Giveaway DM Takeover Scams Impersonating Kraken
Criminals use compromised social-media accounts or fake Kraken profiles to send direct messages advertising exclusive cryptocurrency giveaways that require victims to visit a phishing site, share credentials, or connect a wallet — leading to account compromise or fund theft.
Part of: Giveaway DM Takeover Scams
Last reviewed: 8 June 2026
DM-based giveaway scams targeting Kraken users combine two criminal techniques: impersonating a trusted brand and exploiting the personal nature of a direct message to lower the victim's defences. Unlike public broadcast scams, a DM feels targeted and exclusive — 'You have been selected for Kraken's loyalty programme' — which increases the sense of legitimacy.
The DM either arrives from a recently compromised real account with many followers, lending credibility, or from a freshly created fake Kraken account. The message typically includes a link to a 'claim portal' that looks like the Kraken website, with a deadline and a token amount displayed to create urgency and excitement.
Kraken does not conduct giveaways via social-media DMs. Any such approach should be treated as fraudulent.
How this scam works on the Kraken brand
Real Kraken communications arrive via email from @kraken.com addresses and through account notifications visible at kraken.com after login. Kraken does not DM users on Twitter, Instagram, Telegram, or Discord to offer giveaways or require wallet connections.
In the DM takeover variant, an attacker first gains access to a legitimate account with many followers — often through phishing or credential stuffing — and then uses that account to send giveaway DMs to its entire follower list. The message reads as coming from a trusted peer who 'just received their Kraken bonus' and is sharing the link. Some messages use AI to personalise the text with the victim's name or reference shared interests to seem genuine.
The claim link leads either to a Kraken-branded credential-harvesting page or to a crypto wallet-connect drainer. Either outcome results in loss: credentials lead to exchange-account compromise; wallet-connect leads to direct on-chain fund theft.
Common red flags
- A direct message from any platform account — even one you follow — offers an exclusive Kraken giveaway with a link
- The message creates urgency: 'Claim expires in 30 minutes' or 'Limited to the first 100 users'
- The link in the DM leads to a site that is not kraken.com
- The 'giveaway' site asks you to log in with your Kraken credentials or connect a crypto wallet
- The sending account was created recently or has unusually little original content
- The same message was apparently sent to many other people you know
How to protect yourself
- Never click giveaway links sent via DM, even from accounts you normally trust — the account may have been compromised
- Verify any claimed Kraken promotion at kraken.com/features directly
- Do not enter your Kraken credentials on any page other than kraken.com
- Enable two-factor authentication on Kraken using an authenticator app, not SMS
- Alert the friend or contact whose account apparently sent you the DM — they may not know they have been compromised
- Use a hardware wallet for significant cryptocurrency holdings so exchange credentials alone are not sufficient for theft
How to report it
- Report the impersonating account to the social-media platform using the in-platform report function
- Report the phishing link and incident to Kraken's support at support.kraken.com
- File a report with the FTC at reportfraud.ftc.gov
- Report to IC3.gov (US) or Action Fraud 0300 123 2040 (UK)
- If your own social account was used to send the DM, secure it immediately by changing your password and revoking third-party app access
Frequently asked questions
How can a DM scam come from an account I actually know and trust?
The account owner's login may have been compromised in a credential-stuffing or phishing attack. Attackers use compromised accounts to send giveaway DMs because messages from known accounts are far more likely to be clicked. If a friend sends you an unusual giveaway link, contact them directly through another channel to check.
Does Kraken offer any legitimate referral or loyalty bonuses?
Kraken does run referral programmes and occasional promotions. All genuine Kraken offers are listed at kraken.com and communicated via your registered email — never through unsolicited social-media DMs.
What should I do if I clicked the link but did not enter any credentials?
If you clicked but did not enter information or connect a wallet, you are likely safe. Run a malware scan on your device as a precaution and change your Kraken password if the link opened an unusual page. If you did connect a wallet, revoke the approval immediately at revoke.cash.