PANews reported on June 20 that CertiK published a Q&A on the X platform about the recent CertiK-Kraken white hat operation, stating that no real users lost funds, that cryptocurrencies were minted out of thin air through exchange vulnerabilities, and that no real Kraken user assets were directly involved in its research activities; in all its communications with Kraken (via email and video conferences), it always assured them that the funds would be returned; all funds were returned, but the total amount did not match what Kraken specified, and CertiK returned it based on its records; CertiK returned: 734.19215 ETH, 29,001 USDT, 1021.1 XMR, while Kraken required 155818.4468 MATIC, 907400.1803 USDT, 475.5557871 ETH, 1089.794737 XMR.

Regarding the reason for the large-scale test, CertiK said that this was because it tested the limits of Kraken's risk control. After several days of continuous testing, after testing cryptocurrencies close to $3 million, no limit alarms were triggered, and CertiK still did not find out where the limits were. CertiK said that it notified Kraken in a timely manner and the test lasted for five days. "Once the test results were obtained, we contacted Kraken in various ways and sent a detailed report." CertiK also stated that it contacted Kraken officials and CSO Nick through Twitter and LinkedIn, and finally sent a detailed report by email. CertiK also stated that it had never made any bounty requests. It was Kraken that first mentioned their bounty to it.

As to why the full list of transactions was not submitted to Kraken, CertiK said: “We have reported large deposit addresses to Kraken since day one. Using the information we provided, Kraken was able to track all transactions. Kraken did lock all related accounts. We have disclosed all deposit transactions to the public.”