The German Government has apparently transferred an additional 1,500 bitcoin, valued at nearly million, to multiple cryptocurrency exchanges, including Bitstamp, Coinbase, and Kraken. This move, part of a series of transactions since June 19, has led to speculation about the government’s intention to liquidate some of its bitcoin holdings, originally seized in a large-scale […]
Bitcoin News
Kraken Calls Security Research Firm’s Demands ‘Criminal’; Certik Slams Threats Against Its Employees
Kraken has accused an unnamed security research firm of stealing million from its treasury and attempting to extort more money. Nick Percoco said so-called white hat hackers failed to fully disclose the bug transaction details and have not made arrangements to return the stolen funds. White Hat Hackers Refuse to Abide by Rules The […]
Bitcoin News
CertiK Faces Fallout After Confessing $3 Million Heist From Kraken, What’s Next?
Cryptocurrency exchange Kraken has announced that it has fallen victim to a major security flaw that has resulted in the theft of million worth of digital assets. However, in a surprising turn of events, the party responsible has been identified as CertiK. This blockchain security firm claims to have initially reported the bug through Kraken’s bug bounty program.
CertiK is now accused of exploiting additional vulnerabilities and extorting the exchange for more money, leading to calls for legal action and concerns among crypto investors.
Kraken Security Flaws Exposed
The incident unfolded when Kraken’s Chief Security Officer, Nick Percoco, revealed that the exchange had received a bug report on June 9 from a self-described security researcher. The researcher claimed to have discovered an “extremely critical” bug that allowed them to inflate their balance on the platform artificially.
Upon further investigation, CertiK, which admitted its involvement in the incident in its social media post, uncovered several critical vulnerabilities in Kraken’s systems that could potentially result in losses of hundreds of millions of dollars.
CertiK’s findings revealed shortcomings in Kraken’s deposit system, indicating a failure to differentiate between internal transfer statuses. Furthermore, CertiK’s testing revealed that Kraken failed all these tests, exposing the compromised state of Kraken’s defense-in-depth system.
According to CertiK, “millions of dollars” could be deposited into any Kraken account, and a substantial amount of fabricated cryptocurrency (worth over million) could be withdrawn and converted into valid digital assets.
The security firm also claimed that no alerts were triggered during a “multi-day test period” and that Kraken only responded and blocked the test accounts days after the incident was officially reported.
Following the identification of the vulnerability, CertiK alleges that Kraken’s security operations team “threatened” individual CertiK employees, demanding the repayment of a “mismatched” amount of cryptocurrency within an “unreasonable time frame,” without providing repayment addresses.
However, Kraken’s Percoco countered that they had requested a full accounting of the then-unknown company’s activities and the return of the withdrawn funds. Percoco argued that CertiK’s refusal to comply with these requests violated the rules of ethical hacking and bordered on extortion.
Will CertiK Face Legal Repercussions?
The revelation of this incident has raised surprise and concerns within the cryptocurrency community, leading to calls for legal action against CertiK.
One user accused CertiK of stealing the million funds from Kraken, holding it ransom for a bounty, refusing to return the funds, and now transferring the money to Tornado.cash to protect it from potential seizure by authorities.
Coinbase’s Director, Conor Grogan, pointed out that Tornado.cash is subject to the Office of Foreign Assets Control (OFAC) sanctions and highlighted CertiK’s US domicile, hinting at potential legal repercussions by US agencies.
Market expert Adam Cochran also weighed in, astonished at CertiK’s actions and highlighting the firm’s history of compromised audits. Cochran went further to describe the situation as “Down right criminal.”
The next steps taken by Kraken and potential consequences for CertiK are yet to be seen. However, the involvement of US agencies and potential legal actions loom over the security firm.
The unfolding developments in this case will undoubtedly shape the future of bug bounty programs and impact the relationship between cryptocurrency exchanges and security firms.
Featured image from Shutterstock, chart from TradingView.com
Report: Kraken Considers IPO Amid Renewed Investor Interest
Kraken, one of the oldest cryptocurrency exchanges, is considering a final funding round ahead of a possible initial public offering (IPO) as soon as next year, according to Bloomberg. This move follows renewed interest from investors during the current digital-asset market rally and a perceived easing of U.S. regulatory scrutiny. Kraken Eyes IPO Bloomberg sources […]
Bitcoin News
Security-Focused Crypto ISAC Debuts With Founding Members Including Coinbase, Kraken, Circle
The Crypto ISAC (Information Sharing and Analysis Center) launches on Wednesday as a 501(c)(6) not-for-profit association dedicated to bolstering security within the cryptocurrency ecosystem. Its founding members include Aleo, Circle, Coinbase, Consensys, Evertas, Fireblocks, Hedera, Kraken, Offchain Labs, Red Balloon Security, Ribbit Capital, Solana Foundation, and Trail of Bits. Its mission is to foster collaboration […]
Bitcoin News
Kraken Insists It Will Keep USDT Listed in European Markets
Kraken, a U.S.-based cryptocurrency exchange, insists it will keep USDT listed in European markets as long as regulations regarding stablecoins are not finalized. Mark Greenberg, Global Head of Kraken’s Asset Growth and Management Business, clarified they will “continue to look at all options to offer USDT under the upcoming regime.” Kraken Will Keep Tether’s USDT […]
Bitcoin News
Kraken Challenges SEC Overreach in Recent Court Filing
In a recent motion to dismiss a case brought by the Securities and Exchange Commission (SEC), cryptocurrency exchange Kraken argued that the SEC’s legal theory misinterprets crucial aspects of the case. The court document, dated May 9, 2024, claims the SEC fails to identify legitimate investment contracts involved in the transactions on Kraken’s platform. Kraken […]
Bitcoin News
Venezuelan Probe Unveils Crypto Money Laundering Scheme Linked to Oil Sale Embezzlement; Kraken Involved
The Venezuelan Attorney General, Tarek William Saab, unveiled the second wave of detentions linked to a crypto money laundering scheme derived from unregistered oil sales paid in different currencies and crypto. The former president of the state-owned oil company PDVSA, Tareck El Aissami, the former Economy Minister Simon Alejandro Zerpa, and entrepreneur Samark Lopez were […]
Bitcoin News
Amidst a Surge in Spot Bitcoin ETF Reserves, Kraken Institutional Enters the Market
The crypto exchange based in San Francisco, Kraken, has unveiled its latest offering, Kraken Institutional, a digital currency suite designed expressly for high-net-worth firms and institutional investors. Deep Liquidity and Low-Latency Trading: Kraken Institutional’s Promise to Elite Clients This new crypto service, Kraken Institutional, introduced by Tim Ogilvie, the global head of the business division, […]
Bitcoin News
Service Interruptions at Coinbase, Robinhood and Kraken as Bitcoin Soared to $64,000
On Wednesday, bitcoin’s value ascended to the vicinity of ,000, during which time users of Coinbase and Robinhood reported disruptions in service. As of Feb. 28, 2024, Coinbase’s status page indicated the platform was suffering from “degraded performance,” while Robinhood’s clientele voiced their grievances to the platform’s support team. Technical Troubles Shadow Bitcoin’s Climb to […]
Bitcoin News