Crypto Exchange Kraken Now Enforcing Two-Factor Authentication (2FA)

On Tuesday (March 26), cryptocurrency exchange Kraken announced that it was "enhancing the client security experience by requiring the use of Two Factor Authentication (2FA)."

Kraken is a San Francisco-based digital asset exchange that was founded in July 2011, and "launched in September 2013 with live trading after two years of development and beta testing."

In September 2018, Nicholas Percoco became Kraken's Chief Security Officer, bringing with him two decades of information security experience, having worked "as both a security practitioner and advisor"

On Tuesday, in a post on Kraken's blog, Percoco talked about his extensive experience in this field, and said that those 20 years' of experience had served as a "dress rehearsal" for my his role at Kraken, and said that he wanted to "expand upon the strong, industry leading security foundation" already in place at Kraken by incorporating "advanced features and techniques often only found in advanced security products" (such as "behavior analytics") into Kraken's "present and future exchange products."

He went on to say that there had already been "a number of enhancements behind-the-scenes" with "many client facing security features" on the way, one of which—compulsory 2FA for login—Kraken introduced on Tuesday. He explained that from that day, all Kraken clients would be "asked to enable it upon their next login." This is the screen that will greet them:

Kraken 2FA Screen.png

Also, Percoco announced "the formation of Kraken Security Labs," an initative "committed to improving the security of the entire cryptocurrency ecosystem by performing vulnerability research against 3rd party products."

All Images Courtesy of Kraken

Error in Time-Locked Bitcoin Contracts Allows for Miner 'Fee-Sniping'

Michael LaVere
  • Crypto researcher 0xb10c discovered an error in bitcoin "time-locked" transactions that could be used as an attack vector.
  • Miners can take advantage of the program to carry out "fee-sniping" and steal funds from one another. 

Users have discovered an error in bitcoin “timelocked” contracts that could potentially allow miners to steal BTC from one another. 

Anonymous crypto engineer 0xb10c reported discovering more than one million “time-locked” transactions made between September 2019 and March 2020. In a post, 0xb10c detailed how these special bitcoin transactions were not being accurately enforced by the network. 

As opposed to normal transactions, time-locked transactions prevent recipient bitcoin from being accessed after sending. Users must wait for a specific number of blocks to be added to the network in ten-minute intervals before gaining control of their bitcoin. 

0xb10c claimed the errant time-locked transactions provided an attack vector for miners to steal transaction fees  from one another via “fee-sniping.” According to the engineer, the backlog of time-locked transactions were being purposefully designed for a “potentially disruptive mining strategy” involving the theft of miner fees. 

In an interview with CoinDesk, 0xb10c said time-locked transactions represented a “low-priority” problem at present that could eventually balloon to involve the wider network. He explained that fee-sniping would become more lucrative in a few years as the majority of miner income shifts towards transaction fees. 

He continued, 

A fix for this has been released in early 2020. However, it will take a while before all instances of the currently deployed software are upgraded.

Featured Image Credit: Photo via Pixabay.com