According to ChainCatcher, CertiK published a series of questions and answers on the CertiK-Kraken white hat incident on the X platform. CertiK stated that no real Kraken users' assets were directly involved in the research activities. In the communication with Kraken (via email and video conference), CertiK always assured them that the funds would be returned. All funds currently held have been returned, but the total amount is different from Kraken's requirements. CertiK refunded according to its own records.
CertiK disclosed the vulnerability details to Kraken in detail and it was fixed within 47 minutes. After the test, CertiK promptly notified Kraken through multiple means and sent a detailed report. CertiK is not involved in Kraken's bounty program and has not mentioned any bounty requests. The focus is on ensuring that the issue is resolved.
In addition, CertiK stated that it conducted multiple large-scale tests in order to test the limits of Kraken’s protection and risk control. After multiple tests over multiple days and nearly three million worth of cryptocurrencies, no alarms were triggered and it still hadn’t figured out the limits.
