CertiK Comes Forward as the Hacker Seeking Bounty from Kraken
According to the company’s report, on June 5, the team identified several critical vulnerabilities in Kraken’s security system, which could have led to significant financial losses.
On this page
According to the company's report, on June 5, the team identified several critical vulnerabilities in Kraken's security system, which could have led to significant financial losses.
In their analysis, CertiK addressed three main concerns:
1. Can a malicious actor fabricate a deposit transaction to a Kraken account?
2. Can a malicious actor withdraw fabricated funds?
3. What risk controls and asset protection might be triggered by a large withdrawal request?
The researchers concluded that the exchange’s security measures failed on all three counts, allowing for the possibility of depositing millions of dollars into any Kraken account. The system permitted the withdrawal of large sums of fabricated crypto, which could then be converted into valid coins.
During the testing period from June 5 to June 9, the activities conducted by the researchers did not trigger any response from Kraken's security system, and the test accounts were only blocked after CertiK reported the vulnerabilities to the exchange team.
After remedying the vulnerabilities deemed critical by Kraken, a dispute arose between the exchange and the security firm regarding the bounty reward. CertiK expressed dissatisfaction with the reward amount and the terms offered.
Despite the dispute, CertiK transferred the funds acquired during testing to an address accessible to Kraken's team.
Kraken user accounts remain secure.
The content on The Coinomist is for informational purposes only and should not be interpreted as financial advice. While we strive to provide accurate and up-to-date information, we do not guarantee the accuracy, completeness, or reliability of any content. Neither we accept liability for any errors or omissions in the information provided or for any financial losses incurred as a result of relying on this information. Actions based on this content are at your own risk. Always do your own research and consult a professional. See our Terms, Privacy Policy, and Disclaimers for more details.
Articles by this author
