Multiple Kraken Accounts, Robbed/Emptied. Kraken say "Fuck you, its your loss"

[Ibian]

What it's about is having something to complain about. The site is safe if you use the security options they have.

It's a choice. Stick your ass in the air and wait to be raped, or keep your pants on.

Put ya money where ya mouth is then, and go store some BTC on Kraken....

.....sure the thefts continue (how the fuck they keep it so quiet I really don't know), but if you use the security options they have, your funds are safe.....


......safe until Kraken offer you some Sorries for your Loses that is.

Who says I'm not? Oh, right, that would be you. Because it fits your narrative.

As a matter of fact, I do keep both euros and bitcoins on kraken. More than I keep in the bank, on both accounts.

How much does your butt hurt?

[GMK]

I just got my account emptied on Kraken then other day. As users of Kraken will know, with the default security settings, when you make a withdrawal, you get this Email:

Hi,

A withdrawal request has been made for the withdrawal address named b. If you requested this action, great, it was successful.

Thanks for choosing Kraken Bitcoin Exchange
The Kraken Team

Note: if you didn't request this action, your account may be compromised and you should do the following:

1) log into https://www.kraken.com immediately and go to Account > Funding > Withdraw - you may be able to cancel the withdraw if you catch it soon enough.
2) change your password;
3) create a new set of two-factor authentications;
4) create a support ticket letting our support staff know about the incident: https://support.kraken.com.

The IP recorded for this action was 5.185.87.61.

So basically, Kraken who are in the business of handling Joe Public's money, and therefore must also be in the online security business, have a default security procedure, of not asking Joe for Email verification to confirm withdrawal request, but simply telling him that a withdrawal attempt has been made, and that he has perhaps 45 seconds to cancel it before it is processed!?

Needless to say, I contacted Kraken support immediately about this, and here is the Email correspondence so far (basically, 'FU pal, you are bumped):

From: Joseph (Kraken Support) <support@kraken.com>
Sent: 20 July 2016 23:35
To: Kraken User
Subject: [Kraken Support] Re: My Kraken account has just been robbed.
 
##- Please type your reply above this line -##

Joseph (Kraken Support)

Jul 20, 15:34 PDT

Hi,

I'm sorry for your loss.

Rather than email confirmations for withdrawals, we have a global settings lock feature that prevents attackers from adding new withdrawal addresses even after they have access to your account (and presumably also your email), and you can be alerted when an add is attempted. You didn't enable this security feature on your account.

I need to confirm your identity to get you access (at least to withdraw) with the account again. I'll look to write again in a few days about this. Let me know if there are any questions you have. I'm happy to answer them. Again, I'm sorry for what's happened.

Joseph
Kraken Client Engagement

We are currently working on your request (number 122464). You can give us more information by replying to this e-mail or visiting the support page at https://support.kraken.com/hc/requests/122464.
This email is a service from Kraken Support. Delivered by Zendesk.

To which I replied:

From: Matthew ******* <m*************y@hotmail.com>
Sent: 21 July 2016 08:22
To: Kraken Support
Subject: Re: [Kraken Support] Re: My Kraken account has just been robbed.
 
So, you have Email verification security features, that I, Joe Public, didn't enable? I would suggest that it is Kraken, who due to dealing in online finance, who are in the online security business, not Joe Public.

Kraken is basically the only crypto exchange that doesn't at least operate Email verification as default for withdrawals, one of their customers gets robbed and you turn around and basically say 'Sorry pal, but it's your loss', you never enabled some security feature hidden down the bottom of some sub menu'?

I mean seriously, an Email message stating something along the lines off "You have just made a withdrawal....if it really was you, then great, it was successful, if it wasn't then you have perhaps a few dozen seconds to cancel it"? I am not sure which jurisdiction Kraken is based in, but regulated exchange or not, I am sure that Kraken has a Duty of Care to exercise more caution than this, since they are in the business of handling other people's money. It isn't like this is the first incident of this. And since this same thing has happened many times before with Kraken (I googled it), why aren't Kraken insisting on basic Email verification, just every other crypto exchange under the sun does, as a bare minimum?

And what about all the spraff you have on your website about getting me to provide as much information possible, in order that you can identify the theft? You haven't asked me for any of that. instead, you have asked me to prove my identification in order to withdraw the remaining few Euro's in my account? On your website, you state that perhaps the theives may have obtained my password from other 'compromised' crypto sites. Perhaps that compromised crypto site is Kraken itself? Somewhere on your servers, is a copy of my Kraken password. One theory I have, is that the theives are operating within Kraken itself. If hackers could compromise an exchange thus gaining access to customers details (including passwords), then 'trusted' members of staff could also access this same information, and using the security loop hole, which for some reason Kraken leaves open, whereby the onus is on the customer to activate Email verification, customer's funds can then be stolen?

None of my other accounts have been compromised. Only Kraken. That tells me that the first place to start looking for the rat, would be with Kraken itself.

As I stated in my response to Kraken, none of my other accounts have been compromised (ever). Only Kraken, which makes me think that the rat is to be found under the floorboards of Kraken itself.

Hi all,

I am one of the robbed Kraken's customers, and I'm happy to have found this thread because in another one somebody told me "You have to prove otherwise ppl ignore you"

I use BTCs since 2013, and of course I store the most of them out of websites exchange because I think they are ALL absolutely unreliable and uncontrollable; lucky to have avoided MtGox, lucky to have avoided Bitfinex, so this time I have been caught! but I also have been lucky and able to limit damage under 0.6 BTC only, and it's the 1st time I have been robbed by an exchange.

Kraken is simply an akward 100% criminal band, and this because:

1. They sent me an email telling they detected a suspicious login on the account and for this reason as precaution all withdrawals were on hold. Unfortunately the account was already emptied since 5 hours!!
2. Their support told me I probably had been a victim of phishing: Unfortunately, since I open the account I had user and pwd stored in the browser so I never digited nor on a fake site nor on their original one
3. