Author

Topic: [ANN] KRAKEN.COM - Exchange with USD EUR GBP JPY CAD BTC LTC XRP NMC XDG STR ETH - page 218. (Read 628889 times)

legendary
Activity: 2968
Merit: 1133
Hey Dargo,

I created a sixth deposit address. Now one of my old addresses will expire in 7 days.  But I don't want this address to expire. How can I choose an other address from my six to expire?
legendary
Activity: 1820
Merit: 1000
Kracken where the first to audit reserves and have always been transparent in their dealings so don't want to hassle too much but any plans on doing another audit soon or implementing verifiable reserves?


Your inquiry is welcome because people should be more insistent that exchanges do regular audits. We plan to work towards doing them more regularly, but at the present time the best I can say is that we want to do another one as soon as we can, but don't have a specific estimate.
legendary
Activity: 1820
Merit: 1000
Announcement: support.kraken.com is currently down. The site is hosted by zendesk, which is experiencing a service disruption in one of it's data centers. They are making progress on fixing the issue but haven't given an estimate for when it might be fixed. This doesn't affect our exchange operations at kraken.com, but it may mean that some customers experience a delayed response to support requests.


Looks like it's already back up, so there shouldn't be much of an interruption in support response times.
legendary
Activity: 1820
Merit: 1000
Announcement: support.kraken.com is currently down. The site is hosted by zendesk, which is experiencing a service disruption in one of it's data centers. They are making progress on fixing the issue but haven't given an estimate for when it might be fixed. This doesn't affect our exchange operations at kraken.com, but it may mean that some customers experience a delayed response to support requests.
legendary
Activity: 1820
Merit: 1000
Is it possible to deposit GBP via Paycash and then convert this balance to EUR when it arrives at Kraken?

Not at this time. But we are considering it along with other ways to address thin order books like we have for GBP.
legendary
Activity: 1820
Merit: 1000
how about the API orderbook issue?

I asked about this but haven't heard back yet. I'll let you know when I do.
newbie
Activity: 56
Merit: 0
Is it possible to deposit GBP via Paycash and then convert this balance to EUR when it arrives at Kraken?
legendary
Activity: 2968
Merit: 1133
It happend again, the message I get is "The submitted form has expired or is invalid. Please resubmit your request.".
All I did now was "Funding-> Withdraw -> Bitcoin -> choose adress -> type in amount -> press yubikey -> wait -> the error message appears -> even though bitcoins sent"
I did not refresh anything. But of course when I reported it first on January 20, 2015, I did click "back" to resubmit my request -> "double spend".
So the issue is still there. I get this error message and think the bitcoins are not sent, but they are sent.

edit:
About the API orderbook issue: count=2 did not solve the problem =/ =/ Now I have the best 2 asks, and no bid in the list (it happend 2 times on 25th January)

Serpens - Let me know if you see this again. We made some changes that should make it much less likely to happen, and if it does the error message will tell you to wait a while and check on the status of your request before making the request again.
thanks Smiley
how about the API orderbook issue?
legendary
Activity: 1820
Merit: 1000
Hi Serpens - thanks for letting us know about this. It's the first I've heard of an issue like this, but we'll look into it.


Hey Dargo,

sometimes the yubikey confirmation does not work. I'm not sure if the problem is the yubikey or if there is another problem.
But when I want to confirm a withdrawal it happens often (~20% of the time), that I get the message "the submitted form has expired" (or something like this, I did not copy the exact wording), even though not more than 15 seconds have passed.  
Nonetheless the bitcoins were send.   So now it happens,that I thougt the bitcoins were not send and send the amount twice.
Luckily it was one of my addresses so i can send the bitcoins back. But what if it was not my address? So you should fix this issue.

Serpens - Here's the reply I got from one of our devs: If it went through, it wouldn't have seen the form expired message. The form expired message would have prevented double withdrawals of the same request (resubmission of the same form).  You probably got the browser resubmit your request page and refreshed the page, got the expired form page, then submitted a new request.
It happend again, the message I get is "The submitted form has expired or is invalid. Please resubmit your request.".
All I did now was "Funding-> Withdraw -> Bitcoin -> choose adress -> type in amount -> press yubikey -> wait -> the error message appears -> even though bitcoins sent"
I did not refresh anything. But of course when I reported it first on January 20, 2015, I did click "back" to resubmit my request -> "double spend".
So the issue is still there. I get this error message and think the bitcoins are not sent, but they are sent.

edit:
About the API orderbook issue: count=2 did not solve the problem =/ =/ Now I have the best 2 asks, and no bid in the list (it happend 2 times on 25th January)

Serpens - Let me know if you see this again. We made some changes that should make it much less likely to happen, and if it does the error message will tell you to wait a while and check on the status of your request before making the request again.
member
Activity: 75
Merit: 10
I'm having a weird problem where I'm unable to turn on the Global Settings Lock; when I click "Update Settings", the page just eventually returns a Cloudflare timeout error. However, the rest of the site (at least the things I tried) seems to be working just fine!

