ThorvaldAagaard
Newbie
Offline
Activity: 11
Merit: 0
|
|
July 29, 2016, 09:56:43 PM |
|
When you get scammed the worst thing you can do is to think it is your own fault.
We need to make kraken responsible as their security implementation is so bad it hurts my developer heart.
I have investigated a lot of the withdrawals that day, and find it quite interesting that about 8 hours after my complaint Kraken decided to move 555,660.00 ETH from their wallet for withdrawals to another wallet. That wallet is being used for withdrawals to day.
A coincidence ? I don't think so.
I know they will explain it with the HF and double spending on ETH/ETC but there is no need to create a new wallet as the old wallet could be reused.
I haven't investigated if the same happened to the BTC-wallet
Thorvald
|
|
|
|
MatTheCat (OP)
|
|
July 30, 2016, 08:35:32 PM |
|
When you get scammed the worst thing you can do is to think it is your own fault.
We need to make kraken responsible as their security implementation is so bad it hurts my developer heart.
I have investigated a lot of the withdrawals that day, and find it quite interesting that about 8 hours after my complaint Kraken decided to move 555,660.00 ETH from their wallet for withdrawals to another wallet. That wallet is being used for withdrawals to day.
A coincidence ? I don't think so.
I know they will explain it with the HF and double spending on ETH/ETC but there is no need to create a new wallet as the old wallet could be reused.
I haven't investigated if the same happened to the BTC-wallet
Thorvald
I don't think it is my own fault.....if it happens again, then I would think it was my own fault, which is why I am going to pull all my funds from all crypto exchanges, and call an end on trading crypto...no point in trying to trade crypto when accounts can be so easily robbed, and the exchanges can tell their customers to basically go do one, with impunity. I have put in my complaint with UK Financial Ombudsman but of course, I expect to be told that since Kraken is an unregulated foreign exchange etc etc etc...... However, I am pretty sure that there are some written laws somewhere, that state that it is not ok for Kraken to operate the way they are operating whilst handling money belonging to the public, Duty of Care n all that....so will see where this takes me. As for pressuring Kraken somehow......I dunno....could get a website made (kraken.con or something), into which all the reports of accounts being breached and/or robbed on 20th July can be filed....but for that, we would need a good few to come forward. So far, I have seen around 10 or so different people saying that their Kraken accounts were breached and/or robbed on 20th July 2016.
|
|
|
|
marky89
|
|
July 30, 2016, 11:20:23 PM |
|
I would never keep funds on an exchange where I don't at least have 2-factor authorization.
Email confirmation really isn't good enough. True, they should *at least* use email confirmation, but people should be securing their accounts better than that.
|
|
|
|
BlindMayorBitcorn
Legendary
Offline
Activity: 1260
Merit: 1116
|
|
July 30, 2016, 11:29:07 PM |
|
Did he really open that email with "sorry for your loss"?! What a cucked thing to do.
|
Forgive my petulance and oft-times, I fear, ill-founded criticisms, and forgive me that I have, by this time, made your eyes and head ache with my long letter. But I cannot forgo hastily the pleasure and pride of thus conversing with you.
|
|
|
marky89
|
|
July 30, 2016, 11:31:14 PM |
|
Did he really open that email with "sorry for your loss"?! What a cucked thing to do.
True -- businesses should keep up with internet lingo. Putting SFYL as a response to a customer in this situation is pretty screwed up (if slightly hilarious). But hey, these customer service guys get paid next to nothing I am sure, so what do we really expect?
|
|
|
|
Ibian
Legendary
Offline
Activity: 2268
Merit: 1278
|
|
July 31, 2016, 03:08:14 AM |
|
Worth noting that mat is most likely lying. He likes the victim role.
To the rest of you, get a yubikey.
|
Look inside yourself, and you will see that you are the bubble.
|
|
|
MatTheCat (OP)
|
|
July 31, 2016, 09:00:29 AM Last edit: July 31, 2016, 09:16:08 AM by MatTheCat |
|
Worth noting that mat is most likely lying. He likes the victim role.
