A cybersecurity research company has returned $3 million in funds to cryptocurrency exchange Kraken after a unique incident involving a bug bounty program exploit. Kraken’s chief security officer, Nick Percoco, revealed that the exchange was alerted to an “extremely critical” code exploit that allowed hackers to artificially increase their funds. While no client assets were at risk, the exploit enabled malicious attackers to temporarily print assets in their Kraken accounts. Percoco expressed disappointment in the behavior of the security researchers who discovered the bug, stating that they acted unprofessionally in returning the exploited funds. However, Percoco confirmed that the funds have since been returned to Kraken, albeit with a small amount lost to fees. The identity of the individuals who returned the funds has not been disclosed. Crypto security firm Certik has claimed responsibility for identifying the exploit and criticized Kraken for avoiding the deeper issues revealed in their audit. They highlighted the fact that millions of dollars of crypto were minted without involving any real Kraken user assets and questioned why Kraken’s defense system failed to detect the test transactions conducted during their research.