Ledger CTO: White Hat Hacker Behavior is ‘Weird’


The current battle between CertiK and Kraken has left the cryptocurrency community with more questions than answers. To go deeper into the problem, Blockworks spoke with Charles Guillemet, the Chief Technology Officer at Ledger, to gather some thoughts and opinions on the ongoing turmoil.

The dispute began when CertiK, a blockchain security firm based in the United States, was accused of employing Tornado Cash, a privacy tool frequently linked with criminal activity. Guillemet also described the withdrawal of Monero (XMR), a privacy-focused cryptocurrency, as suspicious owing to its inherent anonymizing qualities.

Ledger Executive Offers Insight.

ChangeNow, a non-custodial exchange noted for its lack of thorough Know Your Customer (KYC) procedures, was cited, which added to the complexity. Guillemet observed that bad actors commonly use ChangeNow to mask their cryptocurrency transactions, making it a popular alternative for individuals looking to conceal unlawful activities.

Another odd feature was the succession of video chats between CertiK and Kraken. Guillemet expressed doubt, citing the large funds withdrawn in the incident. He contended that a defect may be reported using a little exploit amount, such as $5, rather than millions.

However, the Ledger executive did not find the five-day timeframe over which the researchers tested the attack to be particularly suspicious. “The five-day span isn’t very suspicious. “What they did during that time, however, is suspicious,” he told Blockworks.

Ledger Exec Applauds Kraken’s Response

Regardless of the controversy, Kraken’s quick response was admirable. According to Kraken’s Chief Security Officer, Nick Percoco, the exchange took only 47 minutes to review and investigate the matter. “Kraken had everything in place to verify what happened on their platform and discovered that the vulnerability was exploited multiple times by three accounts, not just one,” according to Guillemet.

The Ledger exec, who moved from security to crypto in 2017, expressed his opinions on the actions of alleged white hat hackers in the blockchain field. He decried the practice of certain white hat hackers draining smart contracts completely and then returning the majority of the funds while keeping a piece as a reward. “I consider this type of action to be extortion. It appears to be recognized as white-hat behavior, but I completely disagree. “When you do security research, you don’t get to choose your reward,” he said.

The CertiK and Kraken Issue

In response to Percoco’s charges, CertiK denied any intention of manipulating or extorting payments from Kraken. On Thursday, Kraken reported that it had received the majority of the cash back, with only a minor portion lost due to transaction fees.

Looking ahead, Guillemet underlined the importance of continued security investment as well as a humble mindset among security personnel. “Attackers will get better and better, and we as an ecosystem must be humble and always raise the bar for security because this is a cat-and-mouse game and the stakes are getting higher,” according to him.

The incident shows the continuous problems and complexities of safeguarding the rapidly changing cryptocurrency market. While Kraken’s prompt action and disclosure are admirable, the incident highlights the necessity of monitoring and ethical behavior in the quest of cybersecurity.

JPMorgan-backed firm Partior has raised $60 million in a Series B..

CoinStats revealed that a attacker, believed to be affiliated with a..

Artificial Intelligence (AI) OpenAI has announced its latest innovation model dubbed..

ads-image ads-image