Kraken recovers $3 million from CertiK, ending bug bounty saga

Shortly after Kraken’s post about the missing funds, blockchain security firm CertiK publicly identified itself as the “security researcher” that Kraken claimed stole $3 million of digital assets.

In a June 19 X post, CertiK said it had informed Kraken of an exploit that allowed it to remove millions of dollars from the exchange’s accounts. Certik also claimed to have been threatened by the exchange’s team:

“After initial successful conversions on identifying and fixing the vulnerability, Kraken’s security operation team has THREATENED individual CertiK employees to repay a MISMATCHED amount of crypto in an UNREASONABLE time even WITHOUT providing repayment addresses.”

The security firm posted a timeline of events, starting with identifying the exploit on June 5 and ending with claims Kraken threatened a CertiK employee on June 18. In a statement to Cointelegraph, CertiK said it planned to transfer the funds “to an account that Kraken will be able to access.”