Author

Topic: [ANN] KRAKEN.COM - Exchange with USD EUR GBP JPY CAD BTC LTC XRP NMC XDG STR ETH - page 231. (Read 628889 times)

hero member
Activity: 1276
Merit: 622
Hate to open new tickets, but BTC withdrawals are stuck again. Ticket 33782
hero member
Activity: 1276
Merit: 622
Well you managed to spoil me rotten with your fast SEPA deposits. Never took more than 3 hours...

Now I'm a bit impatient since the last one hasn't come in one day. Could you please check. Details in ticket 33778. Thanks Wink
sr. member
Activity: 280
Merit: 250
You iOS app if just fab. Just executed some orders through that today.  Great stuff!
legendary
Activity: 1820
Merit: 1000
What about withdrawels? Mine says sending for an hour and it is still not on blockchain? Account id AA95 N84G TEWR NKFI

Bitcoin withdrawals were down very briefly, but the issue has been fixed.
newbie
Activity: 11
Merit: 0
What about withdrawels? Mine says sending for an hour and it is still not on blockchain? Account id AA95 N84G TEWR NKFI
legendary
Activity: 1820
Merit: 1000
Currently experiencing delayed Bitcoin deposits?

Yes, I posted about this above. But the issue should be resolved now.
newbie
Activity: 49
Merit: 0
Currently experiencing delayed Bitcoin deposits?
legendary
Activity: 1820
Merit: 1000
A few clients are experiencing an issue with stuck bitcoin withdrawals. We are aware of this issue and working to resolve it as quickly as possible.
legendary
Activity: 1820
Merit: 1000
Ripple & Stellar Traders:

We have taken our Ripple and Stellar gateways offline pending further investigation of the "partial payments" vulnerability. We will bring the gateways back online as soon as possible, but not before we are absolutely certain that we aren't affected by this vulnerability.

https://medium.com/@abrkn/partial-payments-ripple-stellar-vulnerability-in-the-wild-29aaefd8a7ac

Stellar payments are back online, but Ripple is still offline while we patch our code to ensure we aren't vulnerable. We were previously vulnerable but nobody exploited it and we probably would have caught it fairly quickly if they had. Ripple will be offline at least until tomorrow, but hopefully not much longer than that.

The Ripple gateway is patched and back online now too. If you had a pending XRP withdrawal, it should have been cancelled. But new XRP withdrawal requests should be working fine now. 
legendary
Activity: 1055
Merit: 1002
Ripple & Stellar Traders:

We have taken our Ripple and Stellar gateways offline pending further investigation of the "partial payments" vulnerability. We will bring the gateways back online as soon as possible, but not before we are absolutely certain that we aren't affected by this vulnerability.

https://medium.com/@abrkn/partial-payments-ripple-stellar-vulnerability-in-the-wild-29aaefd8a7ac

Stellar payments are back online, but Ripple is still offline while we patch our code to ensure we aren't vulnerable. We were previously vulnerable but nobody exploited it and we probably would have caught it fairly quickly if they had. Ripple will be offline at least until tomorrow, but hopefully not much longer than that.

Any progress on put xrp gateway online..? You said untile today...
legendary
Activity: 1820
Merit: 1000
We were previously vulnerable but nobody exploited it and we probably would have caught it fairly quickly if they had.

Thanks for the transparency. Kraken always struck me as the sort of well run exchange that has good internal controls, like an appropriately small hot wallet and manual review of certain transaction profiles, so I'm sure that you would have caught any attempt fairly quickly.

During the discussion of the episode over on the Stellar forum, the bx.in.th exchange operator described one of their controls, which makes exceptionally good sense:

Quote from: bx.in.th
We also check every coin wallet balance before every withdrawal.  This means we have to run withdrawals in batches every 5 minutes.  Our system does an entire balance audit before every withdrawal batch.  We compare all users balances to the actual wallet balances, if any balance does not match then no withdrawals go out for any currency.

If Kraken isn't already doing something similar (and you very well may be), it might be worth implementing as an extra safeguard for all assets.  

Thanks - I'll run this by our developers, though as you say we may be doing something similar (I'm not familiar with all our accounting checks).
legendary
Activity: 1820
Merit: 1000
Any plans to support the Counterparty Protocol?  Like it's native currency XCP and consequently, all of the assets listed on it???

http://counterparty.io/

No plans that I have heard of.
newbie
Activity: 58
Merit: 0
We were previously vulnerable but nobody exploited it and we probably would have caught it fairly quickly if they had.

