tl;dr
Blockchain security firm CertiK revealed that it conducted a white-hat hack on cryptocurrency exchange Kraken, which Kraken condemned as "extortion." Kraken's CSO stated they were treating the nearly $3 million loss as a criminal case and working with law enforcement. CertiK defended its actions, cl...
CertiK Defends White-Hat Hack Against Kraken CertiK Defends White-Hat Hack Against Kraken
Blockchain security firm CertiK conducted a white-hat hack on cryptocurrency exchange Kraken, which Kraken condemned as "extortion."
Kraken's CSO stated they were treating the nearly $3 million loss as a criminal case and working with law enforcement. CertiK defended its actions, claiming Kraken had threatened its employees and the demanded funds were "mismatched." CertiK argued it had insufficient time to return the funds.
The hackers exploited a bug to withdraw funds from Kraken before deposits were completed, allowing them to "print assets." CertiK stated it leveraged the bug to assess Kraken's security vulnerability.
Kraken allegedly didn't provide an address for fund return, but CertiK sent the crypto to a wallet accessible by Kraken. The hack was described as ethical and aimed at identifying vulnerabilities. A bug bounty disclosed only $4 of stolen crypto.
CertiK and Kraken engaged in a public dispute, with concerns raised about CertiK's reputation and previous exploits in projects audited by CertiK. CertiK questioned why Kraken's defense system failed to detect the test transactions.
Former CEO Taylor Monahan criticized CertiK's actions, warned of legal repercussions, and questioned previous audit failures. She highlighted speculation about the possibility of previous inside jobs.