Kraken was founded in July 2011 by Jesse Powell — just two months after the first Mt. Gox hack — with security as its founding principle. It launched to the public in September 2013 and has operated continuously since, making it one of the longest-running major exchanges in the industry. Kraken's most remarkable credential: zero successful hot wallet hacks across 12+ years of operation. For context, virtually every other major early-generation exchange (Mt. Gox, Bitstamp, Bitfinex, Poloniex, ShapeShift, Binance) has suffered significant hacks. Kraken's security-first culture — deeply sceptical of moving too fast and cutting corners — has produced the cleanest security track record of any exchange handling billions in daily volume. This guide covers Kraken's products, fees, and the complete process for setting up Kraken API keys for automated trading.
Kraken Pro: The Trading Interface That Matters
Like Coinbase's basic app vs Advanced Trade, Kraken has two distinct interfaces. The standard Kraken website (kraken.com) uses a simplified buy/sell flow with higher fees and limited order types — fine for occasional purchases, not for trading. Kraken Pro (pro.kraken.com) provides a professional trading interface with maker/taker fee pricing: 0.25% maker / 0.40% taker at the starter tier, declining to 0.00% maker / 0.10% taker at the highest volume tier ($10M+ monthly). With a $1M monthly volume (Intermediate tier), fees drop to 0.02% maker / 0.05% taker — competitive with any major exchange. Kraken Pro supports limit, market, stop-loss, take-profit, trailing stop, and post-only orders. The interface includes a full order book, depth chart, candlestick charting with TradingView integration, and real-time portfolio valuation.
Staking on Kraken
Kraken offers on-chain staking for 17+ assets with competitive yields: ETH staking (~4% APY), SOL staking (~6–7% APY), ADA staking (~4% APY), DOT staking (~12% APY), and more. Importantly, Kraken's staking is non-custodial where possible (particularly for ETH post-Merge — Kraken operates dedicated Ethereum validators). However, Kraken settled with the SEC in February 2023 for $30 million over its US staking-as-a-service product and agreed to discontinue offering staking to US retail customers (though institutional staking and off-chain yield products may still be available depending on state). Non-US users can access Kraken's full staking product lineup. This regulatory action specifically targeted Kraken's retail staking program; Kraken's trading and other products were unaffected.
Security Architecture
Kraken's security practices that distinguish it from peers: the vast majority of user funds are held in cold storage (air-gapped systems with no network connectivity), with only a small operational float in hot wallets for withdrawal liquidity. Kraken has published Proof of Reserves reports allowing external cryptographic verification that Kraken holds sufficient assets to cover all user balances. Master keys for cold storage use a multi-signature scheme requiring multiple Kraken executives in different geographic locations to authorise large withdrawals. Security training for employees, rigorous third-party penetration testing, and a bug bounty program round out the security programme. Kraken is also one of the few major exchanges with a dedicated security blog (Kraken Security Labs) publishing research on industry-wide vulnerabilities.
Setting Up Kraken API Keys for a Trading Bot
Kraken's API key system uses a traditional API key + private key (secret) model with fine-grained permission tiers. Here is the complete setup process:
Step 1 — Enable 2FA on your Kraken account. Log in → Security → Two-Factor Authentication. Enable 2FA for both login and for transactions. Kraken supports Google Authenticator, hardware security keys (YubiKey), and its own Kraken Authenticator app. Hardware keys provide the strongest protection.
Step 2 — Navigate to API Key Management. In your Kraken account, go to Settings (gear icon) → API. Alternatively: kraken.com/u/security/api.
Step 3 — Click "Add Key". Give your key a descriptive name, e.g., Bot-Spot-Trading. Kraken key names help you identify which key belongs to which bot when you have multiple API integrations.
Step 4 — Configure key permissions (Kraken uses a granular permission model). Kraken breaks permissions into specific capability tiers — this is more granular than Binance and allows precise least-privilege configuration:
- Query Funds — Read account balances. Always enable.
- Query Open Orders & Trades — Read active orders and trade history. Always enable for a bot.
- Query Closed Orders & Trades — Read historical orders. Enable for bots that track PnL.
- Query Ledger Entries — Read deposit/withdrawal history. Optional, enable if your bot reconciles ledger entries.
- Query Trade Volume — Read fee tier information. Enable if your bot optimises fee tier logic.
- Create & Modify Orders — Place, modify, and cancel orders. Enable for any trading bot.
- Cancel/Close Orders — Cancel open orders. Enable for stop-loss and order management.
- Withdraw Funds — Initiate withdrawals. Never enable this for a bot. Even with address whitelisting, withdrawal access on a bot key is unnecessary and dangerous.
- Access WebSockets Token — Required for Kraken's WebSocket API (real-time order book, trade feeds). Enable this if your bot uses WebSocket connections for live data (most modern bots do).
Step 5 — Set IP restrictions. Kraken allows you to restrict each API key to a list of allowed IP addresses. Under IP Whitelist, enter the static IP of your trading server. This is the same critical security step as described for Binance — whitelist your bot server's IP to prevent key misuse if the key is ever exposed.
Step 6 — Set a key expiry (optional but recommended). Kraken allows you to set an expiration date for API keys. Setting a 90-day expiry forces you to rotate keys regularly, which is a security best practice. Schedule a reminder to renew before expiry to avoid unexpected bot downtime.
Step 7 — Save your API Key and Private Key. On the confirmation screen, Kraken displays your API Key and Private Key. The Private Key is shown only once — copy both values immediately and store them in your bot's environment variables. In your configuration: API_KEY = "your_kraken_api_key", API_SECRET = "your_kraken_private_key".
Step 8 — Verify with the CCXT or python-krakenex SDK. Kraken is supported by CCXT (open-source multi-exchange library) and the official krakenex Python package. Test with: import krakenex; k = krakenex.API(key=API_KEY, secret=API_SECRET); print(k.query_private('Balance')). A successful response with your account balances confirms connectivity.
Note on nonce handling: Kraken's API uses a nonce (monotonically increasing integer) for request authentication to prevent replay attacks. If your bot sends requests in rapid parallel threads, nonce conflicts can occur. Use the recommendation of using millisecond timestamps as nonces, and ensure your bot serialises API requests or uses per-thread nonce counters.
Who Kraken Is Best For
Kraken suits: security-conscious traders who prioritise a clean hack-free track record above all other exchange metrics; European traders (Kraken has the strongest EUR on/off ramp infrastructure and is regulated as a VASP across the EU under MiCA); users who want staking yield alongside spot trading from a single exchange (outside the US); traders who need fiat rails in currencies beyond USD (Kraken supports EUR, GBP, CAD, JPY, CHF, AUD natively); and algorithmic traders who value Kraken's highly detailed API with fine-grained permission controls and reliable rate limits.
Kraken's zero-breach security record over more than a decade makes it one of the most trusted exchanges for holding significant crypto balances. Traders comparing options should also consider Coinbase for US regulatory compliance, Binance for volume and altcoin breadth, Bybit for derivatives, and Gemini for regulated US trading. Use our crypto tools and DennTech blog for exchange coverage.