The security firm claimed it had been given too little time to return Kraken’s funds as it tested an exploit’s scope.