Canadian man loses a cryptocurrency fortune to scammers - here's how you can stop it happening to you

A man from Toronto has described to the media how he lost $100,000 worth of cryptocurrency investment after making an elementary blunder.

Art, who didn't share his surname, told CTV that back in 2021 he decided to invest a family inheritance in cryptocurrency. He chose to use Kraken, a well-known US-based cryptocurrency exchange, and having made the investment left it alone for two years.

In 2023, however, he felt it was time to see how his investment was doing - and so decided to log into the account.

As Art describes in the CTV news report, his mistake was to search for Kraken on Google rather than visit its website directly.

According to Art, the first search result he found was the one he clicked on.

"It was the first one to come up and it was branded with the same colours," he explained to CP24.

Within minutes of logging into the lookalike site with his username and password, Art's account had been drained.

“In six minutes, all the money was taken out of my account. All the crypto assets were sent to a wallet I had never used before."

Canada's police service says that the funds were transferred out of the country, and are not traceable.

“This is money we don’t have to spare," said Art. “I have three kids to put through college and this has been quite disruptive in the family.”

A spokesperson for Kraken urged users of its exchange to "be extremely careful in what they click and ensure they are only utilizing Kraken.com... At Kraken we take client security extremely seriously and work tirelessly to safeguard client accounts and educate them about common practices by scammers to get confidential information."

One way in which Art might have better defended himself was by using a password manager. Password managers don't just store your passwords in a secure vault, they also help avoid entering your login credentials on a spoof site.

Password managers like Bitdefender Password Manager offer to enter your sign-in information when it's on a website it recognises.

For instance, if you're trying to log into your Facebook account it will autofill your username and password if it finds you at the facebook.com sign-in page. But if you're a spoof Facebook login page it won't recognise the domain as being the legitimate Facebook, and won't offer to log you in.

If Art had been using a password manager, he might have realised it wasn't the real Kraken website when his password manager failed to enter his password for him.

Kraken users can also make it more difficult for hackers to breach their accounts by protecting them with two-factor authentication (2FA). If you have 2FA enabled, anyone trying to access your account doesn't just need your username and password. They also need a six-digit time-based one-time-password, typically generated by an authentication app on your smartphone.

My advice is to enable 2FA on any accounts which offer it - your bank accounts, your email accounts, your social media accounts, your cryptocurrency accounts, and more...

Kraken provides details to its users on how to enable 2FA here.