PANews reported on June 20 that in response to the security vulnerability report dispute between Kraken and CertiK, on-chain detective @0xBoboShanti said that an address previously released by a Certik security researcher was detected and tested as early as May 27, which contradicted Certik's timeline of events. Furthermore, the funds in the test address originated from a Tornado transaction (Tornado tx) of Certik, and the wallet has recently (until today) been interacting with the same contract, a discovery that links the incident to the original security researcher.

Security researcher @tayvano further pointed out that the Certik report of the transaction revealed Kraken's deposit address 0xa172342297f6e6d6e7fe5df752cbde0aa655e61c (MATIC). On the Ethereum network, this same address was used for withdrawal operations, including: 0x3c6a231b1ffe2ac29ad9c7e392c8302955a97bb3, 0xdc6af6b6fd88075d55ff3c4f2984630c0ea776bc, and 0xc603d23fcb3c1a7d1f27861aa5091ffa56d3a599. These withdrawal addresses withdrew a large amount of funds, sold UDDT and used ChangeNOW for multiple maximum swaps.

@tayvano wrote: “Selling USDT and using ChangeNOW does not make the address a hacker, but exploiting an undisclosed vulnerability in a CEX system for their own financial gain does. Selling and instant trading before the vulnerability was disclosed just adds more confusion to this crazy situation. If the official statement was that Certik leaked secure communications, or that this was an outsider exploiting the same vulnerability, I would believe it. This might even explain Certik’s initial statement that Kraken was asking for more funds to be returned than they withdrew.”

Previously, Kraken Chief Security Officer Nick Percoco said that after the company received a security vulnerability report and fixed it, it was found that three accounts had exploited the vulnerability and withdrawn nearly $3 million from the Kraken vault, one of which belonged to the researcher who initially reported the vulnerability. In response, CertiK disclosed on the X platform that the security vulnerability researcher referred to by Kraken was a CertiK white hat hacker, and argued that "after the initial success of successfully identifying and fixing the vulnerability, Kraken's security operations team threatened individual CertiK employees to repay the unmatched cryptocurrency amount within an unreasonable time without even providing a repayment address."