Crypto security firm CertiK is facing a growing wave of criticism after attributing a June incident involving a $3 million withdrawal from the Kraken exchange to a rogue employee.
The incident, which also involved the use of the sanctioned privacy mixer Tornado Cash, has raised serious questions about the firm’s security practices and internal controls. On June 19, CertiK withdrew $3 million from Kraken, triggering immediate concern among crypto security researchers.
The subsequent discovery of funds being routed through Tornado Cash, a platform known for its ability to obfuscate transaction origins, further fueled the controversy.
“These transactions were not executed maliciously and they were not related to the funds withdrawn from Kraken,” a CertiK spokesperson told a news outlet, confirming that an employee used the privacy-focused platform Tornado Cash. The spokesperson further explained that “a team member, without authorization, sent a small amount of his own funds to Tornado Cash and immediately withdrew the funds to several new addresses owned by himself.”
However, this explanation has done little to quell the criticism. Many within the crypto community remain unconvinced, questioning why a security firm tasked with protecting digital assets would seemingly disregard industry standards by utilizing a platform associated with illicit activities.
CertiK maintained the $3 million Kraken withdrawal was part of a legitimate “whitehat” security operation designed to test the exchange’s vulnerabilities. However, the use of Tornado Cash has cast a shadow over this claim, prompting accusations of negligence and a lack of transparency.
CertiK has since issued a more contrite apology, expressing “deep sorrow for the inconvenience and confusion” caused by the incident. However, the firm has yet to provide a satisfactory explanation for the employee’s use of Tornado Cash or address the concerns raised by the wider crypto community.
Adding to the controversy, Mikko Ohtamaa, co-founder of the algorithmic trading protocol for decentralised markets Trading Protocol, accused CertiK of being a “snake oil business” lacking integrity. “CertiK is trying to shift the blame instead of taking responsibility for hiring blackhats,” he stated on X, formerly known as Twitter.
Furthermore, Kevin Schellinger, co-founder of 1deltaDAO, suggested on X that the incident was a “long-planned marketing stunt” orchestrated by CertiK management. He cited insider sources alleging that engineers who resisted the plan were subsequently fired.
These allegations, coupled with the unanswered questions surrounding the incident, have significantly damaged CertiK’s reputation within the crypto community. The firm’s future hinges on its ability to address these concerns with transparency and decisive action, rebuilding trust and demonstrating a commitment to the highest standards of security and ethical conduct. The upcoming release of a comprehensive report detailing the incident will be a crucial step in this process, as the crypto world watches closely to see how CertiK navigates this turbulent chapter.
Read More
- CertiK Goes Public About Kraken Bug Exploit Resulting in $3 Million Loss, Faces Scrutiny and Backlash
- CertiK and Kraken’s Crypto Caper: A Heist, a White Hat Hack, or a Marketing Masterclass?
- Crypto Hackers Gone Wild: Is Your Decentralized Dream Turning into a Nightmare?
Yona has no crypto positions and does not hold any crypto assets. This article is provided for informational purposes only and should not be construed as financial advice. The Shib Daily is an official media and publication of the Shiba Inu cryptocurrency project. Readers are encouraged to conduct their own research and consult with a qualified financial adviser before making any investment decisions.