The privacy of your personal information is very important to us. We relentlessly work to protect your information through the dedicated design efforts of our Security Team. For more than a decade, we’ve been building an industry leading security practice led by some of the top security experts in the world. Below is an overview of some of the controls we have in place that help to ensure your personal information is kept safe and secure.
Account Security
We provide our clients some of the most robust security tools and features in the industry. In addition to being able to set very strong passwords and add multiple layers of multi-factor authentication on your account, we support securing your authentication with a FIDO2 device and requiring extra approval for any new computer or mobile device that attempts to access your account. We also provide you with device management capabilities, allowing you to revoke device-level access at any time. With Kraken, you are able to whitelist crypto withdrawal addresses and lock your account so that no new addresses can be added. Finally, in addition to all of these platform features, we also provide a number of guides for your personal security education and to help you ensure your account is properly secured.
Document Security
All documents uploaded to our website are watermarked. This means that in the unlikely scenario our security systems are breached, your documents will not be re-usable elsewhere.
Database Security
Databases containing sensitive client data are not accessible from the Internet. They are also encrypted and cannot be decrypted without access to multiple highly secured systems. Access to these systems is strictly controlled and monitored.
Security Compliance
Our Security Program is proudly both ISO 27001 and SOC 2 Type 1 certified. We are also validated against all of the security requirements of the regulatory bodies in which Kraken is obligated to comply with. We follow a risk-based approach to facilitate constant improvement within our program and to ensure that we are spending time and resources on the most impactful security improvements at any given time.
System Security
All of our employees are issued laptops and mobile devices that are fully managed. These devices are hardened and secured well beyond security best practices. All devices have their storage fully encrypted and are passphrase protected. All authentication to internal systems requires hardware based multi-factor authentication. Only devices that are issued by Kraken can access our internal systems, with added security controls around access to systems containing client data.
Physical Security
All of our data centers are in undisclosed locations with state of the art security technology and armed guards. No single individual at Kraken is able to access our physical systems alone. Access is strictly controlled and all activity is monitored by a dedicated global team 24/7.
Security Monitoring and Response
We have a globally distributed team dedicated to monitoring our networks, systems and both internal and external applications for potential threats and malicious activity. We monitor the external world for context on the latest phishing sites, social media impersonations and scams targeting our clients. We triage, investigate, respond and remediate every potential incident that is discovered by our robust monitoring and response capabilities.
Vulnerability Management
Every single external facing system is constantly tested for potential vulnerabilities. Every line of code that makes its way into both external and internal facing applications is reviewed for potential vulnerabilities. We also invite the security community to help test our systems through our Bug Bounty Program. All findings are prioritized by risk (likelihood and impact) and remediated accordingly.
Crypto Security
We use advanced cold storage and hot wallet solutions to secure your funds. Our crypto infrastructure resides in secure cages under 24/7 surveillance by armed guards, alarm systems and CCTV monitoring. Kraken was one of the first exchanges to receive a Proof of Reserves audit. This is periodically working with an external auditor to perform an audit aimed at developing greater trust and transparency in the assets held within our exchange and on-chain staking service. You can log in to your account and verify that Kraken had custody of the covered tokens in your account at the time of the audit.