Kraken Foils Hilarious Masked Scam Attempt with Epic ID Fail
Kraken recently shared an amusing yet alarming tale of a failed scam attempt where an individual tried to access an account using a Halloween-style rubber mask.
The exchange’s security measures caught the deception after the attacker’s initial attempts raised red flags, such as failing to identify the assets in the account. As part of the verification process, the Kraken team requested a video call to confirm the user’s identity.
There are deepfakes and then there’s this guy. He’s trying to gain access to a @krakenfx client’s account. Nice try, buddy! pic.twitter.com/gFD9LUM2D4
— Nick Percoco (@c7five) October 15, 2024
During the call, the attacker, who was posing as a Caucasian man in his early 50s, wore a poorly chosen mask that clearly did not match the individual they were impersonating. Kraken’s Chief Security Officer, Nick Percoco, explained that the mask was so obvious it was immediately noticeable. The attacker’s fraudulent ID also failed to pass scrutiny—it appeared to be a poorly photoshopped version printed on flimsy card stock, despite featuring the correct personal details.
This incident isn’t the first time someone has attempted to deceive Kraken support with disguises. Percoco mentioned other past attempts, like using fake mustaches to resemble a real ID photo, but this is the first known case of someone going as far as purchasing a costume mask to impersonate another person.
READ MORE: FTX Files Lawsuit Against Anthony Scaramucci to Recover $67 Million Investment
Despite the scammer’s lack of sophistication, Percoco noted that such poorly executed attacks could still succeed at other exchanges with less stringent verification practices. He warned that some platforms, particularly those that outsource their support services, may overlook these glaring inconsistencies, allowing scammers to slip through the cracks.
To protect themselves, Kraken’s CSO recommends users take proactive security measures, such as enabling two-factor authentication (2FA) across all online accounts, especially email. For the highest level of protection, Percoco advised using FIDO2 and passkeys, which offer cryptographic security tied directly to the device and website, making it nearly impossible for attackers to impersonate users, even with stolen credentials.