In June, a team at CertiK conducting whitehat research discovered a “critical” vulnerability in the Kraken platform.
This CertiK team then reportedly “notified the exchange to ensure this important vulnerability was fixed—which was a win for blockchain and Web3 security.”
However, in conducting this work, CertiK claims they made errors “in judgment and poorly communicated with Kraken, resulting in a public dispute that raised significant concerns within the community.”
CertiK regret that this incident “occurred and have taken necessary steps to minimize the risk of similar misunderstandings occurring again.”
CertiK have partnered with their outside counsel “to improve their internal processes to ensure their bug bounty operations consistently adhere to industry best practices.”
CertiK are pleased about the “exceptional” technical expertise that underlies all their services and want to make sure that other “aspects of the work are consistently carried out with comparable sophistication.”
CertiK further claims that it has been in the industry “for more than six years, providing security services for more than 4,700 projects and detecting 70,000+ vulnerabilities.”
As a security firm, their goal moving forward is “to continuously improve as a company, putting their customers and the community first for a safer Web3 future.”
As covered early last month, CertiK has released its market update, entitled Hack3d: The Web3 Security Quarterly Report – Q2 + H1 2024.
CertiK‘s Hack3d: The Web3 Security Report for Q1 2024 digital assets and blockchain ecosystem update is described as “the industry’s most comprehensive record of statistics and analysis of onchain security incidents.”
According to CertiK, it equips stakeholders with the knowledge needed “to make informed decisions in an increasingly high-stakes environment.”
Here are Q2 2024 highlights shared by CertiK:
- A total of $688,102,941 was lost across 184 onchain security incidents in Q2 2024. This represents a 37% increase in value lost compared to Q1 2024, though there was an 18% decrease in the number of incidents quarter-over-quarter.
- Phishing was the most costly attack vector in Q2 2024, with $433,688,871 lost across 67 incidents, accounting for a large majority of total financial losses.
- Private key compromises followed, with $170,064,635 lost in 16 major incidents.
- Ethereum experienced the highest number of security incidents, with a total of 83 hacks, scams, and exploits leading to $170,636,798 in losses.
- The total dollar value of funds returned was $99,328,507 across 7 separate incidents, leading to adjusted total losses of $588,774,434 for the quarter.
- The average loss per incident was $3,739,689 and the median loss per incident was $204,614.