Protect Your Project Today
Strengthen your project with the largest web3 security provider.
A CertiK security expert will review your request and follow up shortly.

CertiK Statement on Kraken Vulnerability

News ·Announcements ·
CertiK Statement on Kraken Vulnerability

In June, CertiK Skyfall team conducting whitehat research discovered a critical vulnerability in the Kraken platform. We notified the exchange to ensure this important vulnerability was fixed—which was a win for blockchain and Web3 security. However, in conducting this work, we made errors in judgment and poorly communicated with Kraken, resulting in a public dispute that raised significant concerns within the community.

We regret that this incident occurred and have taken necessary steps to minimize the risk of similar misunderstandings occurring again. We have partnered with our outside counsel to improve our internal processes to ensure our bug bounty operations consistently adhere to industry best practices. We are proud of the exceptional technical expertise that underlies all our services and want to make sure that other aspects of the work are consistently carried out with comparable sophistication.

CertiK has been in the industry for more than six years, providing security services for more than 4,700 projects and detecting 70,000+ vulnerabilities. As a leading security firm, our goal moving forward is to continuously improve as a company, putting our customers and the community first for a safer Web3 future.

Related Blogs

Technical Deep Dive | CertiK Helped Fix a DoS Vulnerability in Solana’s Big-Integer Modular Exponentiation
Technical Blogs ·Educational

Technical Deep Dive | CertiK Helped Fix a DoS Vulnerability in Solana’s Big-Integer Modular Exponentiation

This article takes an in-depth look at the importance of blockchain transaction fee models and their critical role in ensuring network security and efficient operation. By comparing the transaction fee models of Ethereum and Solana, it highlights how unsafe transaction pricing can introduce network security risks. The article especially focuses on a compute-unit (CU) accounting error in Solana’s big-integer modular exponentiation syscall discovered and reported by the CertiK team, which could lead to a potential remote DoS attack. It further analyzes Solana’s smart-contract pricing model, PoH-related timing mechanics, and parallel transaction processing, and reproduces the remote DoS process and cost via experiments on a private Solana cluster.

React/Next.js CVE-2025-55182 Vulnerability Analysis
Technical Blogs ·Vulnerability Research

React/Next.js CVE-2025-55182 Vulnerability Analysis

A critical vulnerability, CVE-2025-55182, was recently disclosed and carries a CVSS 10.0 (the most critical) severity rating. The issue affects React/Next.js environments. Our security research team has analyzed the vulnerability and detected many applications in the Web3 ecosystem running the affected versions, including several that are actively exploitable.

Hack3d: The Web3 Security Report 2024
Reports ·Security Reports

Hack3d: The Web3 Security Report 2024

Welcome to Hack3d: The Web3 Security Report for 2024. CertiK’s Hack3d reports offer deep dives into the exploits, vulnerabilities, and trends that define blockchain and smart contract security. They’re an invaluable resource for anyone seeking to understand the current landscape of Web3 security.