When the suspect failed to respond to basic questions during routine checks, suspicion was first aroused.
A scammer in a rubber Halloween mask attempted to trick the exchange’s support staff in an odd attempt to hack into a Kraken account, but they were quickly apprehended.
The centralized exchange revealed the incident last month, underscoring the lengths some attackers will go to bypass security measures.
When the suspect failed to provide basic information, like identifying the assets held in the target account, during routine checks, suspicion was first aroused.
As a result, the process was escalated by Kraken’s support agent, who needed to confirm the individual’s identity via video call.
Attacker Appears with Rubber Mask on the Call
The attacker pretended to be the legitimate account holder during the call by wearing a rubber mask and presenting a fake ID.
But the attempt was a disastrous failure.
“Our agent was like, ‘This is absolutely ridiculous. This is a rubber mask the guy’s wearing,’” Kraken’s Chief Security Officer Nick Percoco said.
The real account owner, a white man in his early fifties, did not even look like the mask.
Percoco surmised that the assailant had merely snatched up a generic mask that somewhat fit the description.
🤡 🐙 Un escroc tente de détourner le compte crypto Kraken de sa victime en portant un masque en caoutchouc…
— Goku 🗞 (@Crypto__Goku) November 9, 2024
Le masque de très mauvaise qualité correspondait "vaguement" au véritable client selon Kraken.
Lorsque vous essayez de récupérer l'accès à votre compte Kraken, il se… pic.twitter.com/A1LVAYUU5I
Additionally, the fraudster produced a clearly falsified ID.
Percoco pointed out that it was “clearly Photoshopped and printed onto card stock,” which further undermined the attacker’s credibility.
Even though the attempt was not very sophisticated, Percoco pointed out that similar scams could be successful in other places.
He pointed to businesses that outsource customer support, saying that “some exchanges do not have the same level of attention to detail that Kraken demands,” which he said raises the possibility of errors.
Kraken has previously come across unconventional fraud attempts. Percoco recounted earlier instances of phony mustaches and altered looks.
The security chief admitted that less careful interactions might miss such ruses, even though these techniques have never worked at Kraken.
Percoco stressed the significance of two-factor authentication (2FA) on all accounts, including email, in order to prevent breaches.
He suggested FIDO2 passkeys, which are hardware-based keys that cryptographically bind to particular websites and applications, for even more security, making phishing attempts all but impossible.
He clarified, “Passkeys make sure you can not be tricked into believing you are logging into Kraken.”
DHS Investigators Prevent Hundreds of Ransomware Attacks
According to reports, since 2021, the Department of Homeland Security (DHS) has stopped hundreds of cryptocurrency scams and recovered billions of dollars in stolen cryptocurrency.
537 ransomware attacks have been stopped by DHS investigators before they could do significant harm.
Since U.S. government agencies have been the main targets of these cyber threats, the effort, spearheaded by the Homeland Security Investigations (HSI) Cyber Crimes Center, has proven especially important for protecting them.
Meanwhile, phishing attacks remain a major issue for crypto users, resulting in substantial losses.
In September alone, more than 10,000 individuals lost over $46 million to such scams, as reported by Scam Sniffer, a Web3 anti-scam platform.
According to the platform, 10,805 victims lost $46.7 million as a result of different crypto phishing schemes.
Ether wallets were the main targets of phishing attacks that resulted in the theft of over $127 million worth of cryptocurrency assets in the third quarter of 2024.