Pages:
Author

Topic: Multiple Kraken Accounts, Robbed/Emptied. Kraken say "Fuck you, its your loss" - page 3. (Read 19794 times)

GMK
member
Activity: 61
Merit: 10
legendary
Activity: 2268
Merit: 1278
victims
When you do not use the security options available, you do not qualify as a victim.
legendary
Activity: 2268
Merit: 1278
Quote
Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password
Explain.
When I set 2-factor authentication on their security options, after i logged out. I re-login, I back to security options, and I was able to remove the 2-factor option WITHOUT the use of itself.
To be clearer, if after I set 2-factor protection somebody steal my user and password and login from the homepage, he/she is also able to remove the 2-factor protection, add another btc address, and withdraw all the balance. So their 2-factor protection is a pure fake, just an illusion to be protected.
You have to use 2fa to log in when 2fa is enabled. So, no, you can in fact not remove 2fa without the use of 2fa, unless you specifically choose to set things up that way. In which case you are deliberately sabotaging yourself and so deserve no pity. You are just another random fudster.

But that's not the important part. Why weren't you using it? Why would you intentionally weaken security for your money?
hero member
Activity: 840
Merit: 1000

1. Indeed I suggested them to check the robbery at their internal, but they don't want to listen reasons and they always sing the same song: phishing or somebody has stolen my pwd. It's also obvious they don't try to improve security, likely intentionally..should we guess why?
2. Make a complaint to the SEC? What is the SEC? could be useful? I know that when BTCs are stolen, are stolen forever.


Securities & Exchange Commission:


Quote
Thank you for contacting the U.S. Securities and Exchange Commission (SEC).

We appreciate you alerting the SEC's Office of Investor Education and Advocacy (OIEA) about the activities in your Kraken account.

OIEA processes many comments from individual investors and others. We keep records of the correspondence we receive in a searchable database that SEC staff may make use of in inspections, examinations, and investigations. In addition, some of the correspondence we receive is referred to other SEC offices and divisions for their review. If they have any questions or wish to respond directly to your comments, they will contact you.
 
In addition to the SEC, you may also want to contact the U.S. Commodity Futures Trading Commission (CFTC) and Consumer Financial Protection Bureau (CFPB ) for assistance.  The contact information for the CFTC and CFPB are as follows:
 
Commodity Futures Trading Commission (www.cftc.gov)
Three Lafayette Centre
1155 21st Street, NW
Washington DC 20581
CFTC Toll-Free Complaint Line: 866-366-2382
Online Complaint Info: www.cftc.gov/ConsumerProtection/FileaTiporComplaint/index.htm.
 
Consumer Financial Protection Bureau (www.cfpb.gov)
P.O. Box 4503
Iowa City, Iowa 52244
Fax (855) 237-2392
(855) 411-CFPB (2372)
Online Complaint Info:  www.consumerfinance.gov/complaint
 
Since you are in the U. K., we suggest that you contact the Financial Conduct Authority (FCA), the U.K. securities regulator, for any further assistance it could provide.  You may call FCA at 0800 111 6768 (toll-free) or 0300 500 8082, or send FCA an email at [email protected].

For general information regarding virtual currency, please review our publication "Bitcoin and Other Virtual Currency-Related Investments," at http://investor.gov/news-alerts/investor-alerts/investor-alert-bitcoin-other-virtual-currency-related-investments, as well as our investor alert "Ponzi Schemes Using Virtual Currencies" at: http://www.sec.gov/investor/alerts/ia_virtualcurrencies.pdf.

Sincerely,

K****** R******
Investor Assistance Specialist
Office of Investor Education and Advocacy
U.S. Securities and Exchange Commission
(800) 732-0330
www.sec.gov
www.investor.gov
www.twitter.com/SEC_Investor_Ed


No way are you gonna get your money back, and the same goes for me, and for other Kraken victims I have been in touch with, some who have lost massive sums of money. Most who had 2FA enabled for withdrawals, but not for logins! That is correct. Only 2FA enabled for logins was 'secure', because as you discovered, the 2FA for withdrawals could be turned off once in the account with zero confirmation required........with all that said, there have been reports of someone even with 2FA login being robbed also....in which case the rats at Kraken doing the thieving, may have fucked up a little bit, and emptied an account that they shouldn't have.....

