CertiK faced threats from Kraken

by Eve Adams

2 years ago

Experts from the company CertiK, specializing in blockchain security, identified several critical vulnerabilities in the centralized exchange Kraken. They reported that these vulnerabilities could lead to losses of hundreds of millions of US dollars (USD). Additionally, the specialists stated that representatives of the exchange threatened them. The experts pointed out a vulnerability in the deposit system.

The CertiK team conducted a thorough investigation into three main issues: the possibility for an attacker to fabricate a deposit transaction, withdraw fake funds, and the risk control and asset protection measures activated when requesting a large sum transfer.

Based on our analysis, the Kraken exchange failed the tests, indicating that the security system is compromised in several areas. Millions of dollars can be deposited into any account. A vast amount of fabricated cryptocurrencies, even worth more than $1 million, can be withdrawn and converted into other assets. During several days of testing, not a single alert was generated. Kraken responded and blocked our test accounts only a few days after we officially reported the incident, stated CertiK.

After CertiK notified Kraken of the issues, the exchange's security service classified the incident as «critical», the highest level of danger for the platform.

In the spirit of transparency and commitment to the Web3 community, we publicly disclose this issue to protect the security of all users. We also urge Kraken to stop threatening white hackers, stated CertiK representatives.

Despite resolving the issue, Kraken's security team threatened individual CertiK employees, stating they would not pay the due reward. Furthermore, Kraken did not specify the transfer deadlines and did not request addresses for sending the reward.

Rewards

More rewards

Discover enhanced rewards on our social media.

Other news

Solana's Quantum Readiness Strategy Under Scrutiny

Solana's quantum readiness strategy is under scrutiny following Anatoly Yakovenko's comments on the need for a multi-scheme approach to enhance security against AI threats.

Leo van der Veenan hour ago

South Korean Exchanges Win Temporary Relief from Regulatory Sanctions

Three major South Korean crypto exchanges, Upbit, Bithumb, and Coinone, have secured temporary court relief from sanctions related to existing anti-money laundering requirements.

Li Weicheng2 hours ago

Anatoly Yakovenko Raises Concerns Over AI's Impact on Post-Quantum Cryptography

Solana cofounder Anatoly Yakovenko warns that AI could expose vulnerabilities in post-quantum signature schemes, emphasizing the need for a robust security design.

Maya Lundqvist2 hours ago

DAXA Challenges New Anti-Money Laundering Regulations in South Korea

DAXA opposes proposed changes to South Korea's anti-money laundering regulations, citing concerns over excessive reporting requirements.

Aisha Farooq2 hours ago

MoneyGram's Stablecoin Service Expands to Colombia and El Salvador

MoneyGram has launched its stablecoin service in Colombia and expanded to El Salvador, providing financial solutions for underserved markets in Latin America.