Fraudster Uses Rubber Mask to Impersonate Kraken Customer in Failed Account Hack

A fraudster recently made an attempt to hack into a Kraken exchange account by wearing a rubber mask, only to be caught red-handed. The bizarre scam, which was swiftly foiled by Kraken’s vigilant customer support team, highlights the extent to which some criminals will go to bypass security measures.

The attempted hack occurred last month, with the suspect triggering suspicion during routine verification checks. Failing to answer basic questions, the fraudster escalated the situation by attempting to impersonate the real account holder using a rubber Halloween-style mask. Unfortunately for the attacker, the mask was easily spotted, and the whole incident turned into a rather comical failure.

Masked and Doctored: A Desperate Attempt at Deception

During the video verification call, Kraken’s support agent was immediately suspicious of the individual’s appearance. The fraudster had donned a rubber mask that failed to resemble the legitimate account holder. The real customer, a Caucasian male in his early 50s, was far from the face staring back at the Kraken agent. According to Kraken’s Chief Security Officer, Nick Percoco, the fraudster appeared to have grabbed a generic mask that vaguely matched the description of the real customer.

But it wasn’t just the mask that raised red flags. The attacker also presented a doctored ID in an attempt to further impersonate the account holder. Percoco described the ID as “clearly Photoshopped and printed onto card stock,” a clear giveaway that the fraudster was attempting a flimsy deception. The incident, though absurd, sheds light on the lengths to which some attackers will go in order to access cryptocurrency accounts.

Kraken’s Unyielding Security Measures

Despite the weak attempt, Kraken’s security team was able to quickly identify the fraudster’s scheme. Percoco noted that while this particular hack failed miserably, other exchanges with less rigorous security measures may not have been as fortunate. “Some exchanges do not have the same level of attention to detail that Kraken demands,” Percoco explained. He pointed to companies that outsource customer support as a potential vulnerability, claiming that such lapses in attention could allow similar scams to succeed elsewhere.

This isn’t the first time Kraken has encountered unusual fraud attempts. Percoco recalled past incidents involving attackers trying to disguise themselves with fake mustaches and altered appearances. However, these attempts were no match for Kraken’s strict identity verification processes. Percoco added that the exchange’s comprehensive customer service team and focus on security were key factors in catching these would-be fraudsters.

Protecting Accounts: Two-Factor Authentication and FIDO2 Passkeys

To safeguard against attacks like this, Kraken’s security chief emphasized the importance of two-factor authentication (2FA) on all accounts. 2FA provides an additional layer of protection, ensuring that even if a hacker gains access to a user’s password, they will still need a second form of verification to log in.

For even greater security, Percoco recommended using FIDO2 passkeys—hardware-based keys that bind specifically to sites and applications. These passkeys are resistant to phishing attacks, as they cannot be intercepted or tricked into revealing login credentials. “Passkeys ensure you can’t be duped into thinking you’re logging into Kraken,” Percoco explained.

The Bigger Picture: Rising Crypto Fraud and Ransomware Threats

While Kraken successfully thwarted this hack, the wider crypto space continues to battle with an increasing number of fraud attempts. Phishing attacks, in particular, have been a persistent issue, leading to significant financial losses for unsuspecting users. In September alone, more than 10,000 people lost over $46 million to phishing scams, according to Scam Sniffer, a Web3 anti-scam platform.

Meanwhile, the Department of Homeland Security (DHS) has been working to combat the rise of ransomware and other cybercrimes in the crypto industry. Since 2021, DHS investigators have disrupted hundreds of crypto scams, recovering billions in extorted funds. In fact, DHS has already intercepted 537 ransomware attacks before they could cause widespread damage.

Despite these efforts, cybercriminals continue to find ways to target individuals and organizations in the crypto space. In the third quarter of 2024 alone, more than $127 million in crypto assets were stolen, with Ethereum wallets being the primary target for phishing attacks.

The Impact of Lax Security on Crypto Exchanges

With the ongoing rise in crypto-related fraud, security has become a major concern for exchanges. Kraken’s experience highlights the need for robust customer verification processes, especially when dealing with large amounts of cryptocurrency. While Kraken’s attention to detail and its team’s quick response likely saved the day in this case, other exchanges may not be as well-equipped to handle such audacious attempts at fraud.

At the end of the day, cryptocurrency users and exchanges alike must stay vigilant. The tactics may be unconventional, but the risks remain all too real.