If you believe your account has been compromised, complete the following actions:
- Lock your account by contacting our 24/7 Live Chat team
Navigate to the chat icon at the bottom right of this page. Provide the specialist with the email address associated with your Kraken account and notify them of the suspicious activity so they can lock your account immediately.
- Open a support ticket
In the drop-down menu, select ‘Sign-in troubleshooting & Account security’. In the second drop-down menu, select ‘Report Suspicious Activity’. Describe the incident in detail for our security specialists to review. They will follow up via email with further security instructions and get you back into your account as soon as possible.
Note: Live Chat support won’t be able to provide any details or advice regarding your ticket. For security reasons, all communications must take place via email or other means eventually specified by our security team. - Secure your email and devices
Change your email account passwords and add (or change) the two-factor authentication method used. Also, scan your computer and devices for malware/keyloggers and update your devices to the latest software version. - Reset your Kraken account password
Navigate to the Password Reset page and follow the recommendations and reqirements. If you have lost access to your email account, skip this step. - Notify your bank
If your debit card was connected to your Kraken account and you believe it was used for unauthorized transactions, notify your bank immediately.
Recovering your Kraken account
Once you submit a support ticket, our team of security specialists will follow up via email to guide you through the process of securing your Kraken account and ensure that you have taken the necessary steps to secure your email. The account recovery process is a multi-step process that takes some time. Your patience is appreciated.
Note: To aid in a quick resolution of your case, it is important you read our emails in full detail and follow all the requested steps.
Protecting your Kraken account
The methods used for compromising an account are sophisticated and always evolving. It is important that you use all of the security features that Kraken offers and follow our advice on how to secure your account and digital life.
Email compromise
This is a common way that a Kraken account can be compromised. If someone has control of your email, they can make username requests and password resets, allowing full access to your account if you haven’t enabled sign-in two-factor authentication or a Master Key to prevent unauthorized password resets.
Once inside, they can generate and approve withdrawal addresses, potentially allowing the removal of funds. For this reason, it is essential that you secure your account with Sign-In 2FA, using either an authenticator app or the most secure option, a Hardware Security Key.
We strongly recommend you create an encrypted email account that is used only for Kraken. Never use the same passwords across multiple accounts.
For more information on securing your email, see this article.
Once inside, they can generate and approve withdrawal addresses, potentially allowing the removal of funds. For this reason, it is essential that you secure your account with Sign-In 2FA, using either an authenticator app or the most secure option, a Hardware Security Key.
We strongly recommend you create an encrypted email account that is used only for Kraken. Never use the same passwords across multiple accounts.
For more information on securing your email, see this article.
Phishing Scams
One way phishing scams can occur is when you use a search engine (i.e. Google) to search the word “Kraken” and click on the first link you see. This can lead you to a phishing site that looks identical to the Kraken website. From here, the phishers will prompt you to enter your sign-in credentials as well as your sign-in 2FA and device approval codes in an effort to gain access to your account.
Bookmark the Kraken sign-in page (www.kraken.com/sign-in) and never use search engines to navigate to our page. Always double and triple check the URL of any page you visit to ensure you are visiting the correct site.
If you believe you have visited a phishing site, search your recent browsing history for any ‘Kraken URL’ that differs from www.kraken.com and provide this to our security specialists so they can report the site and have it taken down.
Also, beware of phishing emails asking you for sensitive information. Check the domain of any email you receive from us regarding actions on your account and ensure they are from noreply@kraken.com. Kraken will never ask you for your email sign-in credentials.
For more information on phishing scams, see this article.
Bookmark the Kraken sign-in page (www.kraken.com/sign-in) and never use search engines to navigate to our page. Always double and triple check the URL of any page you visit to ensure you are visiting the correct site.
If you believe you have visited a phishing site, search your recent browsing history for any ‘Kraken URL’ that differs from www.kraken.com and provide this to our security specialists so they can report the site and have it taken down.
Also, beware of phishing emails asking you for sensitive information. Check the domain of any email you receive from us regarding actions on your account and ensure they are from noreply@kraken.com. Kraken will never ask you for your email sign-in credentials.
For more information on phishing scams, see this article.
Malware
Malicious software or malware can infect devices by clicking on suspicious links provided to you via email or by visiting a suspicious website. Malware can also be introduced by downloading suspicious software onto your computer.
Some malware can come in the form of a keylogger which, once on your device, takes note of anything you type, providing attackers with sensitive sign-in credentials that they can use to enter your email or Kraken account. If you have downloaded malware onto your phone, it is possible an attacker could also view your two-factor authentication codes.
If you believe your device has been infected, we strongly encourage you to back up your data and factory reset the device. We understand this is inconvenient but this is the most certain way to ensure malware is no longer on your device. Additionally, enable a Hardware Security Key for 2FA as opposed to an authenticator app.
For more information on malware, see this article.
Some malware can come in the form of a keylogger which, once on your device, takes note of anything you type, providing attackers with sensitive sign-in credentials that they can use to enter your email or Kraken account. If you have downloaded malware onto your phone, it is possible an attacker could also view your two-factor authentication codes.
If you believe your device has been infected, we strongly encourage you to back up your data and factory reset the device. We understand this is inconvenient but this is the most certain way to ensure malware is no longer on your device. Additionally, enable a Hardware Security Key for 2FA as opposed to an authenticator app.
For more information on malware, see this article.
API Keys
API keys should be used with caution. Keep your API keys stored securely and in an encrypted format and be sure to properly vet any third-party service that you use your API keys with.
Whenever you generate new keys, make sure you only enable trading permissions on those keys where it is strictly necessary. Remember that sharing your API private key or QR code is the same as sharing your account password!
For more information on securely generating an API Key, see this article.
Whenever you generate new keys, make sure you only enable trading permissions on those keys where it is strictly necessary. Remember that sharing your API private key or QR code is the same as sharing your account password!
For more information on securely generating an API Key, see this article.
Some final security tips
Only use the official Kraken mobile apps published by Payward, Inc. Other apps claiming to be official Kraken apps are not ours and likely to be scams. If you have downloaded a fake Kraken app, delete it immediately and contact our support team.
Beware of investment scams carried out via bogus online trading platforms. Never accept unsolicited investment offers made on social media or over the phone.
Do not share sensitive information regarding your investment activities on social media.