When trying to regain access to kraken If you delete your account, you may be asked to join a video call with a support agent to prove your identity.
The central exchange announced last month that it had caught a person wearing a Halloween-style rubber mask trying to fool staff on the other end of the line, but to no avail.
The attackers had raised a number of red flags during the first round of checks, including not disclosing the names of assets held by the accounts. These flags now cause the agent working your case to request a video call to allow access to your account. During the call, Kraken personnel asked several more questions and verified the person's ID.
The attackers failed at this stage in dramatic fashion.
“Our agents were like, 'This is completely ridiculous.' This is a rubber mask that a guy is wearing,” said Kraken Chief Security Officer. Nick Percoco said decryption.
Percoco said the mask did not resemble the person the attacker claimed to be. The victim was a white man in his early 50s, so it appeared to Percoco that the gunman had simply grabbed a mask that vaguely matched his description.
And this isn't the first time someone has disguised themselves to trick the Kraken.
“[We] “Sometimes I see people wearing fake beards,” he said. decryption. “They show [ID] They look similar because they wear the same style of glasses, mustaches, and blonde hair. We see it sometimes. They never pass. ”
“But this is the first time someone has gone to a costume store for a mask,” he added.
To make matters worse, the attacker didn't even have a trusted ID. Although it contained accurate information, it was “obviously” photoshopped and printed on cardboard, Percoco said.
Although this was not a sophisticated attack, it highlighted how even sloppy fraudsters can gain access to private information of ordinary people. Percoco believes that even with such an unsophisticated attempt, attackers could be successful.
“I think I have to [work]” he said decryption. “Someone in disguise, someone who goes into another location and gets a copy of a government ID, prints it on glossy paper and holds it up…I think some exchanges will probably work.”. ”
He argued that some exchanges lack the same level of attention to detail that Kraken demands from its team. Percoco specifically points out companies that outsource support, arguing that this is likely to lead to mistakes.
If he's right, that means companies using centralized exchanges shouldn't always rely on them to fend off bad actors. To protect themselves, Percoco says users should deploy. two-factor authentication Prevent bad actors from obtaining personal information at all costs, “everywhere,” from email to beyond.
Even with these protections in place, users can still fall victim to phishing scams. To achieve the highest level of security, we recommend that you: FIDO2 and passkeywhich is a hardware key that allows you to turn your phone or laptop into your account password.
“Your passkey is cryptographically tied to the sites and applications you use it on, so you can't fool yourself into thinking you're logged in to Kraken,” he said.
Edited by Andrew Hayward
daily report meeting Newsletter
Start each day with the current top news stories, plus original features, podcasts, videos, and more.
