An interesting discovery was made by a cryptocurrency enthusiasts not too long ago. Most Bitcoin exchange platforms use two-factor authentication as an “extra line of defense”. However, not all of these implementations are safe from bypassing. One person mentioned how Kraken’s 2FA security would protect the login credentials, but it can be bypassed for withdrawals.
Keeping information and funds secure are the two primary objectives of any financial platform in the world, including cryptocurrency exchanges. This is why nearly every platform has added two-factor authentication. Even if somebody’s login and password would be stolen, assailants will not be able to gain access to their account. That is unless they control the device used for 2FA purposes as well. Bypassing Kraken Withdrawal 2FA Verification
Kraken , one of the world’s largest cryptocurrency exchanges, has implemented 2FA countermeasures quite some time ago. Not just for the login system, but also for any withdrawal requests made by users. Unlike other companies, Kraken uses a 2FA method that forces users to generate new codes manually, rather than having them refresh automatically.
But as it turns out, that measure may not be sufficient to keep user funds safe from harm. In most cases, stolen funds from accounts protected by 2FA are a direct result of user error. Clicking a malicious link on their mobile device may have installed a backdoor, allowing assailants to generate 2FA codes in the background.
Then again, one user tested a different method, in an attempt to determine if 2FA protection on Kraken withdrawals could be bypassed. Assuming the assailant has the login credentials of said user, and can bypass the login with a valid 2FA code, they can then turn off two-factor authentication for withdrawals in the account settings.
This may sound rather reasonable to a lot of people, but it […]