.....but yeah...kiss the money goodbye, but you can at least do your bit to add the pile of complaints mounting up on authorities desks against Kraken. Enough of those, and these fucking vampires will be investigated.

Jesse Powell, fucking softly spoken snake.

GMK
member
Activity: 61
Merit: 10
Quote
Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password
Explain.
When I set 2-factor authentication on their security options, after i logged out. I re-login, I back to security options, and I was able to remove the 2-factor option WITHOUT the use of itself.
To be clearer, if after I set 2-factor protection somebody steal my user and password and login from the homepage, he/she is also able to remove the 2-factor protection, add another btc address, and withdraw all the balance. So their 2-factor protection is a pure fake, just an illusion to be protected.
GMK
member
Activity: 61
Merit: 10
Hi all,

I am one of the robbed Kraken's customers, and I'm happy to have found this thread because in another one somebody told me "You have to prove otherwise ppl ignore you"

I use BTCs since 2013, and of course I store the most of them out of websites exchange because I think they are ALL absolutely unreliable and uncontrollable; lucky to have avoided MtGox, lucky to have avoided Bitfinex, so this time I have been caught! Smiley but I also have been lucky and able to limit damage under 0.6 BTC only, and it's the 1st time I have been robbed by an exchange.

Kraken is simply an akward 100% criminal band, and this because:

1. They sent me an email telling they detected a suspicious login on the account and for this reason as precaution all withdrawals were on hold. Unfortunately the account was already emptied since 5 hours!!
2. Their support told me I probably had been a victim of phishing: Unfortunately, since I open the account I had user and pwd stored in the browser so I never digited nor on a fake site nor on their original one
3. Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password
4. They don't have an email confirmation system for withdrawals
5. They don't have a sms confirmation system for withdrawals
6. When I expose this facts, their support never reply

I am surprised to read ppl who are sure Kraken is honest and reliable, they are pure fucking vampires..just I don't have known if they are correlated in some way to Bitfinex robbery

Yes.....loads and loads of Kraken customers are all the victims of 'fishing attacks'. Of course. What else?

Really hard to say for sure what is going on here, but my best stab would be, that Kraken likely have rats within their own ranks, with back end server access, who are aware how shockingly bad and misleading Kraken's security is, and are taking advantage of it. This has been going on a long time, but recently, the frequency of account thefts has been picking up, and the level of complaints going on social media, has become noticeable to the point that Kraken's squeeky clean image (fuck knows how they have that, just shows the power of good PR), is finally coming under question.

I suggest you make a complaint to the SEC. Enough complaints pile up on their desks, and they may just eventually investigate.

1. Indeed I suggested them to check the robbery at their internal, but they don't want to listen reasons and they always sing the same song: phishing or somebody has stolen my pwd. It's also obvious they don't try to improve security, likely intentionally..should we guess why?
2. Make a complaint to the SEC? What is the SEC? could be useful? I know that when BTCs are stolen, are stolen forever.



legendary
Activity: 2268
Merit: 1278
Quote
Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password
Explain.
hero member
Activity: 840
Merit: 1000
Hi all,

I am one of the robbed Kraken's customers, and I'm happy to have found this thread because in another one somebody told me "You have to prove otherwise ppl ignore you"

I use BTCs since 2013, and of course I store the most of them out of websites exchange because I think they are ALL absolutely unreliable and uncontrollable; lucky to have avoided MtGox, lucky to have avoided Bitfinex, so this time I have been caught! Smiley but I also have been lucky and able to limit damage under 0.6 BTC only, and it's the 1st time I have been robbed by an exchange.

