Pages:
Author

Topic: Multiple Kraken Accounts, Robbed/Emptied. Kraken say "Fuck you, its your loss" - page 2. (Read 19794 times)

hero member
Activity: 840
Merit: 1000
These guys even offer a "2fa" option that is a static password. That's unheard of. This is security snake oil. A static password is something you know, not something you have (like a 2fa token on a phone).

All we're saying to Kraken is: remove bad security options that confuse users. Stop offering fake 2fa. Send email confirmation for withdrawal like every other exchange out there. Enforce 2fa on login, so 2fa on withdrawal can't be disabled without access to the token. These are basic, basic issues that make Kraken look laughable in this space.

people have been telling them this for years. i'm not sure why they haven't done anything about it by now. maybe they think that having all the security "options" is a valuable sell point to their customers. they haven't learned yet -- keep it simple, stupid. maybe all these recent "phishing attacks" on their customers will open their eyes.

Maybe it is in their interests to maintain their default security options in a state that will always offer 'plausible deniability', when the rat at Kraken, scurries around selectively emptying customer accounts?

Perhaps like many other exchanges, Kraken have been robbed.

Bitstamp and Poloniex were robbed, there response was to admit they had been robbed, and opt to pay all their customers back.

Bitfinex was robbed, their response was to admit they had been robbed, and give all their customers a 36% haircut.

Perhaps Kraken have been robbed, and their response has been to keep the fact out of the public domain, and rebalance their books by slowly selectively draining customer accounts?
full member
Activity: 298
Merit: 100
These guys even offer a "2fa" option that is a static password. That's unheard of. This is security snake oil. A static password is something you know, not something you have (like a 2fa token on a phone).

All we're saying to Kraken is: remove bad security options that confuse users. Stop offering fake 2fa. Send email confirmation for withdrawal like every other exchange out there. Enforce 2fa on login, so 2fa on withdrawal can't be disabled without access to the token. These are basic, basic issues that make Kraken look laughable in this space.

people have been telling them this for years. i'm not sure why they haven't done anything about it by now. maybe they think that having all the security "options" is a valuable sell point to their customers. they haven't learned yet -- keep it simple, stupid. maybe all these recent "phishing attacks" on their customers will open their eyes.
hero member
Activity: 840
Merit: 1000
Ibian is just a bit stressed and bitter........best u keep of his case.....especially if you actually get the message through his thick skull, that Kraken is a dangerous exchange.

Nothing would please me more than for Ibian to have his Kraken stash plundered.
newbie
Activity: 11
Merit: 0
Hi Ibian

Will you make a promise that after the day, when your assets on Kraken gets stolen, you will never make a post on the internet?

But as you are a wise man, please explain the actual implementation you have selected on kraken.

Global Lock, 2FA on everything, session timeout of 10 sec etc, external keys ?,

please enlighten us you wise man.

How often do you check that there have been attempts to lock in on your account ?
Do you only use Kraken, og are you using other exchanges?

Best Regards
Thorvald
legendary
Activity: 2268
Merit: 1278
---> Ibian

Are you in any way connected to kraken since you keep defending the poor implementation of security ?
So far all I have seen is idiots who don't use the available security features, and then bitch. And to answer your question, yes. I have money there, and have never lost a satoshi. Because I actually use their security features. That's all it takes, don't be a self-sabotaging dumbass and things work out.
hero member
Activity: 756
Merit: 502
CryptoTalk.Org - Get Paid for every Post!
These guys even offer a "2fa" option that is a static password. That's unheard of. This is security snake oil. A static password is something you know, not something you have (like a 2fa token on a phone).

All we're saying to Kraken is: remove bad security options that confuse users. Stop offering fake 2fa. Send email confirmation for withdrawal like every other exchange out there. Enforce 2fa on login, so 2fa on withdrawal can't be disabled without access to the token. These are basic, basic issues that make Kraken look laughable in this space.
newbie
Activity: 11
Merit: 0
---> Ibian

Are you in any way connected to kraken since you keep defending the poor implementation of security ?

You say that people not activating 2FA by default are stupid, well if that is right the problem is that kraken is not defaulting (or even forcing) 2FA.

My main concern is still how the hacker bypassed the security as I know I had done nothing that could give away my password.

By as I told the police. Kraken is to busy hiding what really happened that they will not answer any of my questions.

