They do this to see if you have an account somewhere. If you have a strong password and TOTP based (not SMS) MFA you should be fine.
They know you have an account at Kraken but can’t do much. They COULD try to social engineer kraken. If you wanted to be extra sure you could notify Kraken. They may have some procedures to put in extra precautions like requiring ID to make account changes.