Blockchain security company CertiK is facing serious allegations that its employees exploited a critical bug in the Kraken cryptocurrency exchange to steal nearly $3 million. Additionally, CertiK is accused of front-running reports on OpenBounty, a bug bounty aggregator linked to the company, to claim bounties for themselves. These allegations, brought forward by security researchers PopPunkOnChain and h0wlu, have raised significant concerns within the cybersecurity community.