The cybersecurity agency made a suspiciously massive variety of transactions to “test” a vulnerability within the crypto trade.
Crypto trade Kraken’s Chief Safety Officer Nick Percoco revealed immediately {that a} blockchain cybersecurity firm lately discovered a vulnerability in its platform and proceeded to empty and preserve $3 million value of crypto from the trade.
Certik has confirmed that it’s the cybersecurity agency in query and is pushing again, saying that Kraken is now threatening its staff.
In response to Percoco, a Bug Bounty report filed on June 9 confirmed how malicious actors might provoke a deposit onto Kraken’s platform and obtain funds of their account with out totally finishing the deposit – enabling an attacker to “effectively print” property on the trade.
Kraken claims that folks recognized as safety researchers managed to maliciously credit score their account with $4, after which shared the vulnerability with two different people who proceeded to generate and withdraw $3 million from the trade.
Percoco alleges that the safety researchers haven’t agreed to return any of the funds till Kraken offers a “speculated $ amount” that the vulnerability might have induced in losses had it not been found.
“This is not whitehat hacking,” exclaimed Percoco, “this is extortion.”
Certik Defends Workers
Certik countered the claims, alleging that Kraken is now threatening their staff.
“After initial successful conversions on identifying and fixing the vulnerability, Kraken’s security operation team has THREATENED an individual CertiK employee to repay a MISMATCHED amount of crypto in an UNREASONABLE time even WITHOUT providing repayment addresses,” wrote Certik on X.
Certik defined that the choice to go public is “in the spirit of transparency and our commitment to the Web3 community” and to guard all customers’ safety. The agency urged Kraken to cease any assaults towards whitehat hackers.
Crypto Group Calls It Extortion
After Certik disclosed the plethora of check transactions towards Kraken, members of the crypto group are calling foul play.
“It is irresponsible for any security auditor to repeat tests like this so many times,” posted Michael Perklin, former CISO of Shapeshift. “I’d never hire a security company that did this. Extortion is a bad look.”
Lead Product Supervisor for MetaMask, Taylor Monahan, agreed and went a step additional.
“HAHAHHA YOU F@#KING CLOWNS, there is absolutely NO universe where this is “whitehat security research,” she wrote. In response to Monahan, Kraken is being “incredibly patient” for not outright calling this what it very clearly is: “a multimillion-dollar theft with a side of extortion.”
