This guide will examine the specifics of the Kraken cryptocurrency exchange and determine if it is a safe platform to use for crypto trading. We’ll take a close look at Kraken’s security measures, which are in place to protect it from hackers and preserve the network’s safety.
In addition, you’ll also discover the company’s key features, reliability, customer service, regulatory license, and security report. For further information about the platform and its core products, read our comprehensive Kraken review.
Kraken is a cryptocurrency exchange based in the United States that was launched in 2011. In addition to exchanging cryptocurrencies for fiat money, the exchange also supplies pricing information to Bloomberg Terminal.
The centralized exchange is managed by its parent firm Payward, Inc, where security is taken seriously at the company, evidenced by the two-day security training new employees receive before spending three days configuring office PCs and passwords.
Not to mention a 70-item checklist of suggested personal security precautions, such as setting up hardware token login authentication for personal devices and installing home alarms.
Kraken core products and features
On top of buying and selling cryptocurrencies, Kraken allows customers to trade across numerous different digital assets.
For example, the platform supports more than 55 cryptocurrency coins and tokens, as well as seven fiat currencies for deposits and withdrawals to and from bank accounts.
Spot trading encompasses buying, selling, and trading between assets on the spot market. Here, the trades are settled instantly, and the assets are delivered on the spot. What is more, users can either complete market orders or limit orders to be fulfilled at a later price point.
Margin trading allows you to take advantage of market fluctuations by increasing your gains and losses. If you want to purchase (go ¨long¨) or sell (go ¨short”) on a range of cryptocurrencies with up to 5x leverage, you may do so with Kraken’s sophisticated trading engine.
On the other hand, futures trading is a more complex kind of trading where buyers and sellers enter into futures agreements or contracts to settle the trade at a later date for a specified price.
Over the counter (OTC) trading
Over the counter (OTC) refers to the settlement of orders between buyers and sellers that are generally too big to be listed on the platform’s order book. Traders are able to engage more directly with the platform, which acts as a middleman to ensure secure transactions are carried out. Respectively, trades on the Kraken OTC desk are 100,000 USD minimum.
To maximize your holdings, you can stake coins and fiat that would otherwise be held in your Kraken account and not earn interest. Users can earn staking rewards on top of their assets, which can then be compounded to increase the value of your holdings.
Similar to other major crypto exchanges, Kraken allows customers to access their accounts via an API. Using the Kraken API, one may have access to publicly available market data as well as user-specific data.
iOS Android and Web
Android and iOS users can download Kraken’s mobile applications in order to access the exchange. Resultantly a solid solution for consumers who want greater freedom when accessing their accounts, especially on the go.
By the same token, Kraken’s mobile app comes in three variations: Investing, Pro trading, and Futures trading, with each of them having unique features.
Key security measures
Working within Kraken, there is an international team of top security specialists who adopt a risk-based approach to ensure that its customers’ assets are safeguarded to the highest standards while maintaining excellent performance and an unrivaled client experience.
In addition to establishing security programs for the world’s leading companies, Kraken’s team has years of experience investigating some of the largest consumer data breaches and continues to develop security technologies trusted by a myriad of organizations.
Kraken asserts it has “industry-leading security” and that “safeguarding your funds and your privacy” is its primary objective. In point of fact, despite being one of the oldest crypto exchanges, Kraken has managed to keep its clients’ funds secure without ever reporting a security breach.
In addition to that, to avoid the theft of money or information, their team of specialists has implemented various advanced security measures by providing a holistic approach to safeguarding your assets and investments.
As a licensed exchange, it offers financial stability, full reserves, strong banking connections, and adherence to the highest levels of legal compliance. Not to mention, through Kraken Security Labs, the exchange analyzes third-party services and products to discover, disclose, and resolve flaws before criminals exploit them.
Due to its rigorous adherence to financial rules, Kraken has evolved to become one of the largest and most reputable cryptocurrency exchanges since its inception.
Watch the video: Chief Security Officer Nick Percoco outlines Kraken’s security strategy
As an additional security measure, the company runs a Bug Bounty program to tap into the exhaustive knowledge and experience of the security researchers’ community.
Bug bounties are typical security programs that incentivize researchers to disclose any system flaws they uncover, a specialized team of experts tests every possible attack vector.
When it comes to user safety, Kraken thinks that security experts and developers can make a significant impact. As a result, through its Bug Bounty Program, Kraken has created and promoted coordinated vulnerability disclosure (CVD). Kraken is now better prepared to safeguard its clients in the digital currency market as a consequence of the effort.
