According to ChainCatcher, Nick Percoco, Chief Security Officer of Kraken Exchange, posted an update on the social platform, saying that it can now be confirmed that the funds withdrawn due to the previous vulnerability have been returned (excluding a small amount of fee loss).
Previously, CertiK stated that it had returned all funds but did not request a bug bounty in accordance with Kraken's requirements.