If you believe your account has been compromised, complete the following actions:
- Lock your account by contacting our 24/7 Live Chat team
Navigate to the chat icon at the bottom right of this page. Provide the specialist with the email address associated with your Kraken account and notify them of the suspicious activity so they can lock your account immediately.
- Open a support ticket
In the drop-down menu, select ‘Sign-in troubleshooting & Account security’. In the second drop-down menu, select ‘Report Suspicious Activity’. Describe the incident in detail for our security specialists to review. They will follow up via email with further security instructions and get you back into your account as soon as possible.
Note: Live Chat support won’t be able to provide any details or advice regarding your ticket. For security reasons, all communications must take place via email or other means eventually specified by our security team.
- Secure your email and devices
Change your email account passwords and add (or change) the two-factor authentication method used. Also, scan your computer and devices for malware/keyloggers and update your devices to the latest software version.
- Reset your Kraken account password
Navigate to the Password Reset page and follow the recommendations and reqirements. If you have lost access to your email account, skip this step.
- Notify your bank
If your debit card was connected to your Kraken account and you believe it was used for unauthorized transactions, notify your bank immediately.
Recovering your Kraken account
Once you submit a support ticket, our team of security specialists will follow up via email to guide you through the process of securing your Kraken account and ensure that you have taken the necessary steps to secure your email. The account recovery process is a multi-step process that takes some time. Your patience is appreciated.
Note: To aid in a quick resolution of your case, it is important you read our emails in full detail and follow all the requested steps.
Protecting your Kraken account
The methods used for compromising an account are sophisticated and always evolving. It is important that you use all of the security features that Kraken offers and follow our advice on how to secure your account and digital life.
Once inside, they can generate and approve withdrawal addresses, potentially allowing the removal of funds. For this reason, it is essential that you secure your account with Sign-In 2FA, using either an authenticator app or the most secure option, a Hardware Security Key.
We strongly recommend you create an encrypted email account that is used only for Kraken. Never use the same passwords across multiple accounts.
For more information on securing your email, see this article.
Bookmark the Kraken sign-in page (www.kraken.com/sign-in) and never use search engines to navigate to our page. Always double and triple check the URL of any page you visit to ensure you are visiting the correct site.
If you believe you have visited a phishing site, search your recent browsing history for any ‘Kraken URL’ that differs from www.kraken.com and provide this to our security specialists so they can report the site and have it taken down.
Also, beware of phishing emails asking you for sensitive information. Check the domain of any email you receive from us regarding actions on your account and ensure they are from email@example.com. Kraken will never ask you for your email sign-in credentials.
For more information on phishing scams, see this article.
Some malware can come in the form of a keylogger which, once on your device, takes note of anything you type, providing attackers with sensitive sign-in credentials that they can use to enter your email or Kraken account. If you have downloaded malware onto your phone, it is possible an attacker could also view your two-factor authentication codes.
If you believe your device has been infected, we strongly encourage you to back up your data and factory reset the device. We understand this is inconvenient but this is the most certain way to ensure malware is no longer on your device. Additionally, enable a Hardware Security Key for 2FA as opposed to an authenticator app.
For more information on malware, see this article.
Whenever you generate new keys, make sure you only enable trading permissions on those keys where it is strictly necessary. Remember that sharing your API private key or QR code is the same as sharing your account password!
For more information on securely generating an API Key, see this article.
Beware of investment scams carried out via bogus online trading platforms. Never accept unsolicited investment offers made on social media or over the phone.
Do not share sensitive information regarding your investment activities on social media.