Kraken is planning to take legal action against security firm CertiK as the "white hat" operation by security firm turns into a legal blunder.
The Kraken CertiK saga, in which the security firm CertiK claimed to carry out a white hat operation on certain Kraken accounts (not customers) and drained nearly $3 million (as claimed by Kraken), has taken another turn. The exchange claimed the total exploited amount was not returned to it, while CertiK claims to have returned all funds as per their record.
On June 20, CertiK took to X to offer an update on the situation and claimed they had returned 734.19215 Ether (ETH), 29,001 USDT, and 1021.1 Monero (XMR), while Kraken requested 155818.4468 Polygon (MATIC), 907400.1803 USDT, 475.5557871 ETH, and 1089.794737 XMR.
The Kraken-CertiK saga began on June 9, when Kraken claimed they had received a bug bounty program alert from an alleged security researcher. The alert highlighted a bug in Kraken’s system that allowed users to inflate their account balances. The crypto exchange rushed to patch the bug and discovered three accounts that had leveraged the flaw and taken out $3 million from the Kraken account.