Security guards and video monitors keep a constant eye on Kraken´s servers, housed in cages under 24-hour surveillance. For good measure, there is firm control over physical access and code deployments; for instance, a thorough evaluation is required before something moves.
Encryption at both the system and data level is utilized to secure all sensitive account information in transit and at rest. This means that access to the system is strictly controlled and monitored at all times.
Safe coin storage
The majority of Kraken’s deposits are maintained in offline, air-gapped, geographically dispersed cold storage. If you need to withdraw funds urgently, the exchange has a complete supply of reserves on hand.
Kraken safeguards personal information since the company values the privacy of all visitors to its website and is dedicated to taking all reasonable precautions to protect current and potential clients, candidates, and internet visitors.
In like manner, Kraken has put in place all of the necessary and suitable technological and organizational safeguards and processes to keep your data safe at all times.
By way of illustration, Kraken educates and instructs all of its workers on the significance of regularly protecting, preserving, and respecting your personal information and privacy.
For that matter, Kraken takes violations of people’s privacy extremely seriously and will take appropriate disciplinary action, which may include firing.
On top of everything, the exchange also has a designated Group Data Protection Officer to guarantee that the company maintains and processes personal information per applicable privacy and data protection laws and regulations, as well as the company’s own policies.
Kraken customer security features
Device approval code
The device approval code is a six-digit number that Kraken will send to your email when a new device attempts to sign in to your account for the first time. Your Sign-in 2FA code is not to be confused with this one. Many account takeovers occur through phishing attacks when an attacker intercepts a client’s login credentials and uses them to sign in from the attacker’s device.
The attacker could access your account before this functionality was implemented by visiting the sign-in page and rapidly inputting the credentials you inadvertently supplied along with the 2FA code. This code thus adds an extra layer of security to protect you from phishing scams.
As a precaution, if you believe you have been the victim of phishing, take the following steps to protect your Kraken account:
- To freeze your account, contact Kraken Live Chat professionals by clicking the chat button at the bottom of the page and letting them know about the suspicious behavior that has occurred;
- Krakens webform allows you to submit a support ticket by selecting the “Report Suspicious Activity” option from the dropdown menu;
- If you have a Kraken account and an email linked with that account, change the passwords for both of them. Make sure that you use the proper URL of www.kraken.com/sign-in to input your login credentials.
As soon as Kraken’s security team receives your support request, they will respond through email and help you in protecting your email and devices, as well as your Kraken account.
There are several steps you can take to prevent future breaches, and Kraken will give you the tools needed to keep your Kraken account up-to-date with all of the latest security measures.
As soon as any of the following actions are attempted on your account, you will be notified via email:
- Device approval;
- Password resets;
- Two-factor authentication changes;
- Global Settings Lock changes or deactivation;
- Adding or updating withdrawal addresses;
- Withdrawal requests.
The Security Shield is a tool that simplifies the process of configuring Kraken’s security measures. A quick check at your account’s security status might urge you to enable extra security features to attain the highest degree of protection provided by Kraken.
To view your signed-in devices, follow these steps:
- Sign in to your account to get started;
- In the top right corner, click on your name;
- Click on Security > Overview;
- Scroll to Device Management.
Before accessing Kraken, new devices must be authorized by an email code delivered to your inbox. Aside from that, if you see anything suspect, you may quickly disable any device you want under the Device Management area. The Security Shield has four levels, and when all four are activated, the Shield turns green and is set to Maximum:
- Critically Low (Enable Login 2FA);
- Low (Enable Funding 2FA);
- Medium (Setup Masterkey),
- High (Turn on Global Settings Lock).
Kraken’s Shield will glow green once you’ve enabled all security measures, indicating that you’ve reached the highest degree of protection currently possible.
Users using Security Shield will be alerted of new security features as they become available. Also, it will help you through the procedure to implement them quickly while simultaneously increasing your awareness about how secure your account is.
The Security area of your account offers session and device management tools to help prevent phishing attempts and provide you greater insight and control over your account security.
On this page, you may see all active devices on your account, when they were approved, and the corresponding location/IP address besides disabling any or all of the devices.
In order to delete a device, click on “Remove all devices” next to the ‘X’ to the right of that device.
Securing your account
Kraken places considerable emphasis on the security of your account and digital life. It is critical for customers to use the account security tools and guidance that it provides and to never share account access with anyone else.
