In June, CertiK Skyfall team conducting whitehat research discovered a critical vulnerability in the Kraken platform. We notified the exchange to ensure this important vulnerability was fixed—which was a win for blockchain and Web3 security. However, in conducting this work, we made errors in judgment and poorly communicated with Kraken, resulting in a public dispute that raised significant concerns within the community.
We regret that this incident occurred and have taken necessary steps to minimize the risk of similar misunderstandings occurring again. We have partnered with our outside counsel to improve our internal processes to ensure our bug bounty operations consistently adhere to industry best practices. We are proud of the exceptional technical expertise that underlies all our services and want to make sure that other aspects of the work are consistently carried out with comparable sophistication.
CertiK has been in the industry for more than six years, providing security services for more than 4,700 projects and detecting 70,000+ vulnerabilities. As a leading security firm, our goal moving forward is to continuously improve as a company, putting our customers and the community first for a safer Web3 future.