Kraken is simply an akward 100% criminal band, and this because:

1. They sent me an email telling they detected a suspicious login on the account and for this reason as precaution all withdrawals were on hold. Unfortunately the account was already emptied since 5 hours!!
2. Their support told me I probably had been a victim of phishing: Unfortunately, since I open the account I had user and pwd stored in the browser so I never digited nor on a fake site nor on their original one
3. Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password
4. They don't have an email confirmation system for withdrawals
5. They don't have a sms confirmation system for withdrawals
6. When I expose this facts, their support never reply

I am surprised to read ppl who are sure Kraken is honest and reliable, they are pure fucking vampires..just I don't have known if they are correlated in some way to Bitfinex robbery

Yes.....loads and loads of Kraken customers are all the victims of 'fishing attacks'. Of course. What else?

Really hard to say for sure what is going on here, but my best stab would be, that Kraken likely have rats within their own ranks, with back end server access, who are aware how shockingly bad and misleading Kraken's security is, and are taking advantage of it. This has been going on a long time, but recently, the frequency of account thefts has been picking up, and the level of complaints going on social media, has become noticeable to the point that Kraken's squeeky clean image (fuck knows how they have that, just shows the power of good PR), is finally coming under question.

I suggest you make a complaint to the SEC. Enough complaints pile up on their desks, and they may just eventually investigate.




GMK
member
Activity: 61
Merit: 10
legendary
Activity: 2268
Merit: 1278
What it's about is having something to complain about. The site is safe if you use the security options they have.

It's a choice. Stick your ass in the air and wait to be raped, or keep your pants on.

Put ya money where ya mouth is then, and go store some BTC on Kraken....

.....sure the thefts continue (how the fuck they keep it so quiet I really don't know), but if you use the security options they have, your funds are safe.....


......safe until Kraken offer you some Sorries for your Loses that is.
Who says I'm not? Oh, right, that would be you. Because it fits your narrative.

As a matter of fact, I do keep both euros and bitcoins on kraken. More than I keep in the bank, on both accounts.

How much does your butt hurt?
hero member
Activity: 840
Merit: 1000
What it's about is having something to complain about. The site is safe if you use the security options they have.

It's a choice. Stick your ass in the air and wait to be raped, or keep your pants on.

Put ya money where ya mouth is then, and go store some BTC on Kraken....

.....sure the thefts continue (how the fuck they keep it so quiet I really don't know), but if you use the security options they have, your funds are safe.....


......safe until Kraken offer you some Sorries for your Loses that is.
legendary
Activity: 2268
Merit: 1278
New no activity account guy who doesn't take his own bank security seriously and with experience on a dozen exchanges saying kraken has the worst security, including recently hacked bitfinex who will apparently reduce all user accounts by more than a third. Thanks for your contribution.

But wouldn't you agree that Kraken's security implementation isn't very good? I don't see why they don't add a second layer of authentication on withdrawals. Email confirmation is very standard. The emails I associate with my exchange accounts have strong passwords and 2fa, which protects me in the case that my exchange account and 2fa token are compromised.

BTC-E also, for instance, warns users on 2fa activation that not enabling 2fa on login is insecure. While it would be nice if this were widespread knowledge, it apparently isn't. Ideally, Kraken would give such a warning, if it didn't simply enforce 2fa on login in the first place.
Get a fucking yubikey and use it.

I get it. It's new, it's different, it's fucking scary. It also works, is convenient, and most probably more secure than your 2fa email. And it is dumb as shit not to use it.

I'm not really aware of this yubikey. Are you saying it's more secure than using Google 2fa on my devices? Why? It sounds like there's no difference in convenience, either.

I'm talking about email confirmation in addition to 2fa. Because, why not?
Then go look it up. This is the internet, there is no limit to the information you have at your fingertips.

