hello
I know what happened and this is a flaw at Kraken: I explain to you with the evidence.
My Gmail account was hacked, the thief could not access the administration of my kraken account the first time on January 15 and January 16. In reality, he never had the 2FA code. The flaw that exists in the kraken system allowed him to return on the 19th and access the administration without a code this time. Indeed when we do not have the administration code on kraken your system allows you to return 3 days after with all open is accessible.
The only protection that remains in this case is the notification on the Gmail account and like most of the time where there is error of code 2FA, there is a high probability of hacking of account and associated mail account therefore the notification is in this case worthless for protection is pragmatically zero. For better security in such cases The account will have to be blocked and deactivated and its reactivation will only be done with the verification of the identity of the user: it is logical.
Consequently, I believe that my account was stolen only because of this security problem and this flaw which I advise besides to correct quickly. It was the platform which enabled the thief to finalize his act by introducing withdrawal addresses and to proceed to withdrawal without my knowledge and without my authorization. It was Kraken who authorized the flight.
On my screenshots:
1- The logs make it easy to identify the connection of January 15 with an error of the 2FA master key and another test on January 16 with an error of 2FA and 3 days after January 19 no need for 2FA Kraken opened the doors.
2- I have had the experience for the past 3 days by putting in a false key master, therefore an error and this evening I was able to log in without a key master.
So theft could never have happened without this help from Kraken !!!!
logs and Kraken's Flaw:
https://private.joomeo.com/users/atmicroservices/albums/NWtZVkc3YjjFQjiJ6eZdHA/files/NWtZVkc3Yjg2bLiFUIymp4sVpBTKAjIsMr Arhab