CertiK, a cryptocurrency safety auditing agency that was not too long ago embroiled in a dispute with Kraken after it hacked the alternate, has now been accused of operating a ‘bug bounty’ program that was gathering vulnerabilities for numerous platforms moderately than having safety researchers submit these vulnerabilities on to companies.
The accusations focus on ‘OpenBounty,’ operated by Shentu Chain. Shentu Chain was once generally known as ‘CertiK Chain,’ which was operated by the CertiK Basis. Archived variations of the CertiK Basis web site make it clear that it was based by Fonghui Gu and Zhong Shao, each of whom are nonetheless listed as co-founders of CertiK.
In addition to these apparent connections between the entities, others have highlighted that submitting bug bounties sends requests to URLs with CertiK within the title.
Learn extra: CertiK returns funds by itself phrases after hacking Kraken for $3M
In lots of circumstances, OpenBounty appears to be successfully re-posting bug bounties from different platforms like ImmuneFi, with the web page for Arbitrum’s bug bounty explicitly stating that it is best to seek advice from ImmuneFi’s web site for extra data.
An ImmuneFi government took to X (previously Twitter) to emphasise that ImmuneFi “does not have a partnership nor affiliation with Open Bounty/Shentu, and we would always, always, always suggest submitting via the ImmuneFi programs.”
CertiK’s latest disputes with Kraken have additional heightened fears round submitting essential vulnerabilities to CertiK, particularly if the initiatives themselves are unaware that these vulnerabilities are being solicited through OpenBounty.
Different initiatives have grown annoyed with CertiK’s ‘Skynet’ undertaking, accusing it of ranking initiatives poorly in the event that they don’t obtain audits from CertiK.
Protos reached out to CertiK and Shentu Chain to make clear the connection and why a few of these bug bounty posts are on the platform. At press, neither has responded.
Obtained a tip? Ship us an e-mail or ProtonMail. For extra knowledgeable information, observe us on X, Instagram, Bluesky, and Google Information, or subscribe to our YouTube channel.