TechFlow news — On June 20, CertiK posted a Twitter thread addressing recent disputes with Kraken, providing Q&A clarification on several key issues including fund return, vulnerability disclosure, and testing objectives. Their statements include:
No user funds were lost: All cryptocurrency involved was artificially generated during testing and did not involve assets from any real Kraken users.
Fund return status: CertiK confirmed that all held funds have been returned, although the total amount differs from Kraken's request. The returned amounts include 734.19215 ETH, 29,001 USDT, and 1021.1 XMR, whereas Kraken requested the return of 155,818.4468 MATIC, 907,400.1803 USDT, 475.5557871 ETH, and 1,089.794737 XMR.
Testing purpose: CertiK conducted multiple large-scale tests to probe the limits of Kraken’s protection mechanisms and risk controls. Despite days of testing, nearly three million dollars’ worth of cryptocurrency transactions did not trigger any alerts.
Vulnerability disclosure: CertiK provided Kraken with detailed vulnerability information, which was patched within 47 minutes.
Timely communication: Upon completion of testing, CertiK promptly notified Kraken through multiple channels and delivered a comprehensive report.
Bug bounty program: CertiK did not participate in Kraken’s bug bounty program nor made any bounty requests; the focus was solely on ensuring the issue was resolved.