Securing your Kraken Sign-In
- Use a username that is difficult to guess and has never been used on any other site before, if possible. Don’t give out your username to anybody else;
- A lengthy password (at least 15 characters) that is not used on any other website should be chosen;
- Preferably, use a YubiKey for Sign-In 2FA;
- Create a Master Key to provide extra security against password resets (in the event your email is hacked) and as a backup for your Sign-In 2FA.
Watch: what is YubiKey video.
Securing your Kraken settings
There are a number of additional security measures that you may take once you’ve verified and set up your Kraken account.
1. Configure two-factor authentication (2FA) for withdrawals, trading, and API access. It is worth noting these 2FAs, however, will only work if the Global Settings Lock is activated.
2. Activate the Global Settings Lock (GSL) to prevent unauthorized changes to your account settings and withdrawal addresses, even if an attacker has gained access to your account.
Similar precautions should be taken to safeguard your devices, email account, and internet connection as well.
Two-factor authentication (2FA)
For your Kraken account, two-factor authentication (2FA) is an additional layer of protection that ensures:
- The only person who is able to access your account is you, and only you;
- After logging in, you are the only one who can execute specific operations, such as depositing or withdrawing funds or trading.
As a result, potential attackers would require not only your login and password, but also possession of your 2FA device in order to gain entry (phone or YubiKey).
Watch the video: Adding 2FA and signing into your account with 2FA video
A Master Key is an extra password that enables you to:
- Even if your email account is hacked, you can prevent an unauthorized password reset (If enabled, the Master Key is required to reset your Kraken Sign-In Password);
- If you lose access to your sign-in two-factor authentication (2FA), you can bypass it (for this reason, Sign-in 2FA and Master Key should always be kept separate);
- If your account has the Global Settings Lock (GSL), disable it right away.
Methods accessible for use as your Master Key
- YubiKey device (most secure). A USB gadget that you enter into your computer produces a unique passcode every time you touch or press it;
- Authenticator app (moderately secure) often installed on a smartphone. This app creates a 6 to 8-digit passcode every 30 seconds, depending on the model;
- Static password (least secure; not recommended). If you prefer the Master Key to be a traditional password, as it’s less secure than the other alternatives, the password should be long and complicated enough to prevent guessing.
How to set up a Master Key
- You’ll need to log into your Kraken account;
- In the upper-right corner of the page, click on your name;
- Select “Security”;
- “2FA Settings” should be selected;
- In the “Master Key” section, click the “On/Off” dial and select the option you wish to use.
Global Settings Lock (GSL)
As a security measure, the Global Settings Lock (GSL) keeps your Kraken account from being altered by others and also keeps the information about the user’s accounts private.
The GSL restricts account modifications and should be activated once you have done setting up, confirming, and customizing your account.
Someone who obtains access to your account without the GSL enabled can disable or alter Two-factor Authentication (2FA) on your account, including the Master Key.
A hacker may hijack your account, and if the GSL isn’t enabled, they may simply switch off the trading 2FA, and then start to trade on your account.
- Security & Documents page
- Email Address
- Trading & ledger history
How to set up the Global Settings Lock? (GSL)
- To get started, log in to your Kraken account;
- In the upper-right corner of the page, click on your name;
- Choose Security > Global Settings Lock;
- Specify the amount of time it takes to unlock the GSL without a Master Key;
- Select the blue “Activate Global Settings Lock” button to activate the Global Settings Lock and finish the configuration.
This is an optional security feature that uses email encryption with Pretty Good Privacy (PGP)/ Gnu Privacy Guard (GPG) is a solid method to keep your correspondence private while also adding an extra degree of protection to your account.
PGP is a public-key encryption software that has become the most widely used email encryption standard. Additionally, PGP is used to sign communications so that the recipient may authenticate both the sender’s identity as well as the message’s integrity.
By way of illustration, PGP utilizes a private-key that must be kept secret, and a public-key that the sender and recipient must exchange. On the other hand, GPG is an implementation of the OpenPGP standards.
Setting up PGP/GPG will allow you to do the following:
- Verify Kraken automatic communications to ensure they originated from Kraken and were not altered with en transit;
- Receive encrypted automated emails from Kraken considering that some of these emails will include sensitive information, such as account recovery instructions, encryption offers an added degree of protection to the email chain;
- If your email is ever hacked, protect your Kraken account.
Watch: PGP encryption video.