Thanks for the transparency. Kraken always struck me as the sort of well run exchange that has good internal controls, like an appropriately small hot wallet and manual review of certain transaction profiles, so I'm sure that you would have caught any attempt fairly quickly.

During the discussion of the episode over on the Stellar forum, the bx.in.th exchange operator described one of their controls, which makes exceptionally good sense:

Quote from: bx.in.th
We also check every coin wallet balance before every withdrawal.  This means we have to run withdrawals in batches every 5 minutes.  Our system does an entire balance audit before every withdrawal batch.  We compare all users balances to the actual wallet balances, if any balance does not match then no withdrawals go out for any currency.

If Kraken isn't already doing something similar (and you very well may be), it might be worth implementing as an extra safeguard for all assets.

   
member
Activity: 118
Merit: 10
A difference which makes a difference
Any plans to support the Counterparty Protocol?  Like it's native currency XCP and consequently, all of the assets listed on it???

http://counterparty.io/
legendary
Activity: 1820
Merit: 1000
Ripple & Stellar Traders:

We have taken our Ripple and Stellar gateways offline pending further investigation of the "partial payments" vulnerability. We will bring the gateways back online as soon as possible, but not before we are absolutely certain that we aren't affected by this vulnerability.

https://medium.com/@abrkn/partial-payments-ripple-stellar-vulnerability-in-the-wild-29aaefd8a7ac

Stellar payments are back online, but Ripple is still offline while we patch our code to ensure we aren't vulnerable. We were previously vulnerable but nobody exploited it and we probably would have caught it fairly quickly if they had. Ripple will be offline at least until tomorrow, but hopefully not much longer than that.
legendary
Activity: 1820
Merit: 1000
A question about ripple and kraken:

You said something about your ripple "gateway".  But would'nt this mean I can deopsit for example € from another gateway to krakens gateway?  Where is this option to withdraw/deposit € via Ripple?


Sorry for the confusion, but that's not what I meant. The only transactions we support through the Ripple network are for XRP. So do not try to send us euros, bitcoins, or anything else through the Ripple network.
legendary
Activity: 2968
Merit: 1133
A question about ripple and kraken:

You said something about your ripple "gateway".  But would'nt this mean I can deopsit for example € from another gateway to krakens gateway?  Where is this option to withdraw/deposit € via Ripple?
sr. member
Activity: 364
Merit: 250
[#][#][#]
12 requests a minute is pretty slow - can't you just allow at least 120/minute for everyone who makes use of the private API?
compared to other markets that would be still not very much..

thanks
newbie
Activity: 58
Merit: 0
We have taken our Ripple and Stellar gateways offline pending further investigation of the "partial payments" vulnerability. We will bring the gateways back online as soon as possible, but not before we are absolutely certain that we aren't affected by this vulnerability.

If Kraken finds that it properly implemented the code to receive payments, and was not vulnerable, I hope that you will say so. This is much preferable to bringing Ripple and Stellar back online and not saying whether Kraken was safe to begin with or was fixed during the review.

Both Coinex and RippleFox have stated that they had properly accounted for partial payments in their deposit code, and were not at risk (RippleFox said that they were actually attacked, but their deposit code correctly examined the amount received, so their gateway implementation credited the attackers account with the funds actually received).
legendary
Activity: 1820
Merit: 1000
Ripple & Stellar Traders:

We have taken our Ripple and Stellar gateways offline pending further investigation of the "partial payments" vulnerability. We will bring the gateways back online as soon as possible, but not before we are absolutely certain that we aren't affected by this vulnerability.

https://medium.com/@abrkn/partial-payments-ripple-stellar-vulnerability-in-the-wild-29aaefd8a7ac
Stellar has disabled this functionality alltogether already (forcing you to pay fees when reimbursing someone), on Ripple you hopefully already check flags before crediting accounts. Better safe than sorry though, this is only a "vulnerability" if you didn't read the documentation, otherwise it's a useful feature.

The documentation on the partial payment feature is very poor. Even the Stellar Development Foundation only learned of the issue this past week. Even though there was an update to the Stellar code base to remove the feature, we are nonetheless taking the Stellar gateway offline until we can fully evaluate everything ourselves. Overly cautious perhaps, but we'd rather be overly cautious in a situation like this. 
Jump to: