CertiK: Employees threatened by Kraken’s security operations team after reporting security vulnerabilities to the company

Blockchain security firm CertiK announced on X platform that they had previously discovered a series of serious vulnerabilities in the Kraken exchange, which could potentially lead to losses of hundreds of millions of dollars. CertiK's investigation showed that Kraken's deposit system was unable to effectively distinguish between different internal transfer statuses, creating a risk of malicious actors forging deposit transactions and extracting counterfeit funds. During testing, millions of dollars in fake funds could be deposited into Kraken accounts and more than $1 million in counterfeit cryptocurrencies could be converted into valid assets, yet the Kraken system did not trigger any alerts. After being notified by CertiK, Kraken classified the vulnerabilities as "critical" and initially addressed the issue. However, CertiK pointed out that Kraken's security team subsequently threatened CertiK employees, demanding the repayment of mismatched cryptocurrencies at unreasonable times without providing a repayment address. In order to protect user safety, CertiK decided to make this matter public, calling on Kraken to stop any threats against white hat hackers and emphasizing the need for cooperation in addressing risks.