Actual error message:
Quote
Web server is returning an unknown error
There is an unknown connection issue between CloudFlare and the origin web server. As a result, the web page can not be displayed.

Ray ID: 1aeec1383dae02fd
Your IP address: 197.89.69.210
Error reference number: 520
CloudFlare Location: London

We tested it and it seems to be working OK. Please create a ticket if you haven't already since we'll need to look at your account. I'd also try again to see if it was just a temporary issue.

I tried again now and it worked, so just temporary I guess Smiley
legendary
Activity: 1820
Merit: 1000
I'm having a weird problem where I'm unable to turn on the Global Settings Lock; when I click "Update Settings", the page just eventually returns a Cloudflare timeout error. However, the rest of the site (at least the things I tried) seems to be working just fine!

Actual error message:
Quote
Web server is returning an unknown error
There is an unknown connection issue between CloudFlare and the origin web server. As a result, the web page can not be displayed.

Ray ID: 1aeec1383dae02fd
Your IP address: 197.89.69.210
Error reference number: 520
CloudFlare Location: London

We tested it and it seems to be working OK. Please create a ticket if you haven't already since we'll need to look at your account. I'd also try again to see if it was just a temporary issue.
member
Activity: 75
Merit: 10
I'm having a weird problem where I'm unable to turn on the Global Settings Lock; when I click "Update Settings", the page just eventually returns a Cloudflare timeout error. However, the rest of the site (at least the things I tried) seems to be working just fine!

Actual error message:
Quote
Web server is returning an unknown error
There is an unknown connection issue between CloudFlare and the origin web server. As a result, the web page can not be displayed.

Ray ID: 1aeec1383dae02fd
Your IP address: 197.89.69.210
Error reference number: 520
CloudFlare Location: London
legendary
Activity: 1820
Merit: 1000
This is what the master key is for - to protect against someone hacking your email address (and other things). You should create a master key on a separate two-factor device from the one you use for login and keep it someplace very safe. If you don't have a second device, just make it a static password until you can get one. Once the master key is created, it will be required in order to reset your password or bypass the 2FA for account login.

https://support.kraken.com/hc/en-us/articles/201396847-What-is-the-master-key-shown-on-the-two-factor-authentication-page-

Edit: a further protection would be to give us your PGP key for email encryption. This way, all automated email from us, including password reset and 2FA bypass are encrypted.
Thanks, I created a masterkey now Smiley
What would Kraken do, if someone claims he lost his 2FA device and used the same device to generate the masterkey?
This could happen, but it could also be an attempt to steal the account. Would you now try to confirm the identity?

Yes, that's a case where we have protocols in place to confirm your identity.
legendary
Activity: 2968
Merit: 1133
This is what the master key is for - to protect against someone hacking your email address (and other things). You should create a master key on a separate two-factor device from the one you use for login and keep it someplace very safe. If you don't have a second device, just make it a static password until you can get one. Once the master key is created, it will be required in order to reset your password or bypass the 2FA for account login.

https://support.kraken.com/hc/en-us/articles/201396847-What-is-the-master-key-shown-on-the-two-factor-authentication-page-

Edit: a further protection would be to give us your PGP key for email encryption. This way, all automated email from us, including password reset and 2FA bypass are encrypted.
Thanks, I created a masterkey now Smiley
What would Kraken do, if someone claims he lost his 2FA device and used the same device to generate the masterkey?
This could happen, but it could also be an attempt to steal the account. Would you now try to confirm the identity?
legendary
Activity: 1820
Merit: 1000
But it's a good question... what to do, if I loose my yubikey or sth. like that? Dargo, what are the steps to make, if someone lost the yubikey/password?

Of course I want access to my account even if I lost password/yubikey. But on the other hand I don't want that someone who hacked my mailaddress is able to resett my password/2FA.    https://support.kraken.com/hc/en-us/articles/204359233-How-can-I-recover-my-account-
If I understand the steps in this link right, someone with my email address and accountname can request a new password and a 2FA bypass, without verifying his identity.
Wouldn't it be better to ask for a scan of ID card or a webcam verification to proof the identity?

This is what the master key is for - to protect against someone hacking your email address (and other things). You should create a master key on a separate two-factor device from the one you use for login and keep it someplace very safe. If you don't have a second device, just make it a static password until you can get one. Once the master key is created, it will be required in order to reset your password or bypass the 2FA for account login.

https://support.kraken.com/hc/en-us/articles/201396847-What-is-the-master-key-shown-on-the-two-factor-authentication-page-

Another option is to use the global settings lock. Once activated, nobody can change the settings in your account for the number of days you specify, even if they hack into your account. So they couldn't enter their own withdrawal addresses. You can do both the master key and the global settings lock, but if you create the master key before you do the settings lock, the master key can be used to override the settings lock. This is convenient, but keep in mind that if someone obtains your master key, they will be able to override the settings lock.

https://support.kraken.com/hc/en-us/articles/201396877-What-is-the-Global-Settings-Lock-

Edit: a further protection would be to give us your PGP key for email encryption. This way, all automated email from us, including password reset and 2FA bypass are encrypted.
legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF
[...]
But I don't trust any app for my mobile device and asume it could be "hacked" via apps any time.
[...]