To authenticate a Kraken account, you’ll need the following documents:
A valid government-issued identification document: This might be your passport, national identification card, or driver’s license. To establish an account with Kraken, you must be at least 18 years old;
A document that serves as Proof of Address: You can use several papers to verify your address. Bank statements, residency certificates, utility bills, and tax paperwork are just a few examples. Any document used to validate your proof of address must have been issued within the last three months;
A Social Security Number (SSN): For inhabitants of the United States, a Social Security Number (SSN) or an Individual Taxpayer Identification Number (ITIN) is required;
A passport photo: A passport photo is required for inhabitants of the United States and South Africa.
Levels of account verification
Kraken has four stages of account verification, each of which grants access to different features. They also require slightly different types of verification documentation.
- Starter: This is the most basic level of verification. There is no need for identification or evidence of residency. You simply need to enter your email address, phone number, date of birth, and physical address. This level has restrictions such as minimal crypto withdrawal amounts, no support for fiat deposits and withdrawals, restricted access to margin trading, and no access to Futures, the OTC desk, or the business account.
- Express: Only available to citizens of the United States, excluding New York, Washington, Texas, and US territories. The profession data and SSN are required for verification. This level grants no access to the Kraken Invest app, no support for crypto deposits, and withdrawals and fiat deposits are limited to a $ 9,000-lifetime limitation. Furthermore, this level does not have access to staking, futures, the OTC desk, or the business account.
- Intermediate: For inhabitants of the United States and South Africa, verification papers include a valid ID, evidence of residency, and a passport photo. Other criteria for US citizens include occupation information and an SSN. This category provides high restrictions on fiat currency deposits and withdrawals, as well as limitless constraints on crypto deposits. However, this verification level does not grant access to the dark pool, OTC desk, or business account services.
- Pro: This is the highest degree of verification, and it grants you access to all of Kraken’s products and services. The verification criteria for this level are similar to those for the Intermediate level, with the exception that you must complete a KYC questionnaire to give your financial information to the Pro level.
Kraken Proof-of-Reserves Audit Process
To verify to external parties, including its clients, that customer funds are correctly stored, Kraken uses a cryptographically-verified independent audit. Transparency and independently verifiable audits are essential for ensuring that firms maintain full reserves of client funds.
Kraken plans, among other things, to undertake frequent audits continuously. A separate auditor or several auditors may be used as there is no universally trustworthy auditor, thus qualms any doubts about a specific auditor’s qualifications.
Kraken Customer Support
Kraken provides global assistance via live chat 24 hours a day, seven days a week, with hundreds of full-time, committed client engagement professionals knowledgeable about crypto and financial services, as well as the platform’s products and services.
Staff is strategically located in all key markets, responding promptly with tailored solutions to your doubts in various languages, and working every day of the year — even on holidays — to provide the best possible customer service.
In fact, over 5 million tickets have been addressed, showing Kraken’s customer service staff has a demonstrated track record of providing timely, high-quality service.
Over and above that, clients have hands-on assistance or access to Kraken’s extensive collection of helpful support literature. There are plenty of helpful articles in Kraken’s Support Center that can assist you with troubleshooting issues or learning more on your own.
To recap, Kraken takes proactive measures to provide its clients security solutions, enabling them to better manage their accounts and ensure the safety of their funds. They are as follows:
- To keep your account secure, use 2FA (Google Authenticator and YubiKey);
- With self-serve account lock, you’ll get email confirmations for withdrawals;
- No account recovery through phone or SMS; your account remains in your control;
- Global settings lock to time lock for extra security;
- Secure communication via PGP-signed and encrypted email;
- When using Kraken, SSL encryption is used to protect you;
- Suspicious activity is constantly monitored in real time;
- Sensitive data is securely encrypted both at rest and in transit;
- 24/7 live chat and email assistance for urgent matters.
Taking everything into account, we would say that Kraken is a safe and secure cryptocurrency exchange. The platform has not suffered any security breaches since its inception.
With tools such as Global Settings Lock, Master Key, 2FA and information on how to secure externalities such as internet connection, email, and phishing, the platform has a multitude of security features in place to keep the exchange safe but also gives its clients a substantial amount of information on what they can do to fully maximise making their account security. While there are options for dealing with an account that has been compromised, there is also 24-hour customer service in the case of illegal access.
Kraken is also registered as a Money Services Business (MSB) with FinCEN in the United States and FINTRAC in Canada, which means that it conforms to the laws and regulations set in place by the financial authorities. Whatsmore it is trusted by hundreds of thousands of traders, institutions, and regulators, including Germany’s BaFin regulated Fidor Bank.
Finally, Kraken is the first exchange to showcase market data on the Bloomberg Terminal and to successfully pass an independent audit of its cryptographically verified proof-of-reserves.