U.S. based bitcoin exchange Kraken has been the target of a coordinated attack by hacker(s) who have successfully stolen funds from exchange users.
The details are still emerging, but this post should serve as a public service announcement to Kraken users to secure their accounts before it is too late.
On social media, a Kraken user has complained that their brother’s account was compromised on Kraken after being targeted, with funds withdrawn and stolen from the account. The user hasn’t disclosed the amount stolen. To make matters worse, another Kraken user has spoken up about their account being compromised as well, with a total of 0.4361 BTC stolen (equal to $284.82 USD); you can view the transaction on the blockchain.
It’s clear from the multiple users that someone or some group of hackers are targeting Kraken maliciously to try to steal bitcoin from the exchange users. This shouldn’t come as a total surprise to people, as we reported earlier this month that bitcoin exchanges have been the target of hackers specifically due to a recent data breach. Isle of Man bitcoin exchange CoinCorner took heed of the news, and immediately implemented changes to their exchange to improve their security.
Two factor authentication
It should go without saying, anyone that has bitcoin accounts whether on exchanges or wallets, must have two factor authentication (2FA) turned on. Typically most thefts that occur can be avoided by simply having this second layer of security turned on. This should also be applied to your email account too.
In the case above where the user had funds stolen, they did not have 2FA turned on, which sealed their fate. They do however have good suggestions for improvenemt on how Kraken can improve their overall security, such as requiring email confirmation for withdrawal reqauests.
Kraken did reply on social media to the user, saying,
“We’re very sorry your brother’s account was compromised. Thank you for voicing your concerns comprehensively. We appreciate the feedback. Moving forward, we’ll look for ways to better communicate to clients the importance of setting up 2FA for login and other security features, and to protect customers “even from themselves”, as you put it. Email withdrawal confirmations were never implemented as 2FA for login provides better protection (still protects you if both your password and email are compromised), but we’re taking your advice to heart and will consider adding these.”
For those that don’t have 2FA turned on, it’s imperative that you do so. If you’re looking for more tips on how to secure your Kraken account, visit their help center for details.