CertiK: Employees threatened by Kraken’s security operations team after reporting security vulnerabilities to the exchange

PANews reported on June 19 that blockchain security agency CertiK announced that it had discovered a series of serious vulnerabilities in the Kraken exchange that could result in potential losses of hundreds of millions of dollars. CertiK's investigation showed that Kraken's deposit system could not effectively distinguish between different internal transfer states, and there was a risk that malicious actors could forge deposit transactions and withdraw forged funds. During the test, millions of dollars of fake funds could be deposited into Kraken accounts, and more than $1 million of forged cryptocurrencies could be withdrawn and converted into valid assets, and the Kraken system did not trigger any alarms. After CertiK notified Kraken, Kraken classified the vulnerability as "critical" and initially fixed the problem. However, CertiK pointed out that the Kraken security team then threatened CertiK employees, demanding repayment of unmatched cryptocurrencies in an unreasonable amount of time, and did not provide a repayment address. In order to protect user safety, CertiK decided to make the matter public, calling on Kraken to stop any threats to white hat hackers, emphasizing the need to work together to address risks and jointly safeguard the future of Web3.