Nick Percoco, Kraken’s chief security officer, confirmed that the crypto exchange recovered recently stolen funds from his account after a bug vulnerability.
On June 20, Percoco shared on X that the exchange had managed to recover these funds. Although the Kraken NGO did not specify where it came from, previous statements revealed that the security research firm involved in the debacle was Certik.
Kraken accused the security research firm of being behind the accounts stealing funds from the exchange’s treasury after discovering a bug.
What happened?
Certik posted a statement on X on June 19 stating that its staff were the same people who contacted Kraken about a critical bug discovered in the exchange’s accounting system.
Specifically, Certik said the vulnerability would allow exploiters to mint millions of digital assets from Kraken.
Interestingly, employees of the research firm had withdrawn $3 million from Kraken by exploiting the same vulnerability. They then demanded that the exchange reward the bug bounty.
According to Kraken and Certik’s post, the employees in question did not return the money when asked.
“Following initial successful conversions to identify and remediate the vulnerability, Kraken’s security operations team threatened individual CertiK employees with refunding incompatible amounts of cryptocurrency in an unreasonable amount of time, even without providing refund addresses,” the platform said.
Kraken described this as extortion rather than honest actions by white hat hackers.
Certik offered to return the money
Certik then announced in X that it would move the funds in question to a wallet accessible to Kraken.
The statement said:
“Since Kraken did not provide a refund address and the amount requested did not match, we are transferring the funds to an account accessible to Kraken, according to our records.”
On Thursday, Kraken confirmed it had recovered the funds, with a small amount lost due to fees. In an earlier report, Kraken told customers that no user funds were lost during the bug debacle.