To the rest of you, get a yubikey.
The fact that you come to that conclusion reveals way more about you, than it does about me....not least of all that your judgement is in the shitter.....(but I knew that anyway). P.S. Hope u are all buckled up for the big BTC Back to $450 slide? Did he really open that email with "sorry for your loss"?! What a cucked thing to do.
This was the first thing he said in each of the three emails before he decided that my case was 'solved'. Making sure, that I knew in no uncertain terms, that it was MY LOSS (nothing to do with lax security on Kraken's part). Kraken, the Bitcoin exchange that is truly 'Sorry For Your Loss'.
|
|
|
|
Ibian
Legendary
Offline
Activity: 2268
Merit: 1278
|
|
July 31, 2016, 09:15:21 AM |
|
And no 2fa accounts were compromised. You willingly chose to have shitty security for your money. At some level, you wanted this to happen so you had something to bitch about. Business as usual with you.
|
Look inside yourself, and you will see that you are the bubble.
|
|
|
MatTheCat (OP)
|
|
July 31, 2016, 09:27:54 AM |
|
And no 2fa accounts were compromised. You willingly chose to have shitty security for your money. At some level, you wanted this to happen so you had something to bitch about. Business as usual with you.
If u had bothered to read even the posts in this thread, you would know that wasn't the case. No accounts that had 2FA Log In enabled, were compromised. Accounts that merely had 2FA on transactions, or withdrawals enabled, were robbed (see Thorvald's post), cos the 'hackers' (who I believe to be operating within Kraken, hence why only Kraken is affected, and affected en-masse), could simply turn off the 2FA with use of the account password.......and Kraken did not even utilise 2FA or even Email verification to confirm that the user want's to disable 2FA. As already stated, unlike practically all other exchanges who use Email confirmation, or in the case of the Chinese exchanges, 2FA mobile phone confirmation as a minimum for confirming withdrawals or important changes to account (like new withdrawal addresses being added), Kraken simply send an Email out advising that the deed has been done. Kraken security is so bad, it makes the head spin with incredulity. Question is, why is it so bad? Are the team at Kraken actually really fucking stupid, or are things left this way in order to facilitate selective theft out of 'unprotected' customer accounts? This shit has happened before, yet Kraken have still failed to take even the most standard, basic preventative measures, and implement Email verification as a bare minimum.
|
|
|
|
Ibian
Legendary
Offline
Activity: 2268
Merit: 1278
|
|
July 31, 2016, 09:44:00 AM |
|
What is the controversy? You could have used 2fa on login. You chose not to. Case closed.
And what's with using single letters instead of proper words? Is it some kind of mental hangup that happens when someone calls you on your bullshit? Second time now.
|
Look inside yourself, and you will see that you are the bubble.
|
|
|
BlindMayorBitcorn
Legendary
Offline
Activity: 1260
Merit: 1116
|
|
July 31, 2016, 11:24:42 AM |
|
P.S. Hope u are all buckled up for the big BTC Back to $450 slide?
This was an unusual touch...
|
Forgive my petulance and oft-times, I fear, ill-founded criticisms, and forgive me that I have, by this time, made your eyes and head ache with my long letter. But I cannot forgo hastily the pleasure and pride of thus conversing with you.
|
|
|
MatTheCat (OP)
|
|
August 01, 2016, 07:57:03 PM |
|
P.S. Hope u are all buckled up for the big BTC Back to $450 slide?
