{"id":32760,"date":"2024-06-20T21:52:26","date_gmt":"2024-06-20T21:52:26","guid":{"rendered":"https:\/\/crowdfundjunction.com\/blog\/kraken-gets-back-all-the-funds-taken-during-the-recent-whitehat-attack\/"},"modified":"2024-06-20T21:52:26","modified_gmt":"2024-06-20T21:52:26","slug":"kraken-gets-back-all-the-funds-taken-during-the-recent-whitehat-attack","status":"publish","type":"post","link":"https:\/\/crowdfundjunction.com\/blog\/kraken-gets-back-all-the-funds-taken-during-the-recent-whitehat-attack\/","title":{"rendered":"Kraken gets back all the funds taken during the recent \u201cwhitehat\u201d attack"},"content":{"rendered":"<p><b>(Originally posted on : CoinJournal: Latest Crypto News, Altcoin News and Cryptocurrency Comparison )<\/b><br \/>\n<\/p>\n<div>\n<div class=\"post-article-image  -mt-24  mb-8  lg:-mt-32  rounded  overflow-hidden\">\n<picture><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2023\/02\/144735626_m-smartcrop-750x375.webp\" type=\"image\/webp\" media=\"(min-width: 750px)\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2023\/02\/144735626_m-smartcrop-363x181.webp\" type=\"image\/webp\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2023\/02\/144735626_m-smartcrop-750x375.jpg\" type=\"image\/jpeg\" media=\"(min-width: 750px)\"\/><source srcset=\"https:\/\/coinjournal.net\/wp-content\/uploads\/imagecache\/2023\/02\/144735626_m-smartcrop-363x181.jpg\" type=\"image\/jpeg\"\/>\n<\/picture>                    <\/div>\n<ul>\n<li>CertiK exposed a vulnerability, extracting $3 million before reporting it to Kraken.<\/li>\n<li>Kraken patched the bug quickly after the alert from CertiK.<\/li>\n<li>CertiK has returned the funds after some procedural disputes.<\/li>\n<\/ul>\n<p>Kraken has successfully reclaimed nearly all of the $3 million taken during a controversial \u201cwhitehat\u201d hack orchestrated by blockchain security firm CertiK. Kraken\u2019s Chief Security Officer, Nick Percoco, <a href=\"https:\/\/x.com\/c7five\/status\/1803773589226995826\">confirmed<\/a> the return of funds, with only a small amount lost to transaction fees.<\/p>\n<p>The Whitehat hack highlighted critical issues in ethical hacking practices and the protocols surrounding vulnerability disclosures.<\/p>\n<h2>How did the Kraken whitehack hack unfold?<\/h2>\n<p>According to the <a href=\"https:\/\/x.com\/CertiK\/status\/1803450205389402215\">chronology of events detailed by CertiK<\/a>, the saga began when CertiK identified a serious vulnerability in Kraken\u2019s system that allowed technically adept individuals to inflate their account balances artificially.<\/p>\n<p>Exploiting this flaw, CertiK withdrew $3 million from Kraken\u2019s Treasury as proof of the vulnerability\u2019s severity. Although CertiK reported the issue in June, it acted only after securing the funds, a move that drew significant criticism from Kraken and the wider crypto community.<\/p>\n<p>Kraken swiftly addressed the vulnerability within hours of being informed, ensuring that no client assets were compromised. Percoco emphasized that the <a href=\"https:\/\/coinjournal.net\/news\/kraken-patches-isolated-bug-says-no-user-funds-stolen\/\">security hole was promptly patched<\/a>, making recurrence impossible.<\/p>\n<p>Despite the quick fix, the manner in which CertiK conducted its operation \u2014 particularly its delay in returning the funds \u2014 raised serious questions about its adherence to standard whitehat bounty protocols.<\/p>\n<h2>CertiK\u2019s unorthodox \u201cwhitehat\u201d hack drew criticism<\/h2>\n<p>Kraken\u2019s discontent stemmed from CertiK\u2019s failure to follow the established procedures for whitehat activities.<\/p>\n<p>Typically, whitehat hackers report vulnerabilities without extracting excessive funds, returning any taken amounts immediately.<\/p>\n<p>CertiK, however, retained the $3 million until Kraken provided an estimate of the potential risk, an action Kraken perceived as unnecessary and uncooperative.<\/p>\n<p>CertiK defended its approach by claiming that the extensive withdrawal was crucial to thoroughly test Kraken\u2019s security measures and alert systems, which, according to CertiK, failed to trigger alarms even after substantial losses.<\/p>\n<p>Furthermore, CertiK contended that it consistently intended to return the funds and accused Kraken\u2019s security team of pressuring its employees with unrealistic repayment demands and mismatched amounts of cryptocurrency.<\/p>\n<p>Ultimately, the funds were returned, albeit in a different cryptocurrency amount than Kraken had specified.<\/p>\n<blockquote class=\"twitter-tweet\" data-width=\"500\" data-dnt=\"true\">\n<p lang=\"en\" dir=\"ltr\">Since Kraken has not provided repayment addresses and the requested amount was mismatched, we are transferring the funds based on our records to an account that Kraken will be able to access.<\/p>\n<p>\u2014 CertiK (@CertiK) <a href=\"https:\/\/twitter.com\/CertiK\/status\/1803458933551399371?ref_src=twsrc%5Etfw\">June 19, 2024<\/a><\/p>\n<\/blockquote>\n<p>CertiK maintained that it never sought a bounty for its actions and focused solely on ensuring the vulnerability was resolved.<\/p>\n<div class=\"post-meta\">\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Share this article<\/h6>\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Categories<\/h6>\n<hr class=\"mb-6\"\/>\n<h6 class=\"text-3xl  mb-4  text-green-300\">Tags<\/h6>\n<\/p><\/div>\n<\/p><\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><br \/>\n<br \/><a href=\"https:\/\/coinjournal.net\/news\/kraken-gets-back-all-the-funds-taken-during-the-recent-whitehat-attack\/\">Source link <\/a><br \/>\n<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>(Originally posted on : CoinJournal: Latest Crypto News, Altcoin News and Cryptocurrency Comparison ) CertiK exposed a vulnerability, extracting $3 million before reporting it to Kraken. Kraken patched the bug quickly after the alert from CertiK. CertiK has returned the funds after some procedural disputes. Kraken has successfully reclaimed nearly all of the $3 million [&hellip;]<\/p>\n","protected":false},"author":7,"featured_media":32761,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0},"categories":[35],"tags":[],"_links":{"self":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/32760"}],"collection":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/users\/7"}],"replies":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/comments?post=32760"}],"version-history":[{"count":0,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/posts\/32760\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media\/32761"}],"wp:attachment":[{"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/media?parent=32760"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/categories?post=32760"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/crowdfundjunction.com\/blog\/wp-json\/wp\/v2\/tags?post=32760"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}