Bitcoin Forum

I've been using Kraken since last year with no problems until 15.11.2018.

I've bought some BTC and credited my account. A few hours later I've tried to log in to check my account and make some trading but I couldn't log in! Every time I enter my login details the site gives the aforementioned error "invalid login". I was afraid and changed my password, but this didn't help, everything is correct but I cannot log in. I escalated the problem to Kraken support but I still don't have an answer. Yesterday in the support chat an employe has locked my account until the problem is solved but I didn't receive a confirmation mail.

Before my login attempts, my phone received a notification from Gmail with an automated email from Kraken for a withdrawal, but after 2 seconds this notification disappeared as if it were some kind of bug. Then I tried to log in and the whole story from above happened.
I checked my Gmail for a suspicious login but the "last activity" function is available only for the last 24 hours and I can't see the day before that.

I'm still waiting for a response, it's been 3 days with no answer at all and I'm very worried...

And by notification disappeared, you're referring to the email? I don't see how is that possible unless your devices have been compromised and someone removed the email but If they locked your account, It's more then likely that they have detected a suspicious activity, all you can do now is wait for their investigation and response which could take few days/weeks.

My account is restored now, but my funds are gone, Kraken confirmed my account was somehow compromised. No one has used my GMail, there is no evidence or traces left. Every login and device from the account history is my personal - only my home PC and phone. The attacker did steal the funds right AFTER my last deposit! He exchanged the BTC to ETH and then withdraw all of it.

Here is a screenshot: http://images2.imagebam.com/cf/33/e7/24cfc61038333964.PNG

What can I do now?

Obviously not a bug, the attackers deleted it, they have full access to your gmail account as well as your personal life.

Say goodbye to your money, but what you should do now is:

1. reflash and reformat your both phone and PC because one of them is infected with a form injecting malware targeting cryptocurrencies, your case is very common lately
2. change your Kraken password and make sure it is not used on other sites (only after the 1st step, changing your password right now will not help)
3. enable 2FA in your Kraken account. Would not helped in that particular case because they might control your phone and read sms, but still you should use 2FA. I would recommend buying a separate cheap 15$ phone and sim card for receiving 2FA sms exclusively, because it looks like in your case this can likely happen again.

So  it comes from your side.
When you add a new address to withdraw to, Kraken sends an email with a link to click to confirm. Only then you can make a transfer out with the new address. As the person got access to your email I would rather check your mail password, forwarding rules, OS scan, and the routine.
If it was coming from Kraken, not only 1 account would have been hacked.

You really can't expect to do much at this point.

First of all, secure all of your devices and withdraw any of your assets that you still have online into a safe place (preferably into a wallet/address not generated by your devices). It could be entirely possible that your email or potentially all of your devices have been compromised, which would be the only explanation why nothing shows up regarding any potential intruders other than your own device on Kraken.

That's the only step you can take at the moment. There is no chance that Kraken would be able to refund you or you be able to track down the hacked funds, though you could potentially ask them for more details (which I don't think will help much, honestly).

Plus, if 2fa is possible do it for the safety of your account as well, I'm sure if you have set the 2fa then it will never happen to you. And also strong premium anti-virus is a big help to prevent malicious malware in your device(s).

2fa 2fa 2fa. No 2fa and you can kiss your coins goodbye. Not sms 2fa. Authenticator only. If you use gmail make sure to have 2fa enabled - not sms. Make sure gmail is not forwarding your mail, no third party access, lock it down. Use a dedicated account just for business.

You can lock down everything in kraken. Best do it. Thieves are everywhere.

My Kraken account is also hacked, is Kraken trustworthy ? https://bitcointalk.org/index.php?topic=5171007.msg52020988#msg52020988