Re: I've been Kraken'ed...Hacked. 1-27. with 2FA enabled!!.. Warning!
I won't say too much about what security measures I take only because I don't want that out in the wild,
I will PM some of these details to you.
I will say, I use a 2FA with a separate device that is not connected in anyway to my PW, everything regarding computer or devices are locked or 2FA, there's no other humans that could have physically infiltrated. and nothing touches each other. really all of this wouldn't account for the email chain I received as the hacker's infiltrated my account from Kraken (not phishing/spoof and even if they were, a reminder I only saw these after the hack had happened and I had made a service request from
https://www.kraken.com)
From Kraken, In order. on 1-27. (not the exact language of the emails, I'm abbreviating)
1.Username requested.
2.Password reset requested.
3. Alert Your password has been reset.
4. 2FA bypass requested.
5. Withdrawal Address requested (this would have required a whole new 2FA entry from a device only I Possess)
6. 2FA updated (strange how this was updated but my original 2FA still works now that my account has been unlocked)
7. Withdrawal requested.
Those 7 things were all done within 9 minutes per the emails received. Because I rarely use Kraken those emails were not seen by me at the time, and hidden amongst spam, etc., but really this done in 9 minutes is striking and with me in possession of my 2FA at the time.
I also never received an email confirming the withdrawal was made, which I'm pretty sure I've received in the past, the next email in the chain from kraken is my receipt of service request made.
All of this print screen evidence was provided in the ticket that was concluded as "internal investigation is complete" and with me to "file a police report". I should mention.
FWIW. I haven't even mentioned my PW being bypassed. Simply because I have to concede a password put in the wild IS possible, but is very highly unlikely, and to link it to this account/email/ and first request was a username?... um.
And again. you know. 2FA
I will PM some of these details to you.
I will say, I use a 2FA with a separate device that is not connected in anyway to my PW, everything regarding computer or devices are locked or 2FA, there's no other humans that could have physically infiltrated. and nothing touches each other. really all of this wouldn't account for the email chain I received as the hacker's infiltrated my account from Kraken (not phishing/spoof and even if they were, a reminder I only saw these after the hack had happened and I had made a service request from
https://www.kraken.com)
From Kraken, In order. on 1-27. (not the exact language of the emails, I'm abbreviating)
1.Username requested.
2.Password reset requested.
3. Alert Your password has been reset.
4. 2FA bypass requested.
5. Withdrawal Address requested (this would have required a whole new 2FA entry from a device only I Possess)
6. 2FA updated (strange how this was updated but my original 2FA still works now that my account has been unlocked)
7. Withdrawal requested.
Those 7 things were all done within 9 minutes per the emails received. Because I rarely use Kraken those emails were not seen by me at the time, and hidden amongst spam, etc., but really this done in 9 minutes is striking and with me in possession of my 2FA at the time.
I also never received an email confirming the withdrawal was made, which I'm pretty sure I've received in the past, the next email in the chain from kraken is my receipt of service request made.
All of this print screen evidence was provided in the ticket that was concluded as "internal investigation is complete" and with me to "file a police report". I should mention.
FWIW. I haven't even mentioned my PW being bypassed. Simply because I have to concede a password put in the wild IS possible, but is very highly unlikely, and to link it to this account/email/ and first request was a username?... um.
And again. you know. 2FA