Experts scratch heads over CertiK’s $3m Kraken hack: ‘This is so stupid’
When crypto auditor CertiK announced on Wednesday that its employees had discovered and exploited a $3 million bug in American crypto exchange Kraken, eyebrows were raised.
When CertiK then said it returned the funds to the US exchange as part of a so-called white-hat operation, the firm was hit with dissent from Kraken.
“This is not white-hat hacking, it is extortion!” Nick Percoco, Kraken’s chief security officer, said in an X post on Wednesday.
Percoco said that those who found the bug said they would not return any funds until Kraken disclosed how much damage it could have caused.
CertiK didn’t take long to reply to Kraken’s statements. “They publicly accused us of theft and even directly threatened our employees, which is completely unacceptable.”
The unusual duration — and whopping $3 million size — of CertiK’s exploit sparked a flurry of questions. Usually whitehat tests of cyberdefences pick off a minimal amount of money simply to demonstrate the vulnerability.
