Right. And not only absence of basic email verification, there's absence of confirmation through SMS too. Both are easy ways to be protected, while 2fa means lot of troubles if you lose, break or accidentally format your smartphone.
What do you mean exactly "crooks from the top down"?
Agreed. Kraken's security options are fucking idiotic.....unless the plan is all along to keep a good portion of their customers in 'unprotected' mode, in order that customer accounts can be periodically dipped into.
'crooks from the top down', would be if Jesse Powell was sitting around a table, discussing with high level management, a system whereby they could rob their customers whilst having plausible deniability, and having a plausible case that Kraken offered it's customers bullet proof security, if only it's customers had utilised it.
More likely, are rats within the woodwork at Kraken, who see how shockingly bad Kraken's security system is, and who routinely take advantage of it. I have seen many cases on reddit of users complaining about Kraken accounts being emptied, only to be told by the exchange, that their computer must have spyware on it, etc etc.
It is mad how this doesn't seem to have affected Kraken's reputation in the slightest.