Topic: Multiple Kraken Accounts, Robbed/Emptied. Kraken say "Fuck you, its your loss" - page 6. (Read 19781 times)

The latest pish from Kraken on my complaint:



In my previous correspondence with this weasel faced bag of shit, I stated that I believed that the most likely source of the 'hackers' would be within Kraken itself. There is another report within this thread of someone who was also just using the default Kraken security settings and lost a much larger amount than I did within the same time period. And note also what I have highlighted in red. 'The thefts' suggests that many Kraken users who didn't have 2FA enabled, were also hit, which to me suggests again that it isn't so much individual computers that have been hacked and had passwords logged, but Kraken that has been compromised, either from within, or from outside.

Notice how this cunt continues to highlight the fact that I have been fucked and my loss has nothing to do with Kraken.....of course, I don't expect at all to get my money back here, but I will press this as far as it is feasible for me to do so....'Duty of Care' springs to mind. Handling large amounts of the public's money yet not even implementing a level of security as basic as that which even most internet discussion forum's implement, seems to me to be 'negligent', to say the least......or deliberately structured to facilitate theft with plausible deniablitly, at worst.


 

Own wallet and cold storage are very good places to store value. And I agree that value should not be kept on online wallets or exchanges.

But I think that the richer ones, beside the money the have in cold storage, keep big amounts on exchanges or at hand to be able to speculate and earn big. Or just play on the exchange very often.

And there are the ones not very good at computers which find online wallets just fine: they're less often hacked than ordinary computers, they are always at hand and some have very good reputation. And people forget easily ...

People should start to realize that an exchange isn't the right place to keep bitcoin or FIAT  money, an exchange should be used only to 'change' your bitcoin for fiat or viceversa (or also altcoin).
Mt.gox docet....

Woah, complicated and strange too. First guess would be that your or Kraken's time was not correctly sync-ed with Google's for the 2FA.
But if that would happen to me, I'd try to move to another exchange/wallet.

On OP's defense. I did enable 2FA on my account and for some reason you get locked out so quickly which is why i had to disable it, then withdraw and then enable it again.
Very complicated and this was advised by a kraken employee...

So within the same timeframe as I was robbed, which suggests to me that Kraken has been compromised...and most likely, from within.

Sure, they can say that they have given us the tools to make our accounts more secure, and point out that we haven't made use of them, but what I would say to that is that customer security is primarily their business, and their responsibilty before it is Joe Public's. Even if all they done was straightforward email confirmation before sending any funds, like what practically every other exchange does, then neither your funds, nor my funds would have been stolen.

It seems to me that Kraken's default settings are designed to faciliate theft, only for them to be in the position to turn around and say 'but you never used advanced security options so fuck you".

Like everything else in crpyto land....dodgy as fuck, and I have zero faith that it isn't Kraken staff themselves who are executing these thefts on 'n00bs' who have not made use of more advanced security features.

They gave you thw tools (SMS, 2FA) and you didn't use them to protect 12k$ worth of BTC.

If this would have pennies, I would have understood. But on this amount... you almost asked for it.

Sorry for your loss, it's an extremely expensive lesson about securing your money....

So didn't you have enable the 2FA (with the google authenticator app)? I think, it's better safe than sorry? Especially here in this 'world', the cryptocurrency world that it's not really regulated at all.




I don't suggest you to use the 2FA with the sms (that I don't think exists on kraken) because your sim mobile can be compromised , I know I'm paranoid but as I said before 'better safe than sorry, and your text messages can be intercepted.
I would suggest rather to use the google authenticator app, much more safe than the sms verification.



About the Canada/us IP, it is most probable that the attacker used a sort of VPN or proxy to hide his original IP address.

My Kraken account got emptied 36 hours ago. Lost about 12k Euro of BTC.
I am now in discussion with them on this, similar status.
Who and how did they compromize my account? I do not know.
I did not have the sms verification setup - my mistake.
But, the IP that withdrew funds is on the other side of the world (Somewhere in canada/us?) And definitely i was not warned of the transaction prior to it. Only got an email after the funds were sent...

I just got my account emptied on Kraken then other day. As users of Kraken will know, with the default security settings, when you make a withdrawal, you get this Email:


So basically, Kraken who are in the business of handling Joe Public's money, and therefore must also be in the online security business, have a default security procedure, of not asking Joe for Email verification to confirm withdrawal request, but simply telling him that a withdrawal attempt has been made, and that he has perhaps 45 seconds to cancel it before it is processed!?

Needless to say, I contacted Kraken support immediately about this, and here is the Email correspondence so far (basically, 'FU pal, you are bumped):



To which I replied:



As I stated in my response to Kraken, none of my other accounts have been compromised (ever). Only Kraken, which makes me think that the rat is to be found under the floorboards of Kraken itself.