Certik, a blockchain security firm, has come under fire for allegedly exploiting a vulnerability in Kraken's system. Reports indicate that Certik discovered a flaw that allowed them to be credited with cryptocurrency they did not deposit, which they used to drain funds from Kraken. Certik reportedly waited five days before disclosing the vulnerability and has been accused of extorting Kraken for over a week. The amount involved in the exploit is said to be $3 million. Additionally, Certik has been accused of laundering the stolen funds through Tornado Cash. This incident has raised serious concerns about Certik's practices and has led to calls for the company to be blacklisted.
An idle observation that is in no way an allegation of wrongdoing: certik audited three of the top fifty protocols on the Rekt leaderboard
Serious question how does Certik still get clients?
What of this has always been Ceetik’a startegy? Audit crypto projects, find the vulnerabilities & exploit them at a later date if extortion fails…
The full Certik story is everything but surprising for whoever was around during 2021 BSC season where plenty of projects (aka copy pasta forks) were using Certik and bucketloads got exploited. Just saying.
Certik are absolute clowns and deserve to be banished from this industry I will never do business with them I will never hire their current employees I will distance myself from any firms that benefit from their success: @insightpartners @sequoia @coatuemgmt @lightspeedvp https://t.co/X7B3fhy55J
Certik is soo cooked
The first good Certik audit just happened to be the one where they themselves hacked a CEX to the tune of $3m Hell of a way to market yourselves, but game is game https://t.co/gsDPU9RwjJ
Darwinism right before our very eyes Wouldn’t be surprised if Certik exploits protocols they audit too https://t.co/ass6por5vA
Add @CertiK to the block-list (if this plays out as it appears) https://t.co/DOEkHc1Xtq
Add @CertiK on the block-list (if this plays out as it appears) https://t.co/DOEkHc1Xtq
Add @CertiK on the block-list https://t.co/DOEkHc1Xtq
Having Certik as your auditor was always a sign that your app would get hacked This story makes you think that maybe Certik are the ones doing the hacking 👀 https://t.co/SGuZsouEw1
We never "recommended" CertiK before for audits, but if the below plays out as it appears, CertiK will now be on my "anti-recommendation" list https://t.co/DOEkHc1Xtq
Certik being the company that exploited Kraken reserves and not some rogue actor, coming out *proudly* admiting it was them and then to blame it on Kraken for "you should've done better" is a batshit insane move I don't know whether I want to love them or hate because of this https://t.co/fN9tnZHVTd
Certik exploiting Karken and putting the money in tornado doesn’t bode well for the theory all the defi hacks were inside jobs
The “white hats” at Certik just casually laundering the money they yoinked out of Kraken. Mad lads. https://t.co/9heWXXsv32
Too bad there isnt a way to short @CertiK Step 1: Steal @krakenfx funds Step 2: Fail to report security flaw for 3 days Step 3: Brag about exploit to other researchers Step 4: Researchers repeat exploit & tornado cash funds Step 5: Go on CT and pretend to be white hats + martyrs… https://t.co/2daA0Q2u9Z
Honest question: Does it surprise anyone that this was Certik? https://t.co/BmPniW4oog
Certik exploited Kraken for $3M, waited 5 days to disclose the vulnerability, and has been extorting them for over a week. I know i've been shitposting a lot recently, but this is 100% real. Stay the fuck away from this horrific company.
Hey @CertiK and @c7five This did not need to become a public he said, she said argument. It looks bad on both actors. Knowing both Certiks and Kraken's history I am inclined to support @krakenfx here. This looks like an extortion. White hat hackers don't hold funds hostage https://t.co/B95zDc0zlE
For context: Kraken disclosed a vulnerability where a security researcher demonstrated that they could be credited crypto for they didn’t deposit, and use that to drain funds. The “researcher” then either exploited the vuln themselves, or leaked to someone who exploited, for… https://t.co/2YGgs2aQ2N