BPOI Banner
Scammer Tried to Hijack Kraken Crypto Account Wearing Rubber Mask of Victim Scammer Tried to Hijack Kraken Crypto Account Wearing Rubber Mask of Victim

Scammer Tried to Hijack Kraken Crypto Account Wearing Rubber Mask of Victim

When trying to regain access to your Kraken account, you may be asked to jump on a video call with a support agent to prove you are actually who you say you are.

Last month, the centralized exchange said it caught someone wearing a Halloween-style rubber mask attempting to fool the worker on the other side of the call—but it didn’t work.

The attacker had raised a number of red flags during the first round of checks, such as failing to name the assets that the account held. These flags caused the agent working the case to require a video call to grant access to the account. During the call, the Kraken worker asked some more questions and checked the person’s ID.

The attacker failed this stage—in dramatic fashion.

“Our agent was like: This is absolutely ridiculous. This is a rubber mask the guy’s wearing,” Kraken Chief Security Officer Nick Percoco told Decrypt.

The mask didn’t even look like the person the attacker was claiming to be, Percoco said. The victim was a Caucasian male in his early 50s, so it appeared to Percoco that the attacker simply grabbed a mask that vaguely fit the description.

And this isn’t the first time someone has worn a disguise in an attempt to fool Kraken.

“[We] see things, from time to time, where people put on a fake mustache,” he told Decrypt. “They show [ID] and it looks close because they wear the same style glasses, have a mustache, and have blonde hair. We see that from time to time. They never pass.” 

“But this is the first time,” he added, “that someone has gone out to the costume store to get a mask.”

To make matters worse, the attacker didn’t even have a believable ID. It was “clearly” Photoshopped and printed onto card stock, Percoco explained, albeit with the correct information on it.

While this wasn’t a sophisticated attack, it highlights that even sloppy scammers can potentially gain access to the private information of everyday people. Even with such an unpolished attempt, Percoco believes, attackers could see success.

“I think it must [work],” he told Decrypt. “I think people wearing disguises, people who breach another place and get a copy of your government ID, and then print it out on glossy paper, holding that up… for some exchanges, that probably works.”

He claimed that some exchanges do not have the same level of attention to detail that Kraken demands from its team. Percoco specifically points to companies that outsource their support, claiming that this is more likely to lead to mistakes. 

If he’s correct, then this means that those using centralized exchanges shouldn’t always rely on the company to fend off bad actors. To protect themselves, Percoco says, users should deploy two-factor authentication “everywhere”—from your email to well beyond—to prevent bad actors getting any personal information at all costs.

Even with such protection methods employed, a user can still fall for phishing scams. For the top level of security, he recommends using FIDO2 and passkeys, which are hardware keys that can turn your phone or laptop into your password for an account.

“Passkeys are cryptographically bound to the sites and the applications you’re using them with,” he said, “so you can’t be duped into thinking you’re logging into Kraken.”

Edited by Andrew Hayward

Daily Debrief Newsletter

Start every day with the top news stories right now, plus original features, a podcast, videos and more.

Source link

Ryan Gladwin

https://decrypt.co/290443/scammer-hijack-kraken-crypto-account-rubber-mask

2024-11-09 16:54:51

bitcoin
Bitcoin (BTC) $ 89,648.02 0.07%
ethereum
Ethereum (ETH) $ 3,033.27 3.45%
tether
Tether (USDT) $ 1.00 0.01%
solana
Solana (SOL) $ 211.42 1.97%
bnb
BNB (BNB) $ 613.13 3.88%
dogecoin
Dogecoin (DOGE) $ 0.36509 8.10%
xrp
XRP (XRP) $ 0.895577 15.77%
usd-coin
USDC (USDC) $ 1.00 0.02%
staked-ether
Lido Staked Ether (STETH) $ 3,032.02 3.41%
cardano
Cardano (ADA) $ 0.663776 18.52%
tron
TRON (TRX) $ 0.188048 5.12%
shiba-inu
Shiba Inu (SHIB) $ 0.000024 4.86%
the-open-network
Toncoin (TON) $ 5.32 0.63%
avalanche-2
Avalanche (AVAX) $ 32.24 0.32%
wrapped-bitcoin
Wrapped Bitcoin (WBTC) $ 89,377.95 0.04%
wrapped-steth
Wrapped stETH (WSTETH) $ 3,602.54 3.15%
sui
Sui (SUI) $ 3.32 2.70%
pepe
Pepe (PEPE) $ 0.000022 4.16%
weth
WETH (WETH) $ 3,033.01 3.55%
chainlink
Chainlink (LINK) $ 13.38 0.73%
bitcoin-cash
Bitcoin Cash (BCH) $ 423.50 0.65%
polkadot
Polkadot (DOT) $ 5.03 2.01%
leo-token
LEO Token (LEO) $ 7.56 1.20%
near
NEAR Protocol (NEAR) $ 5.34 2.21%
litecoin
Litecoin (LTC) $ 82.83 0.73%
aptos
Aptos (APT) $ 11.54 0.02%
wrapped-eeth
Wrapped eETH (WEETH) $ 3,194.69 3.51%
usds
USDS (USDS) $ 0.996551 0.31%
uniswap
Uniswap (UNI) $ 8.25 2.17%
crypto-com-chain
Cronos (CRO) $ 0.161067 1.06%
stellar
Stellar (XLM) $ 0.136833 4.61%
internet-computer
Internet Computer (ICP) $ 8.45 3.19%
dogwifcoin
dogwifhat (WIF) $ 3.75 7.30%
bittensor
Bittensor (TAO) $ 500.42 1.18%
ethereum-classic
Ethereum Classic (ETC) $ 22.71 2.53%
kaspa
Kaspa (KAS) $ 0.13276 9.57%
dai
Dai (DAI) $ 1.00 0.04%
fetch-ai
Artificial Superintelligence Alliance (FET) $ 1.24 3.51%
whitebit
WhiteBIT Coin (WBT) $ 22.29 0.28%
ethena-usde
Ethena USDe (USDE) $ 1.00 0.12%
polygon-ecosystem-token
POL (ex-MATIC) (POL) $ 0.357133 2.37%
bonk
Bonk (BONK) $ 0.00004 5.53%
blockstack
Stacks (STX) $ 1.83 2.52%
monero
Monero (XMR) $ 143.34 1.95%
hedera-hashgraph
Hedera (HBAR) $ 0.069399 4.52%
first-digital-usd
First Digital USD (FDUSD) $ 1.00 0.14%
okb
OKB (OKB) $ 43.56 0.40%
render-token
Render (RENDER) $ 6.62 5.35%
filecoin
Filecoin (FIL) $ 4.19 6.14%
aave
Aave (AAVE) $ 160.67 2.51%