According to a CertiK Report: CertiK has uncovered a series of critical vulnerabilities in Kraken's exchange systems that could potentially lead to hundreds of millions of dollars in losses. These findings were made following an in-depth investigation into Kraken's deposit system and security protocols.

- Critical Vulnerabilities: CertiK identified several vulnerabilities within Kraken’s systems, including a failure to differentiate between different internal transfer statuses in the deposit system.
- Major Security Breaches: Through rigorous testing, CertiK found that Kraken’s defences were compromised on multiple fronts. Key testing questions included whether a malicious actor could fabricate deposit transactions, withdraw fabricated funds, and evade risk controls when making large withdrawal requests.
 
Testing Results:

- Failed Security Tests: Kraken failed all tests undertaken by CertiK, revealing severe weaknesses:
 - Fabricating Deposits: Malicious actors could deposit millions of dollars into any Kraken account without detection.
 - Withdrawing Fabricated Funds: Fabricated funds worth over $1 million could be withdrawn and converted into valid cryptocurrencies.
 - Lack of Alerts: No security alerts were triggered throughout the multi-day testing period. Kraken only responded and locked test accounts days after the vulnerabilities were officially reported.

Kraken’s Response:

- Critical Classification: Kraken's security team classified the vulnerabilities as Critical, the most serious classification level within the exchange.
- Initial Remediation Efforts: After the vulnerabilities were reported, Kraken took steps to address and fix them.
- Controversial Reaction: Kraken’s security team allegedly threatened individual CertiK employees to repay a mismatched amount of cryptocurrency within an unreasonable timeframe, without providing appropriate repayment addresses.

Public Disclosure:

In light of these issues, CertiK has decided to go public with the findings to ensure transparency and user security. The Web3 community needs to be aware of these vulnerabilities and the potential risks posed.

CertiK Statement: 
"In the spirit of transparency and our commitment to the Web3 community, we are going public to protect all users' security. We urge Kraken to cease any threats against whitehat hackers. Together, we can face risks and safeguard the future of Web3."

CertiK’s findings highlight significant security vulnerabilities within Kraken’s exchange systems, posing a potential risk to millions of dollars in user funds. As the situation unfolds, the community and stakeholders must stay vigilant and prioritize security measures to protect the integrity of the Web3 ecosystem.