According to ChainCatcher, blockchain security agency CertiK announced on a social platform that a series of serious vulnerabilities have been discovered in the Kraken exchange, which could result in potential losses of hundreds of millions of dollars.

CertiK's investigation showed that Kraken's deposit system could not effectively distinguish between different internal transfer states, posing the risk of malicious actors forging deposit transactions and withdrawing forged funds. During the test, millions of dollars of fake funds could be deposited into Kraken accounts, and more than $1 million of forged cryptocurrency could be withdrawn and converted into valid assets, without any alarms being triggered by the Kraken system.

After CertiK notified Kraken, Kraken classified the vulnerability as "critical" and initially fixed the problem. However, CertiK pointed out that the Kraken security team then threatened CertiK employees, demanding repayment of the unmatched cryptocurrency within an unreasonable period of time, without providing a repayment address. In order to protect user safety, CertiK decided to make the matter public, calling on Kraken to stop any threats to white hat hackers, emphasizing the need to work together to address risks and jointly safeguard the future of Web3.