Hi all
!! I'm writing this article as a warning to all users of Kraken.com !! This plattform is everything but secure and the support is everything else but helpfull !
Last Tuesday the 8th October my account was krakened (plundered !) by somebody and I was robbed 29'449 Euros (32'000 US$s) !! I had the 2FA enabled (already for the login which changes the code every 30 seconds!) and my gmail-account was definitely not compromised. All devices google shows in the my device list are mine and there we're no logins from anybody else. If they had access to either my password safe of google account then they would have tried at steal everything else too which they didn't! I'm using only cryptic 20-digit generated and unique passwords and 2FA wherever possible (always with the generated code that changes every 30 seconds). I also was not logged into the Kraken.com website at that point of time on any device as I was having dinner together with a colleague.
As I'm not a teenager anymore I don't check my mobile for every sound it makes.
The chronology of the robbery is like this:
1. Email - 19:27 2FA was updated
2. email - 19:28 withdrawal address added - confirmation needed
3. email - 19:29 withdrawal address deleted
4. email - 19:29 withdrawal address added - confirmation needed
5. Email - 19:45 withdrawal request made
6. email - 20:00 withdrawal request made
7. email - 21:10 account locked ==> I got it locked some when between 19:45 and 20:15 - so this email arrived with a delay of about one hour
When I saw the emails at around 19:45 I tried to logon to my Kraken account immediately and locked it immediately with the link in the email (which worked within about 2 seconds) when I could not login. Unfortunately the emails arrive with such a delay that the transfer was already executed when I saw the withdrawal request email. Both transfers we're executed at 19:44.
What security shall this be for us users? This is a super bad joke of Kraken.com !! After about 20 hours I got my account unlocked - the support even refused to even tell me if any transfer found place or if my 32'449 Euros are still there after they knew it's the owner writing with them - I saw that everything I owned was gone...
After collecting all the infos in a PDF (complete chronology which I also needed to file this to the police and FBI) I sent it to Kraken.com support asking them to help me and tell me exactly what happened and how this is even possible with the 2FA enabled ?!
The Kraken support is very unfriendly and of zero help!! I expected to get a least a protocol of my accounts activities of that day ! But NO - they refused to give out any information to me which is very suspicious (coin transactions are irreversible and the BS others also received that got robbed) - it already looked like an inside job before (how the hell should anyone have changed my 2FA ?!) and I assume that some people working for Kraken.com are multi-millionaires by now thanks to the robbed customers !
Here's why for me this is clearly an inside job: The 2FA was updated out of the blue sky and this is not be possible! I sold all my coins a few days before the 8th, transferred more BTCs to Kraken from my Poloniex account and prepared everything to pay out the 38'449 Euros I had on the account to my bank account. The same day of the robbery I luckily payed out the first 9000 Euros in the morning at 11:17 which arrived on my bank account the next day.
The remaining 29'449 Euros (32'000 US$s) are gone (3,92xy BTC) - the hacker did 2 transactions what I do not understand why (one of 0.0045 BTC and 42 seconds after that a second one of 3.92501 BTC, both we're executed at 19:44:05 and 19:44:47). I verified my account about 2 weeks before this happened (end of September), before that this would not have been possible. And I was in contact with the Kraken online support a few days earlier (chat) to ask them how to pay out Euros with SEPA. After writing a few days later I changed all the US$s I had into BitCoins and sold them for EUROS to be able to do the payout. So the Kraken support knew I was going to withdraw my money which makes me feel very strange and angry ... !
As Krakens emails arrive so late (after payments we're executed) Kraken is responsible for this loss of my money and should return it to me for the lack of security and for the delay with the emails! This i ZERO security and a disaster !
Crypto-owners be warned of using Kraken as I'm not the only one who was robbed and terribly helped after it happened by the support! Kraken is having NO security at all as the 2FA can be changed like this! When I added a new Bitcoin address to my verified Poloniex account to withdraw my 0.42548 BTC I had to verify myself with passport, photo and again with the mobile app. This is security! Kraken gives a shit about anyone's security or what happens to their users ! And they answer you like if you we're the last idiot!