series of hacks and stolen funds from crypto firms in 2024. In the first quarter of 2024, nearly $550 million was stolen by hackers, leading to a total of $19.1 billion of stolen crypto funds over the last 13 years.

Author

Michael Ebiekutan

With a deep passion for web3 technology, he's collaborated with industry-leading brands like Mara, ITAK, and FXStreet in delivering groundbreaking reports on web3's transformative potential across diverse sectors. In addition to

More from Michael Ebiekutan
Share:

Editor's Picks

Ripple and Stellar outlook: XRP and XLM rebound as bearish momentum weakens

Ripple and Stellar trade higher as both altcoins extend their recovery after defending key support levels earlier this week. XRP is up more than 2% so far this week, while XLM has rebounded after finding support around $0.177. Improving derivatives metrics and fading bearish momentum indicators suggest the recovery could extend in the near term.

Crypto Market Overview: Bitcoin eyes 50-day EMA breakout – Ondo, Ether.fi beat the market

The broader cryptocurrency market shows early signs of recovery, with Bitcoin testing a breakout above its 50-day Exponential Moving Average around $65,136. Improving risk appetite has investors turning toward DeFi tokens such as Ondo and Ether.fi that emerge as best performers over the last 24 hours.

Bitcoin bottom may be taking shape as selling pressure eases — Glassnode

Bitcoin's recent recovery may mark the early stages of a bottoming process as macroeconomic data continues to boost investor confidence, according to a Glassnode report on Wednesday. Bitcoin outperformed both US and European equities following the US CPI inflation report on Tuesday, recovering strongly after weeks of trading sideways near recent lows.

Ethereum Price Forecast: ETH rises above $1,900 as BitMine sees improved staking revenue
Ethereum (ETH) treasury firm BitMine Immersion Technologies (BMNR) saw over $45.7 million in staking and validation revenue in the quarter that ended May 31, according to a 10-Q filing with the Securities and Exchange Commission (SEC). That figure represents roughly 98% of the firm's total revenue of $46.5 million, up from $2.05 million over the past year.
Bitcoin: Strategy sells, the market doesn’t care
Bitcoin (BTC) reclaims $64,000 on Friday, extending a modest recovery while holding firmly above the key technical support zone so far this week. Mixed spot Exchange Traded Funds (ETFs) flows through Thursday reflect cautious institutional positioning. Meanwhile, traders have digested headlines about Strategy’s recent Bitcoin sale, highlighting the Crypto King’s resilience and deep liquidity.