Wu said that CertiK has published a series of questions and answers on the CertiK-Kraken white hat incident. CertiK stated that no real Kraken users' assets were directly involved in the research activities. In communications with Kraken (via email and video conference), CertiK always assured them that the funds would be returned. All funds currently held have been returned, but the total amount is different from Kraken's requirements. CertiK refunded according to its own records. CertiK disclosed the details of the vulnerability to Kraken in detail and it was fixed within 47 minutes. After the test, CertiK promptly notified Kraken through multiple means and sent a detailed report. CertiK did not participate in Kraken's bounty program and did not mention any bounty requests. The focus was on ensuring that the problem was resolved. In addition, CertiK stated that it conducted multiple large-scale tests to test the limits of Kraken's protection and risk control. After multiple tests over many days and nearly three million worth of cryptocurrency, no alarms were triggered and it still did not figure out the limits.