Crypto News- CertiK Researchers Implicated in Kraken’s $3 Million Security Breach
Crypto News – After Kraken exchange reported a $3 million loss from its treasury, smart contract auditor CertiK disclosed its involvement in the incident. The trading platform initially attempted to recover the funds but eventually involved law enforcement, citing the incident as a case of extortion.
CertiK’s Insight into Kraken’s Loss
Kraken Exchange’s recent $3 million bug attack has been connected to smart contract auditing firm CertiK, which has acknowledged this association. CertiK uncovered a series of critical vulnerabilities that could potentially result in significant financial losses amounting to hundreds of millions of dollars.
In response to their findings, CertiK researchers have delved into the vulnerability with three key questions guiding their investigation:
- Can a malicious actor fabricate a deposit transaction to a Kraken account?
- Can a malicious actor withdraw fabricated funds?
- What risk controls and asset protections could be triggered by a large withdrawal request?
The Kraken exchange failed all these tests, indicating that Kraken’s defense in-depth-system is compromised on multiple fronts. Millions of dollars can be deposited to ANY Kraken account. A huge amount of fabricated crypto (worth more than 1M+ USD) can be withdrawn from the account and converted into valid cryptos. Worse yet, no alerts were triggered during the multi-day testing period. Kraken only responded and locked the test accounts days after we officially reported the incident.
CertiK
Auditor Under Scrutiny Following $3 Million Bug Attack
In spite of CertiK’s attempts to clarify the situation, the crypto community has lambasted the researchers, accusing them of gross malpractice. One critic bluntly noted, ‘This could have been handled much better if they had settled amicably with Kraken and only disclosed it afterwards.’ Developer Uttam Singh’s summary ruthlessly exposed several damning details that further incriminate CertiK. He mocked the researchers for conducting multiple transactions and delaying disclosure by five days.
Adding fuel to the fire, Cyvers CTO Meir Dolev disclosed that an address linked to CertiK created a contract on Coinbase’s Layer-2 network Base as early as May 24, throwing CertiK’s claim of discovering the vulnerability on June 5 into serious doubt. Allegedly, this same address is reportedly probing OKX and Coinbase to test for similar vulnerabilities discovered in Kraken.
FAQs
What role did CertiK researchers play in Kraken’s $3 million attack?
CertiK researchers uncovered a vulnerability that led to a $3 million attack on Kraken. According to their findings, a weakness identified by CertiK potentially allowed attackers to gain access to Kraken’s system and seize funds.
How did CertiK discover this security vulnerability and when did they disclose the details?
CertiK discovered the vulnerability through their research efforts. They disclosed the details after identifying the issue, highlighting how the vulnerability could have been exploited by malicious actors to compromise Kraken’s security and execute the attack.
For the latest in crypto updates, keep tabs on Crypto Data Space.
Leave a comment