API Key Koinly security

Koinly Support
#1

Describe the problem: On Oct 12, I generated an API key only for the use on Koinly to gain access to my Kraken account. On that same day within a few hours, Money was withdrawn from my linked checking account to Kraken, and deposited to a completely unknown Kraken account that is not mine. What kind of security is being used to protect our API key information on your end? Do your employess have access to our APi keys? Is there a any way Koinly can do a better job of not letting this happen to other future Koinly customers?

**Which exchange/wallet is this regarding?**Kraken

How did you import data into this wallet? Using an API key

What have you tried to fix this so far? I called my bank to dispute the money withdrawn from my checking account. This only happened after giving Koinly my API key. The checking acct money withdrawn was not deposited into my Kraken account

#2

how do you know the API key was used to initiate those transactions? I think your biggest issue is when you set up the API key for Koinly or similar services, you need to be very careful about giving it “read-only” access. They shouldn’t even be able to use your API key for any kind of transactions whatsoever.

#3

Killaen, I appreciate your feedback. I am a newbie, and I believe I didnt give Koinly read only access.

My API was only used, given and set up for Koinly and nothing else.

Its ironic and suspecious how money was immediately withdrawn from my checking account on Kraken to a different Kraken account that belongs to someone else.

I will be more careful about read only access of APIs from now on.

I FIRMLY believe Koinly has a customer API security issue with unethtical employees.

#4

How are you able to tell that the Kraken account the money went to was someone else’s and not your own? You should also make sure you change your Kraken password and enable 2 Factor authentication for withdrawals/transactions, as you may instead have some sort of keylogger/malware on your computer, and it may not be related to Koinly at all.

#5

Hi Nelson,

See here for a description of Koinly’s security: How secure is Koinly? | Koinly Help Center

I have just looked at the API documentation for Kraken and there is no way to deposit money from a checking account by using the API. See here: Kraken REST API Documentation

If you are new to using APIs then I would recommend following our guides and only giving the API read permissions. See here for Kraken instructions: Kraken Tax Statements & Reporting | Koinly

Kind regards,
Petur

#6

When you configure an API key for this kind of service you should disable all permissions but read. Also ÂżHow do you know your funds were withdrawn trough API?

1 Like
#7

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.