Some white hat hacker behavior is ‘weird,’ Ledger CTO says

After the Kraken-CertiK incident earlier this week, Ledger’s Charles Guillemet weighed in on white hat hackers

article-image

Maor_Winetrob/Shutterstock modified by Blockworks

share

The back and forth between CertiK and Kraken this week left more questions than answers. 

So to get some potential answers — and to pick his brain — Blockworks chatted with Ledger Chief Technology Officer Charles Guillemet.

Outside of the use of Tornado Cash by the US-based CertiK, he also highlighted the withdrawal of XMR — a privacy coin on Monero, in case you’ve skipped some of Empire’s previous segments — as suspicious because, well, it’s a privacy coin.

Add ChangeNow, a self-styled non-custodial exchange, into the mix. In Guillemet’s experience, ChangeNow is generally one of the top picks for attackers who are trying to hide crypto. It’s often used by bad actors because it doesn’t require proper KYC checks before facilitating swaps from one token to another.

It was also weird that there were video calls between CertiK and Kraken. And don’t even get him started on the millions withdrawn (he maintains you can exploit as little as $5 to prove the bug and then report it for a bounty). 

Read more: Empire Newsletter: DJT and Kraken bring the drama

However, the five-day time period in which the researchers were testing the exploit isn’t that strange. 

“So the five day period is not suspicious, per se. But what is suspicious is what they did during the meantime,” he told Blockworks.

The silver lining in this is the speed in which Kraken assessed the issue (47 minutes, according to Kraken’s Chief Security Officer Nick Percoco) and investigated the issue.

Kraken had everything in place in order to verify what happened on their platform and to find out that the vulnerability was actually exploited several times, by three accounts and not only by one,” he added. 

Guillemet was in the security world before swapping over to crypto in 2017. 

With that experience, he said that the “behavior that we see in blockchain and crypto when it comes to white hat [hacking] is really weird from my standpoint.”

Read more from our opinion section: We need to talk about the dangers of custody on exchanges

“Sometimes you have a white hat, supposedly, who finds a vulnerability on some smart contract. It completely drains the smart contract and then gives back like 90%, choosing its reward [of] 10%. This kind of behavior, for me, is extortion. It seems to be okay. It seems to be white hat behavior,” Guillemet continued.“But I completely disagree with this. When you do security research, you don’t choose your reward.”

“In crypto, it’s not always the case, and it’s a bit disturbing for me, and it’s also disturbing for other security guys in the field.”

CertiK said it wasn’t trying to exploit or “extort” funds from the exchange, unlike claims made by Percoco. On Thursday, Kraken confirmed it received the funds back sans a bit lost to fees.

The simplest way to improve the space is obviously investing in security, but the more difficult path forward is for security teams to stay humble, Guillemet said. 

“Attackers will get better and better and we as an ecosystem must be humble and always raise the bar for security because this is a cat-and-mouse game and the stakes are getting higher.”

A shorter version of this article appeared in Friday’s Empire Newsletter. Sign up here to never miss an issue.


Start your day with top crypto insights from David Canellis and Katherine Ross. Subscribe to the Empire newsletter.

Explore the growing intersection between crypto, macroeconomics, policy and finance with Ben Strack, Casey Wagner and Felix Jauvin. Subscribe to the Forward Guidance newsletter.

Get alpha directly in your inbox with the 0xResearch newsletter — market highlights, charts, degen trade ideas, governance updates, and more.

The Lightspeed newsletter is all things Solana, in your inbox, every day. Subscribe to daily Solana news from Jack Kubinec and Jeff Albus.

Tags

Upcoming Events

Javits Center North | 445 11th Ave

Tues - Thurs, March 18 - 20, 2025

Blockworks’ Digital Asset Summit (DAS) will feature conversations between the builders, allocators, and legislators who will shape the trajectory of the digital asset ecosystem in the US and abroad.

Brooklyn, NY

TUES - THURS, JUNE 24 - 26, 2025

Permissionless IV serves as the definitive gathering for crypto’s technical founders, developers, and builders to come together and create the future.If you’re ready to shape the future of crypto, Permissionless IV is where it happens.

recent research

Research Report Templates.png

Research

An overview of the Base Ecosystem, with a focus on market leaders.

article-image

Although bitcoin hitting $120k by year’s end is looking unlikely

article-image

About 270 million HYPE has been claimed, valued around $7.6 billion

article-image

Stanford professors David Mazières and Dan Boneh will lead the lab alongside a cohort of graduate student researchers

article-image

With more companies holding BTC, bitcoin yielding strategies could become “a new corporate finance norm,” CoinShares posed

article-image

The proposal comes after Polygon governance considered a controversial use of bridged liquidity for yield

article-image

Can the community balance its decentralized ethos with the need for inclusivity and constructive debate?