Topic: Cryptopia Cryptocurrency Platform Services and Development - page 214. (Read 173834 times)

I also use this exchange since the beginning i really like Cryptopia the team member they work professional,this exchange well have a pretty good vision in the future aside from that we can also earn various cryptocurrency as a rewards for such action we have made.

You say you're not sure what bigger exchanges do to thwart this? I can answer that, nothing. Dumping happens all the time, legitimately. This is not something for the exchange to stop as it is what an exchange is for. For a hacker to get into your account, you did something wrong or had something of yours compromised, whether it is re-using your password elsewhere, getting caught by a phishing scam, left yourself logged in somewhere, had your phone hacked, had someone looking over your shoulder, it is your security that was compromised not the exchange. Cryptopia has more 2FA options than anyone else out there, including on login, that will further protect your account. I suggest you use the options available to you and properly secure your account. Oh, and Cryptopia does appear to lock your account after 3 failed attempts.

Did they fix the problem

You made some fair points and you're somewhat right about the brute force statement.  However, Cryptopia themselves are the ones that notified about the "multiple" attempts. Granted, there is no way for me to know exactly how many "multiple" means, but most certainly in implies more than 3, which should be the floor for beginning of acct locking protocols (as you described above).  Since this clearly was either not in place at all or way too easily circumvented by the hackers, which on it's own is more than sufficient grounds for me being due full restitution from Cryptopia.

Although I have now switched over all 6 types security to Google Auth 2FA, this is still insufficient for the trading/withdrawal loophole I mentioned.  Cryptopia admitted that the 2FA (PIN at the time) had temporarily thwarted the hackers from just sending all of the LTC they accumulated to an external LTC wallet. But, they used the trading loophole that i described to artificially dump an unknown shyt-coin at 3% its cost (to obviously another acct they owned).  So bottom line, if a hacker somehow accesses your account, even their 2FA protocols will not protect from your account be liquidated. This is another huge security gap IMO.  Not sure what the bigger, well-respected exchanges has in place to thwart this but there has to be a way.

I sympathise with you losing your funds, but the whole idea of 2FA is that it proves (at least with high confidence) that you have physical possession of the sole authentication device and therefore you are likely to be the rightful owner of the account. [2FA isn't perfect, of course. Email 2FA is useless if a hacker already controls your email, and SMS 2FA can be captured by porting your phone number to new account.]

A different password for each site will not help if you have something that has logged your keypresses, or nabbed your browser's password file. Anyone who has a copy of your "virtual" credentials can log in, from anywhere in the world. That's what 2FA is intended to prevent.

I do think you have raised a valid point about failed logins. Multiple attempts should lock out the account, temporarily at first, for a longer period each failure, then eventually semi-permanently. It does sound like you may be making some assumptions about brute forcing, though.

This may be somewhat true for some users but I actually had a different PW for my Cryp acct than any other exchange, so this does not apply to me. And as stated, I had 2FA in place for withdrawals but the hackers were still able to circumvent that Cryptopia "protection" by selling off the coin they converted at 3% of cost to obviously another either hacked or legit Cryp account they owned.  Cryp apparently offers NO protection against this type of obviously criminal activity, which is baffling to me because there is nobody on the planet that would sell be legitimately trying to sell what they just bought at 3% the cost.

That aside, the fact that the hackers were even able to log into my acct in the first place after "multiple failed attempts" is ABSOLUTELY the fault of Cryptopia!  Again, almost every site on the planet will lock your acct after 3 failed attempts, but a site where people have a ton of money in coins doesn't offer this basic protection?  Clearly a major fail.  On top of this, my original CT PW was not only different from my other exchange sites but was also unique vs any PW on any other site, period.  I did this because i was unsure of CT (also the reason I only put a few coins here to start, thank god), so there ls literally no way the hackers could have poached my PW from any other site... once again confirming that there had to be multiple attempts in the hundreds or thousands or more before they got in. 

I still have not heard back (3 days now) regarding my request for full restitution. I suppose I have another 4-5 days until they even read the e-mail, given their recent support response history.

I have had both good, and not so good experiences here.

I only recently started using Cryptopia after they started trading in Onion.  So far, I have had absolutely no issues with trading there, other service, I can't comment on, as I haven't yet used them.

