Topic: Multiple Kraken Accounts, Robbed/Emptied. Kraken say "Fuck you, its your loss" - page 5. (Read 19714 times)

What is the controversy? You could have used 2fa on login. You chose not to. Case closed.

And what's with using single letters instead of proper words? Is it some kind of mental hangup that happens when someone calls you on your bullshit? Second time now.

If u had bothered to read even the posts in this thread, you would know that wasn't the case.

No accounts that had 2FA Log In enabled, were compromised. Accounts that merely had 2FA on transactions, or withdrawals enabled, were robbed (see Thorvald's post), cos the 'hackers' (who I believe to be operating within Kraken, hence why only Kraken is affected, and affected en-masse), could simply turn off the 2FA with use of the account password.......and Kraken did not even utilise 2FA or even Email verification to confirm that the user want's to disable 2FA.

As already stated, unlike practically all other exchanges who use Email confirmation, or in the case of the Chinese exchanges, 2FA mobile phone confirmation as a minimum for confirming withdrawals or important changes to account (like new withdrawal addresses being added), Kraken simply send an Email out advising that the deed has been done. Kraken security is so bad, it makes the head spin with incredulity. Question is, why is it so bad? Are the team at Kraken actually really fucking stupid, or are things left this way in order to facilitate selective theft out of 'unprotected' customer accounts?

This shit has happened before, yet Kraken have still failed to take even the most standard, basic preventative measures, and implement Email verification as a bare minimum.

And no 2fa accounts were compromised. You willingly chose to have shitty security for your money. At some level, you wanted this to happen so you had something to bitch about. Business as usual with you.

The fact that you come to that conclusion reveals way more about you, than it does about me....not least of all that your judgement is in the shitter.....(but I knew that anyway).


P.S. Hope u are all buckled up for the big BTC Back to $450 slide?





This was the first thing he said in each of the three emails before he decided that my case was 'solved'. Making sure, that I knew in no uncertain terms, that it was MY LOSS (nothing to do with lax security on Kraken's part).




Kraken, the Bitcoin exchange that is truly 'Sorry For Your Loss'.

Worth noting that mat is most likely lying. He likes the victim role.

To the rest of you, get a yubikey.

True -- businesses should keep up with internet lingo.

Putting SFYL as a response to a customer in this situation is pretty screwed up (if slightly hilarious). But hey, these customer service guys get paid next to nothing I am sure, so what do we really expect?

Did he really open that email with "sorry for your loss"?! What a cucked thing to do.

I would never keep funds on an exchange where I don't at least have 2-factor authorization.

Email confirmation really isn't good enough. True, they should *at least* use email confirmation, but people should be securing their accounts better than that.

I don't think it is my own fault.....if it happens again, then I would think it was my own fault, which is why I am going to pull all my funds from all crypto exchanges, and call an end on trading crypto...no point in trying to trade crypto when accounts can be so easily robbed, and the exchanges can tell their customers to basically go do one, with impunity.

I have put in my complaint with UK Financial Ombudsman but of course, I expect to be told that since Kraken is an unregulated foreign exchange etc etc etc...... However, I am pretty sure that there are some written laws somewhere, that state that it is not ok for Kraken to operate the way they are operating whilst handling money belonging to the public, Duty of Care n all that....so will see where this takes me.

As for pressuring Kraken somehow......I dunno....could get a website made (kraken.con or something), into which all the reports of accounts being breached and/or robbed on 20th July can be filed....but for that, we would need a good few to come forward. So far, I have seen around 10 or so different people saying that their Kraken accounts were breached and/or robbed on 20th July 2016.

When you get scammed the worst thing you can do is to think it is your own fault.

We need to make kraken responsible as their security implementation is so bad it hurts my developer heart.

I have investigated a lot of the withdrawals that day, and find it quite interesting that about 8 hours after my complaint Kraken decided to move 555,660.00 ETH from their wallet for withdrawals to another wallet.
That wallet is being used for withdrawals to day.

A coincidence ? I don't think so.

I know they will explain it with the HF and double spending on ETH/ETC but there is no need to create a new wallet as the old wallet could be reused.

I haven't investigated if the same happened to the BTC-wallet

Thorvald

you have got scammed dude

Indeed.

I think a collection of all the different cases should be gathered together.....I can perhaps get a website knocked together, that could act as a pasteboard for all the different accounts of people having been robbed by Kraken, or someone operating with back end access to Kraken.

I intend to press ahead with a pushing a complaint through financial ombudsman etc, even though I know they are gonna turn around and tell me that Kraken is foreign and unregulated, therefore there is nothing that they can do, etc etc.....however, I do suspect that somewhere in the legal framework of any of the countries where Kraken bases it's operations, there is a 'Duty of Care', that Kraken must abide by in order to protect their customers funds. Despite this sort of thing having happened before, Kraken still opt to not even insist on something as simple as Email verification. This is inexplicable and inexcusable, and in my case, certainly would have prevented the theft from occuring.

The lax security, and the security breach is with Kraken, not with their customers. I am pretty sure if these cases ever got in front of a judge that this would be the conclusion that the courts would come to as well.

I have commented on the following links:

http://www.ethereum.net/kraken-accounts-hacked---users-did-not-enable-2fa#comment-2807211247
https://twitter.com/krakenfx/status/756528155255418880
https://cointelegraph.com/news/enable-2fa-kraken-accounts-compromised-funds-stolen

I am tracing both IP's and wallets, så if you want a trace of your BTC/ETH or the IP just mail me at [email protected] or add the information here

Thorvald

I've got some new ideas:

1. Join and gather all the info guys.
2. Use social media (but please do it nicely, else you clearly lose). It makes visible for many other customers that there are problems there and will force Kraken to do something useful on this.

I started with this: https://twitter.com/neuro_fish/status/758596711883374592

Good luck!

I my case the robber logged in, and changed the 2FA I had activated on trading - I had not 2FA on login. Then used all my dollars to buy ETH and sent that and the ETH I had to an external wallet. All within 5 minutes. I was driving in France and just saw the mail after 30 mins. I had not used the userid/password on other exchanges, and know my pc is not compromised. What really surprised me that Kraken does allow change of 2FA without using 2FA, and secondly allow withdrawals without any extra check like locked wallet, email-confirmation, IP-restrictions or 2FA.

The Kraken security is so bad implemented, that I am missing words.

Unfortunately I had not made any withdrawals, so I didn't know.

Worst of all was to see my almost 500 ETH sitting in the new wallet for 6 days, before seeing it being traded at shapeshift yesterday, and knowing its just lost.

But anyone that has been hacked are welcome to write me at [email protected] so we can all get a better view on how this could happen.

And the Kraken statement that no one with 2 FA activated was hacked is a lie, but the one who did the job knew that it was possible to deactivate 2FA on trading without having access to 2FA. And using that no one with 2FA was hacked is a bad argument, as the data exposed might just give access to the login information needed, but with 2FA on login, the hacker could not log in.

I am not saying this is an inside job, but I do think that someone had access to the user-database and thus could figure out what accounts to attack.
And just seeing that all attacks was made around the same time tell me that this is not a coincidence. If it just was us users throwing around with our passwords, why would the hackers make a coordinated attack on Kraken.

Best regards
Thorvald

Oh, it looks like I didn't know the whole story. Apologies.
If also 2FA accounts were emptied then it's a clear matter and you have all the ways to sue them for stealing from you.
And fyi, if it's an inside job, the secondary confirmation can be bypassed too with some (php) skills. But it's harder than only getting the DB.

M8, lots of Kraken accounts were emptied on the 20th July 2016 (https://cointelegraph.com/news/enable-2fa-kraken-accounts-compromised-funds-stolen), some are even claiming that they had 2FA enabled, only for the hackers to disable it with the account password and then empty the account. As I have already stated many times. Had Kraken done what Finex, or Stamp, or even BTC-E do, and sent me an Email asking me to confirm my transaction, then there would be no problem, cos the hacker(s) didn't have access to my Email account, mostly cos the 'hacker' is more likely than not operating at Krakens end, as opposed to having infiltrated my PC and having access to all my passwords and log in details.

I am not a tech expert, but accounts on one exchange, that operates a default security policy of no secondary confirmation for extractions, hit all on the same day, tells me that the problem is within Kraken itself........and this has happened before (2014 I think), and they still never learned. Willful negligence at best, intentional fraud at worst......if things are going so well at Kraken, selectively robbing their own customers and then blaming the customers for it would be one way to pay the bills. That is the only logical explanation I can think off for Kraken having not already implemented Email confirmation for all withdrawals at the very least.

Even if Kraken has a thief inside, it will be hard to find and prove.
And until that will happen (if ever), they will clearly deny everything and blame on you.
And they do have a point: their DB should contain also the 2FA seeds and then the thief could have emptied all the accounts. But this is unusual: not too greedy and pretty smart thief, the blame can go on you for not protecting the account and it can look like you were actually hacked locally. I said at start too that's your fault, remember?
Yes, you have a point too: too big of a coincidence that others got "hacked" in the same way at the same time.

The actual big problem is that Kraken should take you seriously and investigate more on this.
But until proven otherwise, both parts are "innocent".  


Edit: spelling

sure, but exchanges should also realize that they arnt e-wallets. allowing unprotected accounts to withdraw btc to any address without email confirmation, is probably a practice ALL exchanges should review...

Its hard to place blame on kraken,its a gr8 exchange and they have lots of neat features like that "account lock down" feature mat should have used. but i think there is still some room for improvement.

its pains me to hear these stories every once in awhile.

My reply to the above.........next step will be to file complaint with financial ombudsman. Obviously I don't expect to see any light at the end of this tunnel but this exchange needs to have complaints piling up in various jurisdictions imo.