Topic: Multiple Kraken Accounts, Robbed/Emptied. Kraken say "Fuck you, its your loss" - page 3. (Read 19714 times)

victims

When I set 2-factor authentication on their security options, after i logged out. I re-login, I back to security options, and I was able to remove the 2-factor option WITHOUT the use of itself.
To be clearer, if after I set 2-factor protection somebody steal my user and password and login from the homepage, he/she is also able to remove the 2-factor protection, add another btc address, and withdraw all the balance. So their 2-factor protection is a pure fake, just an illusion to be protected.

1. Indeed I suggested them to check the robbery at their internal, but they don't want to listen reasons and they always sing the same song: phishing or somebody has stolen my pwd. It's also obvious they don't try to improve security, likely intentionally..should we guess why?
2. Make a complaint to the SEC? What is the SEC? could be useful? I know that when BTCs are stolen, are stolen forever.

Thank you for contacting the U.S. Securities and Exchange Commission (SEC).

We appreciate you alerting the SEC's Office of Investor Education and Advocacy (OIEA) about the activities in your Kraken account.

OIEA processes many comments from individual investors and others. We keep records of the correspondence we receive in a searchable database that SEC staff may make use of in inspections, examinations, and investigations. In addition, some of the correspondence we receive is referred to other SEC offices and divisions for their review. If they have any questions or wish to respond directly to your comments, they will contact you.
 
In addition to the SEC, you may also want to contact the U.S. Commodity Futures Trading Commission (CFTC) and Consumer Financial Protection Bureau (CFPB ) for assistance.  The contact information for the CFTC and CFPB are as follows:
 
Commodity Futures Trading Commission (www.cftc.gov)
Three Lafayette Centre
1155 21st Street, NW
Washington DC 20581
CFTC Toll-Free Complaint Line: 866-366-2382
Online Complaint Info: www.cftc.gov/ConsumerProtection/FileaTiporComplaint/index.htm.
 
Consumer Financial Protection Bureau (www.cfpb.gov)
P.O. Box 4503
Iowa City, Iowa 52244
Fax (855) 237-2392
(855) 411-CFPB (2372)
Online Complaint Info:  www.consumerfinance.gov/complaint
 
Since you are in the U. K., we suggest that you contact the Financial Conduct Authority (FCA), the U.K. securities regulator, for any further assistance it could provide.  You may call FCA at 0800 111 6768 (toll-free) or 0300 500 8082, or send FCA an email at [email protected].

For general information regarding virtual currency, please review our publication "Bitcoin and Other Virtual Currency-Related Investments," at http://investor.gov/news-alerts/investor-alerts/investor-alert-bitcoin-other-virtual-currency-related-investments, as well as our investor alert "Ponzi Schemes Using Virtual Currencies" at: http://www.sec.gov/investor/alerts/ia_virtualcurrencies.pdf.

Sincerely,

K****** R******
Investor Assistance Specialist
Office of Investor Education and Advocacy
U.S. Securities and Exchange Commission
(800) 732-0330
www.sec.gov
www.investor.gov
www.twitter.com/SEC_Investor_Ed

Explain.

Yes.....loads and loads of Kraken customers are all the victims of 'fishing attacks'. Of course. What else?

Really hard to say for sure what is going on here, but my best stab would be, that Kraken likely have rats within their own ranks, with back end server access, who are aware how shockingly bad and misleading Kraken's security is, and are taking advantage of it. This has been going on a long time, but recently, the frequency of account thefts has been picking up, and the level of complaints going on social media, has become noticeable to the point that Kraken's squeeky clean image (fuck knows how they have that, just shows the power of good PR), is finally coming under question.

I suggest you make a complaint to the SEC. Enough complaints pile up on their desks, and they may just eventually investigate.

1. Indeed I suggested them to check the robbery at their internal, but they don't want to listen reasons and they always sing the same song: phishing or somebody has stolen my pwd. It's also obvious they don't try to improve security, likely intentionally..should we guess why?
2. Make a complaint to the SEC? What is the SEC? could be useful? I know that when BTCs are stolen, are stolen forever.

Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password

Hi all,

I am one of the robbed Kraken's customers, and I'm happy to have found this thread because in another one somebody told me "You have to prove otherwise ppl ignore you"

I use BTCs since 2013, and of course I store the most of them out of websites exchange because I think they are ALL absolutely unreliable and uncontrollable; lucky to have avoided MtGox, lucky to have avoided Bitfinex, so this time I have been caught! but I also have been lucky and able to limit damage under 0.6 BTC only, and it's the 1st time I have been robbed by an exchange.

Kraken is simply an akward 100% criminal band, and this because:

1. They sent me an email telling they detected a suspicious login on the account and for this reason as precaution all withdrawals were on hold. Unfortunately the account was already emptied since 5 hours!!
2. Their support told me I probably had been a victim of phishing: Unfortunately, since I open the account I had user and pwd stored in the browser so I never digited nor on a fake site nor on their original one
3. Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password
4. They don't have an email confirmation system for withdrawals
5. They don't have a sms confirmation system for withdrawals
6. When I expose this facts, their support never reply

I am surprised to read ppl who are sure Kraken is honest and reliable, they are pure fucking vampires..just I don't have known if they are correlated in some way to Bitfinex robbery

Put ya money where ya mouth is then, and go store some BTC on Kraken....

.....sure the thefts continue (how the fuck they keep it so quiet I really don't know), but if you use the security options they have, your funds are safe.....


......safe until Kraken offer you some Sorries for your Loses that is.

What it's about is having something to complain about. The site is safe if you use the security options they have.

It's a choice. Stick your ass in the air and wait to be raped, or keep your pants on.

Yubikey has the same weakness that Google 2fa has: the counterparty has your token, and it can be compromised. It isn't any safer than Google 2fa, so I'm not sure what you're getting at here. The issue is about email confirmation on top of 2fa. Saying "use 2fa" doesn't really address that. This is just basic security, basic user authentication. Confirm by email and 2fa.

Then go look it up. This is the internet, there is no limit to the information you have at your fingertips.

I'm not really aware of this yubikey. Are you saying it's more secure than using Google 2fa on my devices? Why? It sounds like there's no difference in convenience, either.

I'm talking about email confirmation in addition to 2fa. Because, why not?

Get a fucking yubikey and use it.

I get it. It's new, it's different, it's fucking scary. It also works, is convenient, and most probably more secure than your 2fa email. And it is dumb as shit not to use it.

But wouldn't you agree that Kraken's security implementation isn't very good? I don't see why they don't add a second layer of authentication on withdrawals. Email confirmation is very standard. The emails I associate with my exchange accounts have strong passwords and 2fa, which protects me in the case that my exchange account and 2fa token are compromised.

BTC-E also, for instance, warns users on 2fa activation that not enabling 2fa on login is insecure. While it would be nice if this were widespread knowledge, it apparently isn't. Ideally, Kraken would give such a warning, if it didn't simply enforce 2fa on login in the first place.

New no activity account guy who doesn't take his own bank security seriously and with experience on a dozen exchanges saying kraken has the worst security, including recently hacked bitfinex who will apparently reduce all user accounts by more than a third. Thanks for your contribution.