Yubikey has the same weakness that Google 2fa has: the counterparty has your token, and it can be compromised. It isn't any safer than Google 2fa, so I'm not sure what you're getting at here. The issue is about email confirmation on top of 2fa. Saying "use 2fa" doesn't really address that. This is just basic security, basic user authentication. Confirm by email and 2fa.
What it's about is having something to complain about. The site is safe if you use the security options they have.

It's a choice. Stick your ass in the air and wait to be raped, or keep your pants on.
hero member
Activity: 756
Merit: 502
CryptoTalk.Org - Get Paid for every Post!
New no activity account guy who doesn't take his own bank security seriously and with experience on a dozen exchanges saying kraken has the worst security, including recently hacked bitfinex who will apparently reduce all user accounts by more than a third. Thanks for your contribution.

But wouldn't you agree that Kraken's security implementation isn't very good? I don't see why they don't add a second layer of authentication on withdrawals. Email confirmation is very standard. The emails I associate with my exchange accounts have strong passwords and 2fa, which protects me in the case that my exchange account and 2fa token are compromised.

BTC-E also, for instance, warns users on 2fa activation that not enabling 2fa on login is insecure. While it would be nice if this were widespread knowledge, it apparently isn't. Ideally, Kraken would give such a warning, if it didn't simply enforce 2fa on login in the first place.
Get a fucking yubikey and use it.

I get it. It's new, it's different, it's fucking scary. It also works, is convenient, and most probably more secure than your 2fa email. And it is dumb as shit not to use it.

I'm not really aware of this yubikey. Are you saying it's more secure than using Google 2fa on my devices? Why? It sounds like there's no difference in convenience, either.

I'm talking about email confirmation in addition to 2fa. Because, why not?
Then go look it up. This is the internet, there is no limit to the information you have at your fingertips.

Yubikey has the same weakness that Google 2fa has: the counterparty has your token, and it can be compromised. It isn't any safer than Google 2fa, so I'm not sure what you're getting at here. The issue is about email confirmation on top of 2fa. Saying "use 2fa" doesn't really address that. This is just basic security, basic user authentication. Confirm by email and 2fa.
hero member
Activity: 840
Merit: 1000
Bump.

Kraken customer accounts continue to be emptied. Kraken continues to be 'sorry for your loses', but erm, read the small print and weep (and fuck off).

Made my complaints to numerous LEA, can't believe these fuckers aren't getting investigated....these thefts are coming from within.
legendary
Activity: 2268
Merit: 1278
New no activity account guy who doesn't take his own bank security seriously and with experience on a dozen exchanges saying kraken has the worst security, including recently hacked bitfinex who will apparently reduce all user accounts by more than a third. Thanks for your contribution.

But wouldn't you agree that Kraken's security implementation isn't very good? I don't see why they don't add a second layer of authentication on withdrawals. Email confirmation is very standard. The emails I associate with my exchange accounts have strong passwords and 2fa, which protects me in the case that my exchange account and 2fa token are compromised.

BTC-E also, for instance, warns users on 2fa activation that not enabling 2fa on login is insecure. While it would be nice if this were widespread knowledge, it apparently isn't. Ideally, Kraken would give such a warning, if it didn't simply enforce 2fa on login in the first place.
Get a fucking yubikey and use it.

I get it. It's new, it's different, it's fucking scary. It also works, is convenient, and most probably more secure than your 2fa email. And it is dumb as shit not to use it.

I'm not really aware of this yubikey. Are you saying it's more secure than using Google 2fa on my devices? Why? It sounds like there's no difference in convenience, either.

I'm talking about email confirmation in addition to 2fa. Because, why not?
Then go look it up. This is the internet, there is no limit to the information you have at your fingertips.
hero member
Activity: 697
Merit: 520
New no activity account guy who doesn't take his own bank security seriously and with experience on a dozen exchanges saying kraken has the worst security, including recently hacked bitfinex who will apparently reduce all user accounts by more than a third. Thanks for your contribution.