As long as there are no explanation of what really happened I would not trust Kraken as it is probably just a matter of time before their 2FA are bypassed (I have a user that claims he has been robbed with 2FA on logon)

And then the questions that I think Kraken should answer:

   How many was hacked?
   How much was withdrawn?
   Can I get a log of all login attempts god and bad on my account?
   What about the moving of 555,000 ETH?
   Can I get a copy of the row in your database with information about me, including all history for changes
   Have you  studied all the logs from the days and weeks before the incident ? Words like Cross-site scripting, SQL-injections are familiar words ?
   Have you performed an external security check, or  is everything just based on your own testing ?
   By the way have you looked thru Google Analytics trace from these logins, that might be a clue to what the hacker also have visited, and you might be able to see if it is one or multiple persons

But as expected the only answer is something like:

We are still looking at some common patterns between all compromised accounts. Several of our agents are talking to account holders whose accounts have been breached.
I will soon assign this request to our compliance department so you can give the police the contact information provided by our compliance officers.
Robert
Kraken Client Engagement


but since that mostly silence from kraken.

It might not have helped that I have expressed my opinion of their current security compared to other exchanges.

Best regards
Thorvald


newbie
Activity: 11
Merit: 0
It would be nice if GMK can post the wallets used for the withdrawals from Kraken, as I am tracing the BTC and ETH stolen.

Currently we gave traced some BTC, and it would be interesting to see if your BTC can be traced to the same spot.

Thorvald
legendary
Activity: 2268
Merit: 1278
It is mad how this doesn't seem to have affected Kraken's reputation in the slightest.
That's because the only ones complaining are people like you.

and dozens of other people, IT security specialists amongst them who had 2FA enabled for withdrawals.
Right. People like you.
hero member
Activity: 840
Merit: 1000
It is mad how this doesn't seem to have affected Kraken's reputation in the slightest.
That's because the only ones complaining are people like you.

and dozens of other people, IT security specialists amongst them who had 2FA enabled for withdrawals.
legendary
Activity: 2268
Merit: 1278
It is mad how this doesn't seem to have affected Kraken's reputation in the slightest.
That's because the only ones complaining are people like you.
legendary
Activity: 1901
Merit: 1024
I am sorry if anyone lost anything even if it was their fault its not nice when it happen, but using abusive words and claiming its their system fault is not something ppl believe
If 2fa was not active, its a bit security risk and by now all people should know

Verification by email is good option, but even if exchange have none, if you don`t like it, don`t use them

I left BTC-e with only 2fa on withdrawal and security with no problem, I know the risk if someone login it can trade, if I have more volume there I will eneble it, so its my own decesion

If exchange has low security it should be talked about so people stay clear, but you can not prosecute someone because he has no some option that other do have
hero member
Activity: 840
Merit: 1000
Right. And not only absence of basic email verification, there's absence of confirmation through SMS too. Both are easy ways to be protected, while 2fa means lot of troubles if you lose, break or accidentally format your smartphone.
What do you mean exactly "crooks from the top down"?

Agreed. Kraken's security options are fucking idiotic.....unless the plan is all along to keep a good portion of their customers in 'unprotected' mode, in order that customer accounts can be periodically dipped into.

'crooks from the top down', would be if Jesse Powell was sitting around a table, discussing with high level management, a system whereby they could rob their customers whilst having plausible deniability, and having a plausible case that Kraken offered it's customers bullet proof security, if only it's customers had utilised it.

More likely, are rats within the woodwork at Kraken, who see how shockingly bad Kraken's security system is, and who routinely take advantage of it. I have seen many cases on reddit of users complaining about Kraken accounts being emptied, only to be told by the exchange, that their computer must have spyware on it, etc etc.

It is mad how this doesn't seem to have affected Kraken's reputation in the slightest.
GMK
member
Activity: 61
Merit: 10
Quote
Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password
Explain.
When I set 2-factor authentication on their security options, after i logged out. I re-login, I back to security options, and I was able to remove the 2-factor option WITHOUT the use of itself.
To be clearer, if after I set 2-factor protection somebody steal my user and password and login from the homepage, he/she is also able to remove the 2-factor protection, add another btc address, and withdraw all the balance. So their 2-factor protection is a pure fake, just an illusion to be protected.
You have to use 2fa to log in when 2fa is enabled. So, no, you can in fact not remove 2fa without the use of 2fa, unless you specifically choose to set things up that way. In which case you are deliberately sabotaging yourself and so deserve no pity. You are just another random fudster.


But that's not the important part. Why weren't you using it? Why would you intentionally weaken security for your money?
Well, if you want take defense of kraken, you are free to do it. I can just tell you that I'm used to move money online since 17 years on many activities and kraken it's the 1st exchange in which I have been robbed. Of course I already told in a previous post, I have been lucky to miss MtGox and Bitfinex, and in both cases 2fa is useless anyway.
But after so many years, I developped the nose to smell who cheats and kraken has all the features to be a vampire. There is the behaviour, the attitude. They made their robbery so akward and so in a stupid way through email that's easy to understand they are guilty.
But they have the screen, the distance protection, the international borders so there's nothing to do.
Do you want to become their defensive lawyer? There's no need. Internet and blockchain protect them. So you can also save your silly moral for yourself.
You didn't answer the question. Why didn't you use 2fa?
because I just had a low amount and if after 2fa set the smartphone is lost or broken is a lot of complication and wasted time to restore for a small amount
Because you were lazy. Got it.
Yes, you have perfectly understood the reason. Congrats. Now you are also ready to buy alarms for your home doors and windows, and just ignore thieves coming from the WC. Or, you may ask Kraken for an employment or a part of the robbery for your social efforts.
legendary
Activity: 2268
Merit: 1278
Quote
Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password
Explain.
When I set 2-factor authentication on their security options, after i logged out. I re-login, I back to security options, and I was able to remove the 2-factor option WITHOUT the use of itself.
To be clearer, if after I set 2-factor protection somebody steal my user and password and login from the homepage, he/she is also able to remove the 2-factor protection, add another btc address, and withdraw all the balance. So their 2-factor protection is a pure fake, just an illusion to be protected.
You have to use 2fa to log in when 2fa is enabled. So, no, you can in fact not remove 2fa without the use of 2fa, unless you specifically choose to set things up that way. In which case you are deliberately sabotaging yourself and so deserve no pity. You are just another random fudster.

But that's not the important part. Why weren't you using it? Why would you intentionally weaken security for your money?
Well, if you want take defense of kraken, you are free to do it. I can just tell you that I'm used to move money online since 17 years on many activities and kraken it's the 1st exchange in which I have been robbed. Of course I already told in a previous post, I have been lucky to miss MtGox and Bitfinex, and in both cases 2fa is useless anyway.
But after so many years, I developped the nose to smell who cheats and kraken has all the features to be a vampire. There is the behaviour, the attitude. They made their robbery so akward and so in a stupid way through email that's easy to understand they are guilty.
But they have the screen, the distance protection, the international borders so there's nothing to do.
Do you want to become their defensive lawyer? There's no need. Internet and blockchain protect them. So you can also save your silly moral for yourself.
You didn't answer the question. Why didn't you use 2fa?
because I just had a low amount and if after 2fa set the smartphone is lost or broken is a lot of complication and wasted time to restore for a small amount
Because you were lazy. Got it.
GMK
member
Activity: 61
Merit: 10
Well, if you want take defense of kraken, you are free to do it. I can just tell you that I'm used to move money online since 17 years on many activities and kraken it's the 1st exchange in which I have been robbed. Of course I already told in a previous post, I have been lucky to miss MtGox and Bitfinex, and in both cases 2fa is useless anyway.
But after so many years, I developped the nose to smell who cheats and kraken has all the features to be a vampire. There is the behaviour, the attitude. They made their robbery so akward and so in a stupid way through email that's easy to understand they are guilty.
But they have the screen, the distance protection, the international borders so there's nothing to do.
Do you want to become their defensive lawyer? There's no need. Internet and blockchain protect them. So you can also save your silly moral for yourself.


Indeed.

The absence of basic Email verification on Kraken tells us everything that we need to know, and it isn't that our computers have key-logging spyware on them.


Kraken are either crooks from the top down, or they have crooks wedged within their ranks, who selectively steal from their customers.
Right. And not only absence of basic email verification, there's absence of confirmation through SMS too. Both are easy ways to be protected, while 2fa means lot of troubles if you lose, break or accidentally format your smartphone.
What do you mean exactly "crooks from the top down"?
GMK
member
Activity: 61
Merit: 10
Quote
Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password
Explain.
When I set 2-factor authentication on their security options, after i logged out. I re-login, I back to security options, and I was able to remove the 2-factor option WITHOUT the use of itself.
To be clearer, if after I set 2-factor protection somebody steal my user and password and login from the homepage, he/she is also able to remove the 2-factor protection, add another btc address, and withdraw all the balance. So their 2-factor protection is a pure fake, just an illusion to be protected.
You have to use 2fa to log in when 2fa is enabled. So, no, you can in fact not remove 2fa without the use of 2fa, unless you specifically choose to set things up that way. In which case you are deliberately sabotaging yourself and so deserve no pity. You are just another random fudster.