The interface is straightforward, not overcrowded, easy to find what you are looking for, and the 2FA isn't a totally obnoxious jump through flaming hoops.

Works well for me, and I hope to see you guys add Gridcoin (GRC) soon!

I realize that there is a big problem with stuck BTC transactions, you are right about that, but Poloniex somehow manages to send all my transactions with only 0.0001 BTC fee. I've no idea how they do it, but I withdraw BTC from Polo at least 2-3 times a week, been doing so for months, and they always get first confirmation within an hour or two at worst. Most of the time within 30 minutes. I really don't know how they do it, but that's the way it is — dozens of transactions and I don't recall a single one that's been stuck for more than 2 hours.

Probably because customers have been complaining about withdrawal times. Relying on BTC to move funds in a timely and consistent manner is almost pointless right now. The mempool is so clogged due to almost every block hitting against the 1MB block size limit. If you want speed, you have to pay more, so your transaction has a better chance of being incorporated.

https://blockchain.info/charts/cost-per-transaction

With a current mempool size (pending transactions) of 60MB and an average block size of 1.05MB, demand is exceeding supply by a very significant factor. It was even worse a few days ago.

If you're sending between exchanges (or to a recipient that will accept another coin) I recommend converting to an intermediate coin such as LTC or BCH. The odd thing is that even when you account for the losses due to the extra buy/sell steps, you may still come out ahead, because the transaction fee is so much lower. Plus your transaction completes in a fairly consistent time. If you send BTC it could be wallowing in the mempool for several hours, maybe even days.

At the moment I only withdraw BTC when I'm planning to store funds in my wallet for a while. Anything else uses an intermediate coin for the transfer.

Thanks. Has there ever been a CEFS payout yet? If so, can you tell what dates because I don't see a payout

The cefs payout is each month for example the first or the last in month ,cefs payout only to users the hold cefs at the moment when payout is , if you have the halv month cefs and you sold and at this time is the payout you get nothing ! for this month cefs payout in delay because the working on it about to get the payouts done automatic ! So if you a cefs holder ,hold it payouts coming ! ATM i dosn t know anything about to get listed on othe Exchanges !



Regards  Lafu

That makes me wonder too. Poloniex has had 0.0001 fee for ages and it works fine, I regularly withdraw BTC from there and they always confirm super fast. But with cryptopia I have to exchange BTC to some other currency with a more reasonable withdrawal fee first and then transfer that currency to Polo before finally withdrawing BTC. 0.002 BTC fee is crazy high. 

Hi Cryptopia , why is widthraw fee constantly getting higher? . In BTC 0.002 is like 16$ ?

Thanks for the clarification lafu. Can you tell when and how often will the CEFS holders get paid? Also, any update on getting CEFS listed on coinmarketcap?

It isnt Cryptopia who isnt secured , Cryptopia is secured  , its the Users oneself safety that the problem is because they use the same email and password for more sites and many users dosn t activated 2FA for all , if all users be sure this dosn t happend again please activate 2FA and use a  email and password only for this Account !

Regards  Lafu

yup, sounds very similar to my situation (2 posts above yours). There are/were apparently some major gaps in their security protocols that allowed these things to happen. I have yet to hear back about what they are going to do about the loss it caused for my account, but their response and what they are willing to do to rectify these issues are going to make or break them long term. If they do the right thing and return the funds to those who were hacked due to insufficient site security & also fix those gaps ASAP,  then I think Cryptopia will have a long prosperous run.  If not, then I can't imagine them being around much longer. After all, who is going to put any coins there if they are susceptible to hacks and then won't even make it right with their customers?

As i sayd your tickets are lost here this is not for support , Only Support Tickets will get an answer ! 

I do not understand something.

Why  Withdraw not working?
#52683 tiket

Add Bitshares to Cryptopia. I'm surprised you don't have it added yet. Its one of the best projects in crypto. Steal all the volume Bittrex used to have and doesn't have anymore because it delisted it for some whack reason. You could add an easy 100 btc volume to your exchange per day with Bitshares. I'll recommend you to all my contacts if you add it, but don't make me look desperate. This is more for your own benefit than for Bitshares