A letter from Kraken’s Chief Security Officer – Nick Percoco

I couldn’t be more excited to lead security efforts at one of the largest cryptocurrency exchanges on Earth. Kraken is the cryptocurrency market leader in security and our number one priority, above anything else, has always been to protect our clients. We’re announcing some major additions to our product and organization today that will strengthen this commitment.

I’ve been an active member of the security industry for over two decades, working as both a security practitioner and advisor. I’ve also presented research on targeted malware, iOS and Android vulnerabilities, and IoT security at events such as DEF CON, Black Hat, RSA Conference and SXSW. Research and speaking at events wasn’t my full-time job, I also designed, led and advised in the development of security products and services used by millions of people and businesses while working for Internet Security Systems, VeriSign, Trustwave and Rapid7. I founded SpiderLabs and led global teams of hackers that discovered real-world 0-day vulnerabilities to help secure the most targeted businesses such as Las Vegas casinos, global financial institutions, major retail brands and video game companies to ensure their facilities, products, employees and clients are kept safe and secure.

The past 20 years has been a dress rehearsal for my role here at Kraken.

My vision for Kraken is to expand upon the strong, industry leading security foundation we already have in place, utilize advanced features and techniques often only found in advanced security products – utilizing threat intelligence, behaviour analytics, adversarial deception techniques and incorporate them into our present and future exchange products.

I’ve been busy the past few months learning, organizing and working with our teams to build a world-class roadmap for security at Kraken. There have already been a number of enhancements behind-the-scenes and many client facing security features are on their way, including one that we are announcing today:

Two Factor Authentication Enhancements

Today, we are enhancing the client security experience by requiring the use of Two Factor Authentication (2FA). We’ve had 2FA available to our clients since our launch in September of 2013, but starting today, clients will be asked to enable it upon their next login. Currently, the prompted options for 2FA are Google Authenticator and YubiKey.

We are doing this to better guide our clients in the use of our security features that are specifically designed to protect their accounts.

This is not the last client facing security enhancement you’ll be hearing about. When I joined Kraken I spent time reviewing our exchange products through a fresh set of eyes and working with our Product Management team to map out a security features roadmap that is going to provide constant improvement into 2020 and beyond.

While this roadmap is not made public, you’ll be hearing about security enhancements and upgrades as they are released and made available to you. Like most features similar to 2FA, you’ll need to enable them to take advantage of the added security, so please be sure to take action when you’re prompted to.

I’ve spent a good portion of my career performing security research and leading global teams of researchers to find flaws in various industry products. Having more security eyes on the products in the cryptocurrency ecosystem is a way to improve the security of our clients – even when they aren’t directly using Kraken products.

Announcing Kraken Security Labs

We’ve built a world-class team focused continuously enhancing the security of our environments and our products. To take this to the next level, today, we are announcing the formation of Kraken Security Labs. The effort is committed to improving the security of the entire cryptocurrency ecosystem by performing vulnerability research against 3rd party products – like hardware wallets, software wallets, and other related technology – and disclosing identified issues in a way that does not jeopardize the security of the industry or our clients, but rather improve security for our clients and the world once the issues are fixed.

Kraken is world-renowned for our commitment to security. I look forward to leading the industry in security and working to improve the entire ecosystem at the same time!

Thanks!

Nick Percoco

Chief Security Officer

Kraken

BTW: Let’s engage on the topic of security via Twitter. Follow me at @c7five.