This was an unusual touch... Me n Ibian just like gloating at each other's misfortune. He has gloated at me being robbed, I shall gloat at him, when BTC is back down at $450, and all those notional profits of his have evaporated.
|
|
|
|
Ibian
Legendary
Offline
Activity: 2268
Merit: 1278
|
|
August 01, 2016, 08:48:31 PM |
|
False. I take no pleasure in other peoples misfortune. I just don't care when it is of their own doing. There is a very different motive behind it for me. Your type merely likes to project.
|
Look inside yourself, and you will see that you are the bubble.
|
|
|
MatTheCat (OP)
|
|
August 02, 2016, 06:32:55 PM |
|
and now Bitfinex has been hit..... https://www.bitfinex.com/pages/statsThis is where my main stash of crypto allocated funds are....after the Kraken thefts, I have been wanting to get everything I have out of crypto, but due the means I get everything out (selling for GBP on LocalBitcoin), I never could find me a 5-6 hour window of time that I trusted (for Bitcoin not to tank), in which I could get all my funds withdrawn. I hope to fuck that I am not going to log back onto Finex in however many days/hours time, only to find that my account has been emptied......the Kraken loss I can handle....if my Bitfinex account were to have went the same way......man oh fkn man!
|
|
|
|
BlindMayorBitcorn
Legendary
Offline
Activity: 1260
Merit: 1116
|
|
August 02, 2016, 06:44:03 PM |
|
So much loss.
|
Forgive my petulance and oft-times, I fear, ill-founded criticisms, and forgive me that I have, by this time, made your eyes and head ache with my long letter. But I cannot forgo hastily the pleasure and pride of thus conversing with you.
|
|
|
Gyrsur
Legendary
Offline
Activity: 2856
Merit: 1520
Bitcoin Legal Tender Countries: 2 of 206
|
|
August 03, 2016, 10:20:42 AM |
|
sad!
|
|
|
|
illyiller
|
|
August 04, 2016, 06:42:55 PM |
|
Any updates on this? I assume Kraken is just saying "screw you" to everyone involved? Seems obvious that there was a leaked database on their end and poor security practices by Kraken allowed accounts to be cleaned out.
Have they even announced anything about this? I only saw this thread by chance.
Have they at least implemented email confirmation by now?
|
|
|
|
MatTheCat (OP)
|
|
August 05, 2016, 01:38:57 AM |
|
Any updates on this? I assume Kraken is just saying "screw you" to everyone involved? Seems obvious that there was a leaked database on their end and poor security practices by Kraken allowed accounts to be cleaned out.
Have they even announced anything about this? I only saw this thread by chance.
Have they at least implemented email confirmation by now?
The update from my end, is that I have a Police Complaint number, and that is about it, and yeah, the party line from Kraken is basically, "we are terribly sorry to hear about your loss, but fuck you", regardless of how obvious it was that the security leak was at their end, and how painfully incompetent their security measures are...... .......and on that note...I read on another thread that Kraken's response is to put a 24 hour delay on new withdrawal addresses being verified. Really!? Are they trying to piss their customers off on purpose? Are they determined to have some sort of 'security' system in place, that will always allow theft with plausible deniability, and/or the legitimate blaming of the customer? Why not just implement fucking Email verification for all withdrawals, or indeed, go the route of the Chinese exchanges and insist on 2FA via mobile SMS (and no Kraken, I don't want your Google 2FA). The antics/shenanigans of this exchange defies words....
|
|
|
|
Ibian
Legendary
Offline
Activity: 2268
Merit: 1278
|
|
August 05, 2016, 02:03:32 AM |
|
They have something much better than email confirmation, and you know it, and you chose not to use it. Even if they had that you would just bitch and complain that your email has been hacked on top of everything else.
|
Look inside yourself, and you will see that you are the bubble.
|
|
|
MatTheCat (OP)
|
|
August 05, 2016, 09:57:44 AM |
|
They have something much better than email confirmation, and you know it, and you chose not to use it. Even if they had that you would just bitch and complain that your email has been hacked on top of everything else.
Yes...they have 2FA......just not the kind of 2FA that I like.....some fucking google shit that relies on Smart Phones, as opposed to text messages. But people who enabled 2FA for transactions were also robbed. The thief simply disabled that 2FA, using the password for the account. Only those who had 2FA log-in enabled, were safe from getting their accounts emptied. If my Email address had also been hacked, which it wasn't, then I would have no option but to admit that my own PC had been compromised, but the fact is, that it wasn't hacked. It wasn't hacked because Kraken never had no record of it sitting on a database that could be 'leaked'.
|
|
|
|
|