Cybersecurity company Certik accused of ransomware and cryptocurrency theft? Kraken explodes in anger, online comments: Already notorious for bad behavior

Where is the line for white hat hackers? If a vulnerability is discovered, funds are raised in large amounts, bug bounties are collected, assets are taken without honest disclosure, and there is no willingness to return them, can this be called white hat?

Where is the line for white hat hackers? If a vulnerability is discovered, a large amount of funds is raised, bug bounty is claimed, assets are taken without honest disclosure, and there is no willingness to return them, can they still be considered a white hat?

The well-known U.S. exchange Kraken discovered that a total of $3 million was taken under a vulnerability, but the cybersecurity company Certik, which reported the bug, does not admit to taking that much money and claims to be threatened by Kraken.

Kraken alleges that the white hat hacker extorted $3 million stolen through a vulnerability, while Certik claims to be threatened by Kraken.

However, investigations by netizens have revealed that the related address not only withdrew Kraken funds through the vulnerability multiple times but also sold the stolen funds in large quantities through mixers and illegal exchanges. Certik's actions are not only considered far from being white hat but rather despicable.

Netizen Comments: Certik has become a well-known security seal company

During the DeFi boom, many protocols of all sizes have sought Certik for security certification, but many hacking incidents still occurred. Netizens point out that Certik is already a pay-for-report seal company in the industry. It has also launched the coin CTK, but it was ultimately unsuccessful.