Show Posts
|
Pages: [1]
|
I know the fee is low on this one
9b6c3f3aafadbbb838c785f5d7481310a1c2fc1e1b96c21cd5cd7c52f4ac711c
and would be glad to have it accelerated, and let me know how much tip expected - and please use another currency than BTC as the fees are killing me :-)
Thanx in advance
Your transaction has been accelerated but fee is way too low . Almost not possible . Is the problem no of input tx's - Only one output? How are you making the acceleration ?
|
|
|
I know the fee is low on this one
9b6c3f3aafadbbb838c785f5d7481310a1c2fc1e1b96c21cd5cd7c52f4ac711c
and would be glad to have it accelerated, and let me know how much tip expected - and please use another currency than BTC as the fees are killing me :-)
Thanx in advance
|
|
|
Odds are 1 : 184,414 Currently there have been around 30.000 bids, so it is not that strange
|
|
|
Hi Ibian
Will you make a promise that after the day, when your assets on Kraken gets stolen, you will never make a post on the internet?
But as you are a wise man, please explain the actual implementation you have selected on kraken.
Global Lock, 2FA on everything, session timeout of 10 sec etc, external keys ?,
please enlighten us you wise man.
How often do you check that there have been attempts to lock in on your account ? Do you only use Kraken, og are you using other exchanges?
Best Regards Thorvald
|
|
|
---> Ibian
Are you in any way connected to kraken since you keep defending the poor implementation of security ?
You say that people not activating 2FA by default are stupid, well if that is right the problem is that kraken is not defaulting (or even forcing) 2FA.
My main concern is still how the hacker bypassed the security as I know I had done nothing that could give away my password.
By as I told the police. Kraken is to busy hiding what really happened that they will not answer any of my questions.
As long as there are no explanation of what really happened I would not trust Kraken as it is probably just a matter of time before their 2FA are bypassed (I have a user that claims he has been robbed with 2FA on logon)
And then the questions that I think Kraken should answer:
How many was hacked? How much was withdrawn? Can I get a log of all login attempts god and bad on my account? What about the moving of 555,000 ETH? Can I get a copy of the row in your database with information about me, including all history for changes Have you studied all the logs from the days and weeks before the incident ? Words like Cross-site scripting, SQL-injections are familiar words ? Have you performed an external security check, or is everything just based on your own testing ? By the way have you looked thru Google Analytics trace from these logins, that might be a clue to what the hacker also have visited, and you might be able to see if it is one or multiple persons
But as expected the only answer is something like:
We are still looking at some common patterns between all compromised accounts. Several of our agents are talking to account holders whose accounts have been breached. I will soon assign this request to our compliance department so you can give the police the contact information provided by our compliance officers. Robert Kraken Client Engagement
but since that mostly silence from kraken.
It might not have helped that I have expressed my opinion of their current security compared to other exchanges.
Best regards Thorvald
|
|
|
It would be nice if GMK can post the wallets used for the withdrawals from Kraken, as I am tracing the BTC and ETH stolen.
Currently we gave traced some BTC, and it would be interesting to see if your BTC can be traced to the same spot.
Thorvald
|
|
|
If there was price for the most stupid comment you have earned it :-)
In Denmark we have 2FA implemented with digital signature called NemID, so when ever I make a transaction moving money I have to use it, but the banks have decided, that as long as you only log in and view the password will be sufficient.
As we all know 2FA is wasting time, and if you log in 10 times a day, just to check current trades, it is much easier just to use password, as you know that if anyone steals your password he/she will only be able to see your current balance, but can't do anything. Then if you decide to trade, withdraw or change any setting the 2FA is required, and should be sufficient.
As I am a user of many exchanges I have had the possibility to compare them and Kraken are an absolute winner in designing the worst security implementation of all of them seen from a user perspective I have compared
Poloniex BitFinex BitMex Yobit Gatecoin Bittrex OKCoin Yunbi Bitstamp LocalBitcoins Bleutrade Coinbase Tether BitCurex
To me it is clear that the kraken team lack a security expert as the current implementation looks like a design by programmers and not by a security expert
Have a nice day
|
|
|
When you get scammed the worst thing you can do is to think it is your own fault.
We need to make kraken responsible as their security implementation is so bad it hurts my developer heart.
I have investigated a lot of the withdrawals that day, and find it quite interesting that about 8 hours after my complaint Kraken decided to move 555,660.00 ETH from their wallet for withdrawals to another wallet. That wallet is being used for withdrawals to day.
A coincidence ? I don't think so.
I know they will explain it with the HF and double spending on ETH/ETC but there is no need to create a new wallet as the old wallet could be reused.
I haven't investigated if the same happened to the BTC-wallet
Thorvald
|
|
|
I my case the robber logged in, and changed the 2FA I had activated on trading - I had not 2FA on login. Then used all my dollars to buy ETH and sent that and the ETH I had to an external wallet. All within 5 minutes. I was driving in France and just saw the mail after 30 mins. I had not used the userid/password on other exchanges, and know my pc is not compromised. What really surprised me that Kraken does allow change of 2FA without using 2FA, and secondly allow withdrawals without any extra check like locked wallet, email-confirmation, IP-restrictions or 2FA. The Kraken security is so bad implemented, that I am missing words. Unfortunately I had not made any withdrawals, so I didn't know. Worst of all was to see my almost 500 ETH sitting in the new wallet for 6 days, before seeing it being traded at shapeshift yesterday, and knowing its just lost. But anyone that has been hacked are welcome to write me at thorvald@blockchainheroes.com so we can all get a better view on how this could happen. And the Kraken statement that no one with 2 FA activated was hacked is a lie, but the one who did the job knew that it was possible to deactivate 2FA on trading without having access to 2FA. And using that no one with 2FA was hacked is a bad argument, as the data exposed might just give access to the login information needed, but with 2FA on login, the hacker could not log in. I am not saying this is an inside job, but I do think that someone had access to the user-database and thus could figure out what accounts to attack. And just seeing that all attacks was made around the same time tell me that this is not a coincidence. If it just was us users throwing around with our passwords, why would the hackers make a coordinated attack on Kraken. Best regards Thorvald
|
|
|
|