But that's not the important part. Why weren't you using it? Why would you intentionally weaken security for your money?
Well, if you want take defense of kraken, you are free to do it. I can just tell you that I'm used to move money online since 17 years on many activities and kraken it's the 1st exchange in which I have been robbed. Of course I already told in a previous post, I have been lucky to miss MtGox and Bitfinex, and in both cases 2fa is useless anyway.
But after so many years, I developped the nose to smell who cheats and kraken has all the features to be a vampire. There is the behaviour, the attitude. They made their robbery so akward and so in a stupid way through email that's easy to understand they are guilty.
But they have the screen, the distance protection, the international borders so there's nothing to do.
Do you want to become their defensive lawyer? There's no need. Internet and blockchain protect them. So you can also save your silly moral for yourself.
You didn't answer the question. Why didn't you use 2fa?
because I just had a low amount and if after 2fa set the smartphone is lost or broken is a lot of complication and wasted time to restore for a small amount
hero member
Activity: 840
Merit: 1000
Well, if you want take defense of kraken, you are free to do it. I can just tell you that I'm used to move money online since 17 years on many activities and kraken it's the 1st exchange in which I have been robbed. Of course I already told in a previous post, I have been lucky to miss MtGox and Bitfinex, and in both cases 2fa is useless anyway.
But after so many years, I developped the nose to smell who cheats and kraken has all the features to be a vampire. There is the behaviour, the attitude. They made their robbery so akward and so in a stupid way through email that's easy to understand they are guilty.
But they have the screen, the distance protection, the international borders so there's nothing to do.
Do you want to become their defensive lawyer? There's no need. Internet and blockchain protect them. So you can also save your silly moral for yourself.


Indeed.

The absence of basic Email verification on Kraken tells us everything that we need to know, and it isn't that our computers have key-logging spyware on them.


Kraken are either crooks from the top down, or they have crooks wedged within their ranks, who selectively steal from their customers.
legendary
Activity: 2268
Merit: 1278
Quote
Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password
Explain.
When I set 2-factor authentication on their security options, after i logged out. I re-login, I back to security options, and I was able to remove the 2-factor option WITHOUT the use of itself.
To be clearer, if after I set 2-factor protection somebody steal my user and password and login from the homepage, he/she is also able to remove the 2-factor protection, add another btc address, and withdraw all the balance. So their 2-factor protection is a pure fake, just an illusion to be protected.
You have to use 2fa to log in when 2fa is enabled. So, no, you can in fact not remove 2fa without the use of 2fa, unless you specifically choose to set things up that way. In which case you are deliberately sabotaging yourself and so deserve no pity. You are just another random fudster.

But that's not the important part. Why weren't you using it? Why would you intentionally weaken security for your money?
Well, if you want take defense of kraken, you are free to do it. I can just tell you that I'm used to move money online since 17 years on many activities and kraken it's the 1st exchange in which I have been robbed. Of course I already told in a previous post, I have been lucky to miss MtGox and Bitfinex, and in both cases 2fa is useless anyway.
But after so many years, I developped the nose to smell who cheats and kraken has all the features to be a vampire. There is the behaviour, the attitude. They made their robbery so akward and so in a stupid way through email that's easy to understand they are guilty.
But they have the screen, the distance protection, the international borders so there's nothing to do.
Do you want to become their defensive lawyer? There's no need. Internet and blockchain protect them. So you can also save your silly moral for yourself.
You didn't answer the question. Why didn't you use 2fa?
GMK
member
Activity: 61
Merit: 10
Quote
Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password
Explain.
When I set 2-factor authentication on their security options, after i logged out. I re-login, I back to security options, and I was able to remove the 2-factor option WITHOUT the use of itself.
To be clearer, if after I set 2-factor protection somebody steal my user and password and login from the homepage, he/she is also able to remove the 2-factor protection, add another btc address, and withdraw all the balance. So their 2-factor protection is a pure fake, just an illusion to be protected.
You have to use 2fa to log in when 2fa is enabled. So, no, you can in fact not remove 2fa without the use of 2fa, unless you specifically choose to set things up that way. In which case you are deliberately sabotaging yourself and so deserve no pity. You are just another random fudster.

But that's not the important part. Why weren't you using it? Why would you intentionally weaken security for your money?
Well, if you want take defense of kraken, you are free to do it. I can just tell you that I'm used to move money online since 17 years on many activities and kraken it's the 1st exchange in which I have been robbed. Of course I already told in a previous post, I have been lucky to miss MtGox and Bitfinex, and in both cases 2fa is useless anyway.
But after so many years, I developped the nose to smell who cheats and kraken has all the features to be a vampire. There is the behaviour, the attitude. They made their robbery so akward and so in a stupid way through email that's easy to understand they are guilty.
But they have the screen, the distance protection, the international borders so there's nothing to do.
Do you want to become their defensive lawyer? There's no need. Internet and blockchain protect them. So you can also save your silly moral for yourself.
Pages:
Jump to: