June 26, 2024, 02:30:35 PM

Welcome, Guest

News: Latest Bitcoin Core release: 27.0 [Torrent]

Bitcoin Forum>Economy>Marketplace>Service Discussion>Exchanges

Pages:

«
1
2
3
4
5
6
»

Author

Topic: Multiple Kraken Accounts, Robbed/Emptied. Kraken say "Fuck you, its your loss" - page 4. (Read 19714 times)

Ibian

legendary

Legendary level

Activity: 2268

Merit: 1278

Quote from: illyiller on August 06, 2016, 01:45:58 PM

Quote from: Ibian on August 06, 2016, 01:45:31 AM

Quote from: illyiller on August 05, 2016, 06:40:49 PM

Quote from: Ibian on August 04, 2016, 10:03:32 PM

They have something much better than email confirmation, and you know it, and you chose not to use it. Even if they had that you would just bitch and complain that your email has been hacked on top of everything else.

That's really not reasonable, considering Kraken allowed those with 2FA enabled on withdrawals, to have it immediately removed. BTC-E, for instance, enforces a waiting period (2 weeks or 1 month, can't remember) before 2FA can be removed. They send a warning to the email address of the account holder for security, warning that someone is trying to remove the 2FA.

2FA is useless if one can remove it instantly with only account access.

Are you under the impression that they don't use yubikey for 2fa login? And on withdraws (both bitcoin and fiat) as well? It is much safer than a simple email link. And he chose, willingly and knowingly (unless he decided not to investigate his options, which would be even worse) not to use it.

I am aware, but didn't he have 2FA enabled for withdrawals (or transactions, whatever it is)? But it was trivially removed. Correct me if I'm wrong. One could not have known that 2FA withdrawals were useless because Kraken allows it to be instantly removed.

In hindsight, easy to say "should have used 2FA for login, not transactions." But only with hindsight.

If you have 2fa enabled for everything except login, then you are a fucking dumbass. Case closed.

illyiller

hero member

Activity: 697

Merit: 520

Quote from: Ibian on August 06, 2016, 01:45:31 AM

Quote from: illyiller on August 05, 2016, 06:40:49 PM

Quote from: Ibian on August 04, 2016, 10:03:32 PM

They have something much better than email confirmation, and you know it, and you chose not to use it. Even if they had that you would just bitch and complain that your email has been hacked on top of everything else.

That's really not reasonable, considering Kraken allowed those with 2FA enabled on withdrawals, to have it immediately removed. BTC-E, for instance, enforces a waiting period (2 weeks or 1 month, can't remember) before 2FA can be removed. They send a warning to the email address of the account holder for security, warning that someone is trying to remove the 2FA.

2FA is useless if one can remove it instantly with only account access.

Are you under the impression that they don't use yubikey for 2fa login? And on withdraws (both bitcoin and fiat) as well? It is much safer than a simple email link. And he chose, willingly and knowingly (unless he decided not to investigate his options, which would be even worse) not to use it.

I am aware, but didn't he have 2FA enabled for withdrawals (or transactions, whatever it is)? But it was trivially removed. Correct me if I'm wrong. One could not have known that 2FA withdrawals were useless because Kraken allows it to be instantly removed.

In hindsight, easy to say "should have used 2FA for login, not transactions." But only with hindsight.

Ibian

legendary

Legendary level

Activity: 2268

Merit: 1278

Your highly qualified person is as much of a dumbass as you are. And education is no substitute for intelligence.

MatTheCat

hero member

Activity: 840

Merit: 1000

Quote from: Ibian on August 06, 2016, 04:25:06 AM

Summary of this thread: guy does a shitty job protecting his money, bitches.

Kraken is safe, if you are not a dumbass with security. I trust them more than my own bank, personally.

U are a fucking clown Ibian.

I know of at least one, highly qualified person who was also robbed on Kraken. Masters in Computer Science, with an illustrious career spanning 30 years in IT.....in his case, he did have 2FA enabled, but only for transactions. Kraken's security configuration allowed this 2FA to be switched off from within the account, allowing the hacker to only need the login password for the account, in order to empty it.

This was a 'significant number' of Kraken accounts that were emptied, all around the same time.

It is clear, that Kraken have been compromised here, yet are passing the blame on to their customers.

What is not clear is whether the individual responsible for Kraken's security is a crook, or just plain stupid.

As is the case with Bitfinex, all Bitcoin exchanges are guilty, until proven innocent and with the exception perhaps of Bitstamp's hack back in 2015, there isn't a single case of crypto exchange shenanigans which has bucked that rule.

Bitcoinica, MtGox, Cryptsy, etc, etc....

Ibian

legendary

Legendary level

Activity: 2268

Merit: 1278

Quote from: ethereumhunter on August 06, 2016, 02:14:34 AM

in kraken? i thought there a good place? hm its so strange because if we have setup account for security it should be hard to enter the account, unless the admin of the site which have capabilites to look on every account. i curious that should be person who have access to take a look an every account which have big balance. i hope that kraken will be hacked like bitfinex yesterday or kraken been compromised and been hacked by inside person.

Summary of this thread: guy does a shitty job protecting his money, bitches.

Kraken is safe, if you are not a dumbass with security. I trust them more than my own bank, personally.

ethereumhunter

hero member

Activity: 2912

Merit: 541

Leading Crypto Sports Betting & Casino Platform

in kraken? i thought there a good place? hm its so strange because if we have setup account for security it should be hard to enter the account, unless the admin of the site which have capabilites to look on every account. i curious that should be person who have access to take a look an every account which have big balance. i hope that kraken will be hacked like bitfinex yesterday or kraken been compromised and been hacked by inside person.

Ibian

legendary

Legendary level

Activity: 2268

Merit: 1278

Quote from: illyiller on August 05, 2016, 06:40:49 PM

Quote from: Ibian on August 04, 2016, 10:03:32 PM

They have something much better than email confirmation, and you know it, and you chose not to use it. Even if they had that you would just bitch and complain that your email has been hacked on top of everything else.

That's really not reasonable, considering Kraken allowed those with 2FA enabled on withdrawals, to have it immediately removed. BTC-E, for instance, enforces a waiting period (2 weeks or 1 month, can't remember) before 2FA can be removed. They send a warning to the email address of the account holder for security, warning that someone is trying to remove the 2FA.

2FA is useless if one can remove it instantly with only account access.

Are you under the impression that they don't use yubikey for 2fa login? And on withdraws (both bitcoin and fiat) as well? It is much safer than a simple email link. And he chose, willingly and knowingly (unless he decided not to investigate his options, which would be even worse) not to use it.

illyiller

hero member

Activity: 697

Merit: 520

Quote from: Ibian on August 04, 2016, 10:03:32 PM

They have something much better than email confirmation, and you know it, and you chose not to use it. Even if they had that you would just bitch and complain that your email has been hacked on top of everything else.

That's really not reasonable, considering Kraken allowed those with 2FA enabled on withdrawals, to have it immediately removed. BTC-E, for instance, enforces a waiting period (2 weeks or 1 month, can't remember) before 2FA can be removed. They send a warning to the email address of the account holder for security, warning that someone is trying to remove the 2FA.

2FA is useless if one can remove it instantly with only account access.

illyiller

hero member

Activity: 697

Merit: 520

Quote from: MatTheCat on August 04, 2016, 09:38:57 PM

Quote from: illyiller on August 04, 2016, 02:42:55 PM

Any updates on this? I assume Kraken is just saying "screw you" to everyone involved? Seems obvious that there was a leaked database on their end and poor security practices by Kraken allowed accounts to be cleaned out.

Have they even announced anything about this? I only saw this thread by chance.

Have they at least implemented email confirmation by now?

The update from my end, is that I have a Police Complaint number, and that is about it, and yeah, the party line from Kraken is basically, "we are terribly sorry to hear about your loss, but fuck you", regardless of how obvious it was that the security leak was at their end, and how painfully incompetent their security measures are......

.......and on that note...I read on another thread that Kraken's response is to put a 24 hour delay on new withdrawal addresses being verified. Huh

Huh

Huh

Huh

Really!? Are they trying to piss their customers off on purpose? Are they determined to have some sort of 'security' system in place, that will always allow theft with plausible deniability, and/or the legitimate blaming of the customer? Why not just implement fucking Email verification for all withdrawals, or indeed, go the route of the Chinese exchanges and insist on 2FA via mobile SMS (and no Kraken, I don't want your Google 2FA).

The antics/shenanigans of this exchange defies words....

Damn, sorry to hear this -- although it is what I expected. There really hasn't been much talk at all about this, even though there has been a number of people that have come forward. They have probably successfully brushed it under the rug.

Indeed, email verification is the basic necessary verification that a site should be doing before allowing a withdrawal. There really is no excuse.

Ibian

legendary

Legendary level

Activity: 2268

Merit: 1278

Quote from: MatTheCat on August 05, 2016, 05:57:44 AM

Quote from: Ibian on August 04, 2016, 10:03:32 PM

They have something much better than email confirmation, and you know it, and you chose not to use it. Even if they had that you would just bitch and complain that your email has been hacked on top of everything else.

Yes...they have 2FA......just not the kind of 2FA that I like.....some fucking google shit that relies on Smart Phones, as opposed to text messages. But people who enabled 2FA for transactions were also robbed. The thief simply disabled that 2FA, using the password for the account. Only those who had 2FA log-in enabled, were safe from getting their accounts emptied.

If my Email address had also been hacked, which it wasn't, then I would have no option but to admit that my own PC had been compromised, but the fact is, that it wasn't hacked. It wasn't hacked because Kraken never had no record of it sitting on a database that could be 'leaked'.

