Certik responds to Kraken's accusation: Did not seek bounty, withdrew $3 million to test limits.
share
After a major controversy between cybersecurity company Certik and Kraken on Twitter, Certik steps forward to address community concerns.
Table of Contents
After a major uproar between cybersecurity company Certik and Kraken on Twitter, Certik stepped forward to address community concerns.
Is cybersecurity company Certik involved in ransom and theft of coins? Kraken is furious, netizens comment: It has long had a bad reputation.
Q&A on CertiK and Kraken White-Hat Operation
- Have real users lost funds?
No. Cryptocurrencies are generated out of thin air, and no assets of any Kraken user were directly involved in our research activities. - Have we refused to return funds?
No. In our communications with Kraken (via email and video conferences), we have always assured them of returning the funds. - Have we returned funds, and what is the total amount?
Yes, all the funds we held have been returned, but the total amount differs from what Kraken requested. We returned based on our records. - Is the amount of returned funds consistent with Kraken's request?
No. We returned: 734.19215 ETH, 29,001 USDT, 1021.1 XMR, while Kraken requested 155818.4468 MATIC, 907400.1803 USDT, 475.5557871 ETH, 1089.794737 XMR. - Why did we conduct multiple large-scale tests?
a. We wanted to test the limits of Kraken's protection and risk controls.
b. Over several days of multiple tests, involving close to three million dollars in cryptocurrencies, no alarms were triggered, and we have yet to find their limits. - Did we disclose the vulnerability details to Kraken?
Yes. We sent a detailed report to Kraken via email, and Kraken claims to have fixed the issue within 47 minutes based on our report. - Did we notify Kraken in a timely manner?
Yes. Our testing lasted for five days. Once the test results were obtained, we contacted Kraken through various means and sent a detailed report. - Did we participate in Kraken's reward program?
No. We contacted Kraken's official and CSO Nick through Twitter, LinkedIn, and finally sent a detailed report via email. - Did we expect a reward?
No. We never mentioned any reward requests. Kraken was the first to mention their reward, to which we responded that rewards were not a priority, and we wanted to ensure the issue was resolved. - Why didn't we submit a complete transaction list to Kraken?
a. From day one, we reported large deposit addresses to Kraken. Kraken can identify all transactions based on the information we provided. Kraken did lock all relevant accounts.
b. We have disclosed all deposit transactions to the public.
Related
- Dark web hackers selling 10 million pieces of Binance user data, Binance refutes: Completely false
- TON loses assets? Telegram Wallet rumored to lock funds with 50% annualized coin earning, customer service only responds with canned messages
- Cybersecurity analysis: Vulnerability in OKX not related to "SMS verification"? OKX founder Xu Mingxing: No, if there are losses due to OKX, they will be fully compensated