Fraudster Uses Rubber Mask to Impersonate Kraken Customer in Failed Account Hack
The suspect initially triggered suspicion during routine checks, failing to answer basic questions.
In a bizarre attempt to hack into a Kraken account, a fraudster wearing a rubber Halloween-style mask tried to deceive the exchange’s support team but was swiftly caught.
The centralized exchange revealed the incident last month , underscoring the lengths some attackers will go to bypass security measures.
The suspect initially triggered suspicion during routine checks, failing to answer basic questions such as identifying the assets held in the target account.
This prompted Kraken’s support agent to escalate the process, requiring a video call to verify the person’s identity.
Attacker Appears with Rubber Mask on the Call
On the call, the attacker donned a rubber mask and presented a falsified ID, hoping to impersonate the real account holder.
However, the attempt backfired spectacularly.
“Our agent was like, ‘This is absolutely ridiculous. This is a rubber mask the guy’s wearing,’” Kraken’s Chief Security Officer Nick Percoco said.
The mask didn’t even resemble the legitimate account owner, a Caucasian male in his early 50s.
Percoco speculated that the attacker simply grabbed a generic mask that vaguely matched the description.
The fraudster also provided an ID that was obviously doctored.
It was “clearly Photoshopped and printed onto card stock,” Percoco said, further undermining the attacker’s efforts.
While the attempt was far from sophisticated, Percoco noted that such scams might succeed elsewhere.
“Some exchanges do not have the same level of attention to detail that Kraken demands,” he said, pointing to companies that outsource customer support, which he claimed increases the likelihood of lapses.
This isn’t the first time Kraken has encountered unusual attempts at fraud. Percoco described previous incidents involving fake mustaches and altered appearances.
While these methods have never succeeded at Kraken, the security chief acknowledged that less scrupulous exchanges might not catch such ruses.
To safeguard against breaches, Percoco emphasized the importance of two-factor authentication (2FA) on all accounts, including email.
For even greater protection, he recommended FIDO2 passkeys—hardware-based keys that cryptographically bind to specific sites and applications, making phishing attacks nearly impossible.
“Passkeys ensure you can’t be duped into thinking you’re logging into Kraken,” he explained.
DHS Investigators Prevent Hundreds of Ransomware Attacks
As reported, the Department of Homeland Security (DHS) has disrupted hundreds of crypto scam incidents, reclaiming billions in extorted cryptocurrency since 2021.
DHS investigators have intercepted 537 ransomware attacks before they could cause widespread damage.
The effort, led by the Homeland Security Investigations (HSI) Cyber Crimes Center, has proven particularly vital for the protection of U.S. government agencies, which have been the primary targets of these cyber threats.
Meanwhile, phishing attacks remain a major issue for crypto users, resulting in substantial losses.
In September alone, more than 10,000 individuals lost over $46 million to such scams, as reported by Scam Sniffer, a Web3 anti-scam platform.
The platform revealed that 10,805 victims suffered losses amounting to $46.7 million from various crypto phishing scams.
In the third quarter of 2024, over $127 million in crypto assets were stolen, with Ether wallets being the prime targets in these phishing attacks.
Disclaimer: The content of this article solely reflects the author's opinion and does not represent the platform in any capacity. This article is not intended to serve as a reference for making investment decisions.
You may also like
Citron Research: MicroStrategy short positions have been hedged
Anzen Finance announces token economics: total supply is 10 billion