Home Security
Your Assets, Protected

Security and Account Protection on Kraken

Kraken has never been hacked. Industry-leading security practices protect your digital assets and personal information since 2011.

How Kraken Protects Your Assets

Multiple layers of security ensure that your crypto is safe on the exchange.

Cold Storage

95% of all customer assets are held in air-gapped cold storage, physically disconnected from the internet. Only a small portion remains in hot wallets to facilitate withdrawals. Cold storage keys are distributed across geographically dispersed locations with multi-signature requirements for access.

Two-Factor Authentication

Every Kraken account requires 2FA for login, trading, and withdrawals. Supported methods include authenticator apps like Google Authenticator and Authy, hardware security keys such as YubiKey, and SMS as a fallback. Hardware keys provide the strongest phishing resistance.

Encryption

All data transmitted to and from Kraken is encrypted using TLS 1.3. Sensitive data at rest is encrypted with AES-256. API communications require signed requests with HMAC-SHA512 authentication, preventing unauthorised access to account operations through the programmatic interface.

Global Settings Lock (GSL)

The Global Settings Lock is a security feature unique to Kraken that prevents changes to critical account settings. When GSL is active, modifications to your email, password, 2FA devices, and withdrawal addresses require a mandatory cooling-off period before taking effect.

This cooling period gives you time to detect and respond to any unauthorised access. Even if an attacker gains temporary access to your account, they cannot change security settings or add new withdrawal addresses without waiting through the lock period. You receive notifications for every attempted change, allowing you to take action immediately.

  • Prevents instant security setting changes
  • Configurable lock duration (48-720 hours)
  • Email notifications for all modification attempts
  • Protects withdrawal addresses from tampering
  • Can only be disabled with full identity verification
0
Security Breaches Since 2011
95%
Assets in Cold Storage

Security Audits and Compliance

Proof of Reserves

Kraken publishes proof-of-reserves audits verifying that the exchange holds sufficient assets to cover all client balances. Independent third-party auditors verify the cryptographic proofs, providing transparent confirmation that your assets are fully backed.

Regular Penetration Testing

Kraken's security team conducts ongoing penetration testing and code audits. The exchange also maintains a public bug bounty programme that rewards security researchers for responsibly disclosing vulnerabilities, creating an additional layer of external security validation.

Protect Your Account

Enable all security features including 2FA, GSL, and device management to maximise your account protection.

Sign In to Settings

Frequently Asked Questions

No. Kraken has never experienced a security breach since its founding in 2011. The exchange maintains rigorous security standards including cold storage, regular audits, penetration testing, and a dedicated security operations team.

Kraken supports authenticator apps (Google Authenticator, Authy), hardware security keys (YubiKey, FIDO2), and SMS verification. Hardware security keys provide the strongest protection against phishing and are recommended for all accounts.

Global Settings Lock (GSL) prevents instant changes to critical account settings like email, password, 2FA, and withdrawal addresses. A configurable cooling-off period (48-720 hours) must pass before any security modifications take effect.