Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • HACKING
  • SLOT
  • CASINO
  • SUBMIT
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • TRADING
  • HACKING
  • SLOT
  • CASINO
  • SUBMIT
Crypto Flexs
Home»EXCHANGE NEWS»Bug Bounties Wrong: Kraken Accuses CertiK of Extortion, CertiK Defends Its Actions
EXCHANGE NEWS

Bug Bounties Wrong: Kraken Accuses CertiK of Extortion, CertiK Defends Its Actions

By Crypto FlexsJune 20, 20243 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
Bug Bounties Wrong: Kraken Accuses CertiK of Extortion, CertiK Defends Its Actions
Share
Facebook Twitter LinkedIn Pinterest Email

TLDR

  • Kraken discovered a bug that could allow users to artificially inflate balances and withdraw funds without completing a deposit.
  • Blockchain security company CertiK identified itself as the ‘security researcher’ who exploited the bug and withdrew nearly $3 million from Kraken’s coffers.
  • Kraken claims CertiK refused to return the funds until the exchange called its estimates of potential losses “extortion.”
  • CertiK defended its actions, saying it was testing the scope of the vulnerability and that Kraken threatened employees into returning inconsistent amounts of funds within an unreasonable time period.
  • The incident sparked a debate in the cryptocurrency industry about the ethics of white hat hacking and bug bounty programs.

Cryptocurrency exchange Kraken recently revealed that it was hit by a security vulnerability that could allow users to artificially inflate account balances and withdraw funds without fully completing a deposit. The exchange reported that the exploit resulted in approximately $3 million being stolen from treasury.

Blockchain security company CertiK identified the “security researchers” responsible for exploiting the bug and withdrawing funds.

Kraken’s chief security officer, Nick Percoco, previously accused the then-unnamed security team of “robbing” the company for refusing to return funds until the exchange provided an estimate of potential losses if the bug was not disclosed.

Kraken Security Updates:

On June 9, 2024, we received a bug bounty program notification from a security researcher. Although no specifics were initially revealed, their email claimed that they had discovered a “very important” bug in our platform that could have artificially inflated balances.

— Nick Percoco (@c7five) June 19, 2024

But CertiK defended its actions, claiming it was testing the scope of the vulnerability and that Kraken had threatened employees into returning inconsistent amounts of funds within an unreasonable period of time without even providing a redemption address.

CertiK recently identified a series of serious vulnerabilities in: @krakenfx It’s an exchange that could potentially result in hundreds of millions of dollars in losses.

Starting by looking for @krakenfxA deposit system that may not be able to distinguish internal differences… pic.twitter.com/JZkMXj2ZCD

— CertiK (@CertiK) June 19, 2024

The security company provided a timeline of events detailing its interactions with Kraken and the discovery of the exploit.

According to CertiK, the vulnerability allowed millions of dollars to be deposited into Kraken accounts, and the manipulated cryptocurrency could be withdrawn and converted to valid cryptocurrency.

The company also claimed that no alerts were raised during several days of testing, and that Kraken responded and locked down test accounts just days after the initial public disclosure.

The incident sparked debate about the ethics of white hat hacking and the effectiveness of bug bounty programs.

While some argue that CertiK’s actions were justified to thoroughly test vulnerabilities, others believe the company crossed a line by withdrawing so much money and refusing to return it immediately.

Kraken claims CertiK’s actions do not conform to the principles of white hat hacking and that it is working with law enforcement to recover its assets. The exchange also emphasized that user funds were not affected by the attack as the stolen money came from Kraken’s own coffers.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Acurast launches ‘Staked Compute’ and challenges AWS, Azure and Google Cloud using the distributed smartphone network.

September 3, 2025

Bitcoin Price Posts for 5 consecutive August losses: Will Michael Saylor react?

August 31, 2025

Pudgy Penguins

August 28, 2025
Add A Comment

Comments are closed.

Recent Posts

Why experts say that 99%of the traders are wrong

September 4, 2025

ChainUp Named Double Finalist At Thomson Reuters’ ALB Pan-Asian Regulatory Awards 2025

September 4, 2025

Integrated security classes can accelerate the adoption of institutional passwords.

September 4, 2025

Binance explodes 466m LUNC with oblivion: revival play or special effect?

September 4, 2025

Cardano founder says Chainlink quotes ‘ridiculous price’ to them.

September 3, 2025

Acurast launches ‘Staked Compute’ and challenges AWS, Azure and Google Cloud using the distributed smartphone network.

September 3, 2025

Solana-packee blockchain manually spreads

September 3, 2025

Bybit Card Launches In Europe With Unmatched 20% Cashback

September 3, 2025

GiftlyCard.com Recognized As Verified And Secure By Independent Review Sites

September 3, 2025

Embodying “Simple Mining, Smart Gains” For Effortless Crypto Accumulation

September 3, 2025

TOKEN2049 Singapore stops all records with the world’s largest Web3 event with 25,000 attendees in unprecedented demand.

September 3, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

Why experts say that 99%of the traders are wrong

September 4, 2025

ChainUp Named Double Finalist At Thomson Reuters’ ALB Pan-Asian Regulatory Awards 2025

September 4, 2025

Integrated security classes can accelerate the adoption of institutional passwords.

September 4, 2025
Most Popular

Algorand Foundation CEO’s X account was compromised

January 26, 2024

Benefits of Cryptocurrency: Transforming Trading and Beyond

February 29, 2024

The merchant said the parabolic Sui Rally predicted it as New Highs, and the recent $ 223,000 DEX HACK has a ‘amazing opportunity’.

June 12, 2025
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.