Kraken‘s chief security officer, Nick Percoco, has confirmed that the crypto exchange has successfully recovered the funds recently stolen due to a bug vulnerability.
On June 20, Percoco announced on X that the exchange had managed to recover these funds. While the source of the recovery wasn’t explicitly mentioned, earlier reports indicated the involvement of the security research firm, Certik.
Incident Overview
Kraken had accused Certik of being linked to the accounts that stole funds from the exchangeβs treasury after a bug was discovered. Certik acknowledged the issue in a statement on June 19, where it identified its staff as the individuals who contacted Kraken about the critical bug in the exchangeβs accounts system.
Certik explained that the vulnerability could have allowed exploiters to mint millions in digital assets from Kraken. However, some employees exploited this vulnerability to withdraw $3 million from Kraken, later demanding that the exchange honor the bug bounty.
“After initial successful conversions on identifying and fixing the vulnerability, Krakenβs security operation team has threatened individual CertiK employees to repay a mismatched amount of crypto in an unreasonable time even without providing repayment addresses,” the platform noted.
Kraken labeled these actions as extortion rather than the honest actions of white hat hackers.
Certik’s Response
In response, Certik posted on X that it would transfer the funds to a wallet accessible to Kraken. The statement read:
“Since Kraken has not provided repayment addresses and the requested amount was mismatched, we are transferring the funds based on our records to an account that Kraken will be able to access.”
By Thursday, Kraken confirmed the recovery of the funds, with only a small amount lost to fees. Importantly, Kraken reassured its customers that no user funds were lost during the incident.
For more updates and news on cryptocurrencies, investing, and finance, explore Global Crypto News.