I keep an old phone on which I disabled all networking and installed Cyanogenmod (optional though) for things like that. Other implementations for Google Authenticator work on PCs, so you can you use your cold storage PC for it.


Of course I want access to my account even if I lost password/yubikey. But on the other hand I don't want that someone who hacked my mailaddress is able to resett my password/2FA.    https://support.kraken.com/hc/en-us/articles/204359233-How-can-I-recover-my-account-
If I understand the steps in this link right, someone with my email address and accountname can request a new password and a 2FA bypass, without verifying his identity.
Wouldn't it be better to ask for a scan of ID card or a webcam verification to proof the identity?

Do I understand correctly that is possible to request a new password and a 2FA bypass in "one go"? I don't think that's a good idea.

I'd prefer additional confirmation. Another idea: force every user to submit a BTC address that they control and can sign messages with. This address could only be submitted once. A signed message would be required to bypass 2FA.
legendary
Activity: 1820
Merit: 1000
Thanks Newar for your help ! Smiley

I have access to my kraken account now. So no one changed my password as I thougt. I'm 100% sure I typed everything correct during my 3 tries. So the only explanation is that my yubikey was the problem. Maybe because I tried to login during the beginning of the price crash (lots of traffic for kraken).
This combined with the mailbox.org thing got me in panicmode Cheesy
But nevertheless, it could happen a real hack anytime and we can't get in touch with support instant. That's not good... so I hope Dargo will post here something, waht to do in those cases to close the account temporaly.

edit: ... (answer to Newars questions..)

I agree that we need better measures for emergency situations. We are working on a way for clients to lock their accounts in case of emergency since that would be the fastest if you think your account might be hacked. I'll have to check on the status of this with the devs to see what the ETA might be. We are also planning on having 24/7 support once the support team is large enough for that. Some kind of emergency hotline would be good too, so I'll make sure we look at how that might be done.  
legendary
Activity: 2968
Merit: 1133

Glad to hear it works!  Smiley


[...]
But nevertheless, it could happen a real hack anytime and we can't get in touch with support instant.
[...]

If there was a hack circumventing 2FA, that would mean with high probability it would be an inside job. In that case I would consider the support channel compromised as well. Remember, bitcoins that you keep at an exchange are IOUs.
I editet my last post. There you see, you don't need to hack the 2FA, you only need access to the email account.. then you can get the 2FA bypass =/ Maybe Dargo will post something regarding this topic.
legendary
Activity: 1358
Merit: 1001
https://gliph.me/hUF

Glad to hear it works!  Smiley


[...]
But nevertheless, it could happen a real hack anytime and we can't get in touch with support instant.
[...]

If there was a hack circumventing 2FA, that would mean with high probability it would be an inside job. In that case I would consider the support channel compromised as well. Remember, bitcoins that you keep at an exchange are IOUs.
legendary
Activity: 2968
Merit: 1133
Thanks Newar for your help ! Smiley

I have access to my kraken account now. So no one changed my password as I thougt. I'm 100% sure I typed everything correct during my 3 tries. So the only explanation is that my yubikey was the problem. Maybe because I tried to login during the beginning of the price crash (lots of traffic for kraken).
This combined with the mailbox.org thing got me in panicmode Cheesy
But nevertheless, it could happen a real hack anytime and we can't get in touch with support instant. That's not good... so I hope Dargo will post here something, waht to do in those cases to close the account temporaly.

edit: ... (answer to Newars questions..)
Quote
What sort of security do you use on your wifi? WPA2 + AES?

Why Yubikeys? They do fail eventually (I'll admit after millions of taps  Wink ) . I prefer Google Authenticator as I can transfer it to another phone. And if you don't trust Google on this there are other implementations.
Yes, WPA2 and AES Smiley

I used google authenticator before and use it still on some other sites. But I don't trust any app for my mobile device and asume it could be "hacked" via apps any time. (that's also why I don't have a wallet on my mobile device, I just don't trust the security from mobile devices).
That's why I bought a yubikey. No one can hack my yubikey. No one can have access to it via internet. Therefore it should be the safest way.
But it's a good question... what to do, if I loose my yubikey or sth. like that? Dargo, what are the steps to make, if someone lost the yubikey/password?

Of course I want access to my account even if I lost password/yubikey. But on the other hand I don't want that someone who hacked my mailaddress is able to resett my password/2FA.    https://support.kraken.com/hc/en-us/articles/204359233-How-can-I-recover-my-account-
If I understand the steps in this link right, someone with my email address and accountname can request a new password and a 2FA bypass, without verifying his identity.
Wouldn't it be better to ask for a scan of ID card or a webcam verification to proof the identity?
Jump to: