Blockchain security firm CertiK has gone public, identifying itself as the “security researcher” that cryptocurrency exchange Kraken claimed stole $3 million worth of digital assets.

In a June 19 X post, CertiK said it had informed Kraken of an exploit that allowed it to remove millions of dollars from the exchange’s accounts. Kraken Chief Security Officer Nicholas Percoco claimed that an unnamed security team — not revealed to be CertiK at the time — had committed “extortion” by refusing to return any funds until the exchange agreed to provide “a speculated $ amount that this bug could have caused if they had not disclosed it.”

“After initial successful conversions on identifying and fixing the vulnerability, Kraken’s security operation team has THREATENED individual CertiK employees to repay a MISMATCHED amount of crypto in an UNREASONABLE time even WITHOUT providing repayment addresses,” said CertiK. “In the spirit of transparency and our commitment to the Web3 community, we are going public to protect all users’ security. We urge [Kraken] to cease any threats against whitehat hackers.”

In a statement to Cointelegraph, CertiK said it planned to transfer the funds “to an account that Kraken will be able to access.” Initial reactions from many crypto users seemed to support Kraken, claiming that CertiK’s actions were not akin to white hat hackers.

This is a developing story, and further information will be added as it becomes available.