Topic: [ANN] KRAKEN.COM - Exchange with USD EUR GBP JPY CAD BTC LTC XRP NMC XDG STR ETH - page 166. (Read 629033 times)

I've read and read and read this bold text at least a dozen of times and I can't understand what you say! Who initiates the trade, the sell side with market order or the ask @530 with limit order? Which one of those is matched against the bid at @590?

We haven't concealed any security breaches. As I've already said here

https://bitcointalksearch.org/topic/m.15806484

we have had a significant number of accounts compromised by the attacker(s) obtaining usernames and passwords. These accounts would have been protected by enabling two-factor authentication for login, which is something that we highly recommend for everyone. We are in the process of implementing additional base protection for clients who don't enable two-factor for login, but once this protection is fully implemented, two-factor for login should still be considered an important security measure that we recommend for everyone. From what I understand it sounds like Bitfinex clients who had two-factor authentication were not protected, which implies that the attacker(s) somehow managed to breach Bitfinex systems rather than gaining access by obtaining a bunch of client usernames and passwords through other methods such as phishing, keyloggers, or hacking other databases and finding people who were using the same password on multiple accounts. But we're still waiting for a full report from Bitfinex to find out what happened. 

You have to read the discussion I linked to in order to understand. The point is that it's possible to have a bug where in a bid > ask condition a trade happens @590 even though someone with an ask @545 didn't get skipped over. I'm not saying this is the type of bug we're seeing, but it could be - we haven't isolated the problem yet because it's hard to reproduce and we are staying open about what it could be.

To give a simpler example than I linked to, suppose the order book is in the following bid > ask state:

sell 1 BTC @531
sell 1 BTC @530

buy 1 BTC @590
buy 1 BTC @529

If the sell side initiates the trade, then the ask @530 should fill at the best price available on the book, which is the bid @590. So the trade executes @590. Does this mean that the ask @531 was skipped over? No, because the ask @530 with its better offer has priority over the ask @531.

This is definitely a bug and should not happen. But the problem that makes it a bug is not that someone got skipped. So, again, my only point that it's possible to have a bug where a trade happens @590 even though someone with a sell @545 didn't get skipped. This is a bug we've seen before and addressed but we may not have fixed all cases of it yet.

Wonder how many shorters got their positions closed at a huge loss, on what should have been trade of the century?

A spike from 530 to 590 with a real trade at 590? And skipping over a sell at 545 is okay? Is that some kind of a sick joke?

Are u fucking joking?

Bitfinex just happened to go public about it. Kraken keep their security breaches concealed, and then blame it on their customers.

This is my new favorite exchange. Stupid bitfinex knew I should have never trusted bitfinex... Kraken forever.

We haven't come forth with an explanation because we are still investigating. The bug is difficult to reproduce so it's difficult to diagnose and fix as well. We'll update everyone when we have more information.

Keep in mind that even if the 590 spike was a real trade, it doesn't necessarily mean that you were improperly skipped over with a sell at 545. We had this kind of  situation come up a long time ago when we had a bug related to bid > ask conditions. Here is a post about it I made in this thread (the post only explains the most basic scenario and there were a bunch of other more complicated cases not covered).

https://bitcointalksearch.org/topic/m.4788527

Kraken has not come forth with an explanation except those from a member that it is a bug and that spike didn't happen....although it appears on graphic...
Also how could i have people in the order queue before me if i intend to sell at 545 and it spiked to 590? it would have to go past my order right?

For me it works fine (no log outs).

Anybody else getting logged out after just 5-20 seconds after logging in? This is pretty annoying because you can't do anything, been happening the last few hours....

I saw your thread.

Is there any news about adding the support of cryptocapital.co directly on the interface instead of always asking to the support?

YES!

Good idea.

They apply from now on 24 hours lock on btc payouts to new addresses. Idk why this was not there from beginning.

I would like to have feature that I can set this delay. For me even one week until new address is useful for payout would be enough most of the time.

So did you lose money ?

Yeah sure....cos all these unregulated Bitcoin exchanges have a fucking fantastic record don't they!?

imo, all Bitcoin exchanges are guilty until proven innocent.


Whatever the case, a big bunch of Kraken accounts, were emptied all at the same time, on July 20th. That seems much more to me like Kraken was compromised, as opposed to customer computers being littered with key logging Spyware, like their support guys tried to tell us all. Had Kraken enabled even so much as Email verification, then these accounts would not have been emptied. Yet, just as the case with Bitfinex will turn out, Kraken take no responsibility for their shite security. All losses are to be incurred by their users whose accounts have been affected.

Don't know what fkn legal system that Kraken operate under, but in this country, Kraken would be found to be negligent in their Duty of Care...probably the same legal system as Bitfinex operate under......

....but like I said. Only someone willing to bestow the most charitable views upon the exchanges, would so readily believe the stories that the exchanges put it. Kraken account hacks = some form of inside job, until Kraken can prove otherwise as far as I am concerned.


Criminal Complaint for Fraud, is pending.

Also always keep in mind:

Do not instantly believe what you read on the Internet by someone.There is a lot of FUD spreading around currently about everything to somehow benefit from this Bitfinex hack.
As long as the person can't provide any evidence I would always believe what the official statement is. (In this case by the Kraken support)



Most of the time people lose money because they click on phishing links. That's also the reason why the Blockchain info wallet has a bad reputation. It's simply because people don't know about any basic security measurements.

Kraken was not hacked. We did have a significant number of accounts that were compromised because the attacker(s) somehow obtained the login credentials (username and password) for the accounts and gained access to the accounts individually by logging in. There is no evidence that the login credentials were obtained through any breach in Kraken's database. We are still investigating to find out how the attacker(s) might have obtained the credentials and it may have been through a variety of methods. Again, to my knowledge none of the compromised accounts had 2fa protection for login, meaning that the username and password was all that was needed to obtain access to the account. Some of the accounts did have 2fa for funding enabled without the settings lock but that does not provide any additional protection. If the settings lock isn't enabled, then anyone who can login to the account can bypass the funding 2fa. So if you only have 2fa for funding enabled, your account is only as secure as your username and password. This has been confusing and we are going to change how it works to eliminate the confusion. But for now everyone should enable 2fa for login at minimum. And if you want to enable any other 2fa settings, but sure to use them in conjunction with the settings lock.