Kingdom Bank has faced significant scrutiny following a cyber attack that allowed unauthorized parties to bypass two-factor authentication and withdraw over €93,000 in cryptocurrency.
Incident Overview
An affected party, a regulated trading firm, reported that despite having Google Authenticator enabled, critical actions such as password resets and cryptocurrency transfers were carried out without 2FA verification. The breach started with the compromise of the email account linked to the bank's login, allowing the intruder to reset the password and initiate irreversible crypto transfers.
Response Measures and Denial of Responsibility
The firm reported the breach via the bank’s live chat system, but no substantive action was taken until Friday evening when the bank’s legal department issued a formal response denying responsibility, citing the external email compromise. The bank stated it would not entertain further claims or correspondence.
Need for Enhanced Security Standards
After the incident, the client conducted their own investigation and found that critical actions still did not require 2FA codes. This raises serious questions about the actual enforcement of security measures at Kingdom Bank, prompting calls for clients to review their security practices and select providers in regulated jurisdictions.
The Kingdom Bank incident emphasizes the importance of adhering to security protocols and enforcing two-factor authentication for all sensitive account functions.
