Certik Returns $3 Million To Kraken Amid Controversy For Holding Funds ‘Hostage’

After Certik came forward as the cybersecurity firm that found a critical bug in cryptocurrency exchange Kraken, and proceeded to drain and keep $3 million hostage, the security firm has now returned the funds.

“Update: We can now confirm the funds have been returned (minus a small amount lost to fees),” wrote Kraken’s Chief Security Officer Nick Percoco.

Certik wrote late Wednesday night a Q&A post on X outlining their most recent actions against Kraken. The firm said they did not steal any funds, but rather “cryptos were minted out of thin air;” and emphasized that the funds requested by Kraken were more than what was withheld by Certik.

According to the company, they returned 734 ETH ($2.5 million), $29,000 USDT, and 1021 XMR ($174,000). Meanwhile, Certik said Kraken was requesting 155,818 MATIC ($91,000), $907,000 USDT, 475 ETH ($1.66 million), and 1,089 XMR ($184,000).

The transfer of funds is the latest move in a controversy that started Wednesday, where the two firms publicly quarreled on X. The crypto exchange alleged that the cybersecurity firm drained and withheld $3 million from their platform after discovering a critical vulnerability on June 9. Certik countered with its own allegations, claiming the exchange was threatening company employees.

According to Kraken’s Chief Security Officer Nick Percoco, a bug bounty report filed on June 9, showed how malicious actors could initiate a deposit onto Kraken’s platform and receive funds in their account without fully completing the deposit – enabling an attacker to “effectively print” assets on the exchange.

Certik confirmed it was behind the bug bounty report, and the subsequent dozens of “test” transactions in the exchange.