Yubikey, you cunt. Already mentioned it before too. You deliberately sabotage yourself.

MatTheCat

hero member

Activity: 840

Merit: 1000

Quote from: Ibian on August 04, 2016, 10:03:32 PM

They have something much better than email confirmation, and you know it, and you chose not to use it. Even if they had that you would just bitch and complain that your email has been hacked on top of everything else.

Yes...they have 2FA......just not the kind of 2FA that I like.....some fucking google shit that relies on Smart Phones, as opposed to text messages. But people who enabled 2FA for transactions were also robbed. The thief simply disabled that 2FA, using the password for the account. Only those who had 2FA log-in enabled, were safe from getting their accounts emptied.

If my Email address had also been hacked, which it wasn't, then I would have no option but to admit that my own PC had been compromised, but the fact is, that it wasn't hacked. It wasn't hacked because Kraken never had no record of it sitting on a database that could be 'leaked'.

Ibian

legendary

Legendary level

Activity: 2268

Merit: 1278

They have something much better than email confirmation, and you know it, and you chose not to use it. Even if they had that you would just bitch and complain that your email has been hacked on top of everything else.

MatTheCat

hero member

Activity: 840

Merit: 1000

Quote from: illyiller on August 04, 2016, 02:42:55 PM

Any updates on this? I assume Kraken is just saying "screw you" to everyone involved? Seems obvious that there was a leaked database on their end and poor security practices by Kraken allowed accounts to be cleaned out.

Have they even announced anything about this? I only saw this thread by chance.

Have they at least implemented email confirmation by now?

The update from my end, is that I have a Police Complaint number, and that is about it, and yeah, the party line from Kraken is basically, "we are terribly sorry to hear about your loss, but fuck you", regardless of how obvious it was that the security leak was at their end, and how painfully incompetent their security measures are......

.......and on that note...I read on another thread that Kraken's response is to put a 24 hour delay on new withdrawal addresses being verified. Huh

Huh

Huh

Huh

Really!? Are they trying to piss their customers off on purpose? Are they determined to have some sort of 'security' system in place, that will always allow theft with plausible deniability, and/or the legitimate blaming of the customer? Why not just implement fucking Email verification for all withdrawals, or indeed, go the route of the Chinese exchanges and insist on 2FA via mobile SMS (and no Kraken, I don't want your Google 2FA).

The antics/shenanigans of this exchange defies words....

illyiller

hero member

Activity: 697

Merit: 520

Any updates on this? I assume Kraken is just saying "screw you" to everyone involved? Seems obvious that there was a leaked database on their end and poor security practices by Kraken allowed accounts to be cleaned out.

Have they even announced anything about this? I only saw this thread by chance.

Have they at least implemented email confirmation by now?

Gyrsur

legendary

Legendary level

Activity: 2856

Merit: 1518

Bitcoin Legal Tender Countries: 2 of 206

sad!

BlindMayorBitcorn

legendary

Legendary level

Activity: 1260

Merit: 1115

So much loss. Cry

Cry

MatTheCat

hero member

Activity: 840

Merit: 1000

and now Bitfinex has been hit.....

https://www.bitfinex.com/pages/stats

This is where my main stash of crypto allocated funds are....after the Kraken thefts, I have been wanting to get everything I have out of crypto, but due the means I get everything out (selling for GBP on LocalBitcoin), I never could find me a 5-6 hour window of time that I trusted (for Bitcoin not to tank), in which I could get all my funds withdrawn.

I hope to fuck that I am not going to log back onto Finex in however many days/hours time, only to find that my account has been emptied......the Kraken loss I can handle....if my Bitfinex account were to have went the same way......man oh fkn man!

Ibian

legendary

Legendary level

Activity: 2268

Merit: 1278

False. I take no pleasure in other peoples misfortune. I just don't care when it is of their own doing. There is a very different motive behind it for me. Your type merely likes to project.

MatTheCat

hero member

Activity: 840

Merit: 1000

Quote from: BlindMayorBitcorn on July 31, 2016, 07:24:42 AM

Quote from: MatTheCat on July 31, 2016, 05:00:29 AM

P.S. Hope u are all buckled up for the big BTC Back to $450 slide?

This was an unusual touch...

Me n Ibian just like gloating at each other's misfortune.

He has gloated at me being robbed, I shall gloat at him, when BTC is back down at $450, and all those notional profits of his have evaporated.

BlindMayorBitcorn

legendary

Legendary level

Activity: 1260

Merit: 1115

Quote from: MatTheCat on July 31, 2016, 05:00:29 AM

P.S. Hope u are all buckled up for the big BTC Back to $450 slide?

This was an unusual touch...

Pages:

«
1
2
3
4
5
6
»

Bitcoin Forum>Economy>Marketplace>Service Discussion>Exchanges

Jump to: