In a peculiar plot straight out of a heist film, a scammer sporting a rubber Halloween mask attempted to fool Kraken’s video verification process. Kraken’s security team, however, saw through the bizarre ruse. The centralized crypto exchange, which insists on top-tier security measures, shared details about the unusual attempt and warned users of the risks tied to low-level verification practices by some other platforms.
Kraken Security Thwarts Halloween-Style Mask Gambit
Last month, Kraken’s identity verification protocols put a scammer’s strategy to the test. The attacker, donning a rubber mask, tried to impersonate a Kraken account holder, attempting to sneak past an agent on the other side of the screen. But the scheme, equal parts comedic and concerning, raised suspicions from the start. According to Nick Percoco, Kraken’s Chief Security Officer, the video call request became necessary after the suspect couldn’t recall what assets were in the account—a big red flag.
When the Kraken agent connected with the person on the call, the rubber mask was quickly identified as a poor disguise. Percoco shared with Decrypt, “Our agent was like: This is absolutely ridiculous. This is a rubber mask the guy’s wearing.” The mask didn’t resemble the real account holder, a middle-aged Caucasian male, and was obviously a low-effort prop choice.
Repeated Attempts, Familiar Tricks
This isn’t Kraken’s first encounter with masked schemers. Percoco noted that it’s common for scammers to resort to fake mustaches or matching eyeglasses to fool identity checks. But as he described, the team often spots these attempts instantly. “They never pass,” he confirmed. Yet this marks the first instance of an attacker hitting up a costume store for a full-face mask.
The scammer’s sloppy ID didn’t help matters either. Percoco stated the ID was “clearly” Photoshopped and printed on cardstock, a rookie mistake despite using correct personal information.
Kraken’s Verification Standards vs. Industry Shortcomings
While Kraken’s strict security team caught this amateur attempt, Percoco raised concerns about other exchanges. He highlighted that companies relying on outsourced support teams might miss these red flags, leaving users vulnerable. In Percoco’s view, many exchanges lack Kraken’s detailed verification process, potentially giving sloppy fraudsters an entry point.
To combat these risks, Percoco advised users to employ two-factor authentication (2FA) “everywhere”—from emails to accounts. For ironclad protection, he champions FIDO2 and passkeys, which link directly to specific sites and accounts. With these, he explains, “you can’t be duped into thinking you’re logging into Kraken,” even if attackers somehow snag your information.
Leave a Reply
You must be logged in to post a comment.