But wouldn't you agree that Kraken's security implementation isn't very good? I don't see why they don't add a second layer of authentication on withdrawals. Email confirmation is very standard. The emails I associate with my exchange accounts have strong passwords and 2fa, which protects me in the case that my exchange account and 2fa token are compromised.

BTC-E also, for instance, warns users on 2fa activation that not enabling 2fa on login is insecure. While it would be nice if this were widespread knowledge, it apparently isn't. Ideally, Kraken would give such a warning, if it didn't simply enforce 2fa on login in the first place.
Get a fucking yubikey and use it.

I get it. It's new, it's different, it's fucking scary. It also works, is convenient, and most probably more secure than your 2fa email. And it is dumb as shit not to use it.

I'm not really aware of this yubikey. Are you saying it's more secure than using Google 2fa on my devices? Why? It sounds like there's no difference in convenience, either.

I'm talking about email confirmation in addition to 2fa. Because, why not?
legendary
Activity: 2268
Merit: 1278
New no activity account guy who doesn't take his own bank security seriously and with experience on a dozen exchanges saying kraken has the worst security, including recently hacked bitfinex who will apparently reduce all user accounts by more than a third. Thanks for your contribution.

But wouldn't you agree that Kraken's security implementation isn't very good? I don't see why they don't add a second layer of authentication on withdrawals. Email confirmation is very standard. The emails I associate with my exchange accounts have strong passwords and 2fa, which protects me in the case that my exchange account and 2fa token are compromised.

BTC-E also, for instance, warns users on 2fa activation that not enabling 2fa on login is insecure. While it would be nice if this were widespread knowledge, it apparently isn't. Ideally, Kraken would give such a warning, if it didn't simply enforce 2fa on login in the first place.
Get a fucking yubikey and use it.

I get it. It's new, it's different, it's fucking scary. It also works, is convenient, and most probably more secure than your 2fa email. And it is dumb as shit not to use it.
hero member
Activity: 697
Merit: 520
New no activity account guy who doesn't take his own bank security seriously and with experience on a dozen exchanges saying kraken has the worst security, including recently hacked bitfinex who will apparently reduce all user accounts by more than a third. Thanks for your contribution.

But wouldn't you agree that Kraken's security implementation isn't very good? I don't see why they don't add a second layer of authentication on withdrawals. Email confirmation is very standard. The emails I associate with my exchange accounts have strong passwords and 2fa, which protects me in the case that my exchange account and 2fa token are compromised.

BTC-E also, for instance, warns users on 2fa activation that not enabling 2fa on login is insecure. While it would be nice if this were widespread knowledge, it apparently isn't. Ideally, Kraken would give such a warning, if it didn't simply enforce 2fa on login in the first place.
legendary
Activity: 2268
Merit: 1278
New no activity account guy who doesn't take his own bank security seriously and with experience on a dozen exchanges saying kraken has the worst security, including recently hacked bitfinex who will apparently reduce all user accounts by more than a third. Thanks for your contribution.
newbie
Activity: 11
Merit: 0
If there was price for the most stupid comment you have earned it :-)

In Denmark we have 2FA implemented with digital signature called NemID, so when ever I make a transaction moving money I have to use it, but the banks have decided, that as long as you only log in and view the password will be sufficient.

As we all know 2FA is wasting time, and if you log in 10 times a day, just to check current trades, it is much easier just to use password, as you know that if anyone steals your password he/she will only be able to see your current balance, but can't do anything. Then if you decide to trade, withdraw or change any setting the 2FA is required, and should be sufficient.

As I am a user of many exchanges I have had the possibility to compare them and Kraken are an absolute winner in designing the worst security implementation of all of them seen from a user perspective
I have compared

Poloniex
BitFinex
BitMex
Yobit
Gatecoin
Bittrex
OKCoin
Yunbi
Bitstamp
LocalBitcoins
Bleutrade
Coinbase
Tether
BitCurex

To me it is clear that the kraken team lack a security expert as the current implementation looks like a design by programmers and not by a security expert

Have a nice day
Pages:
Jump to: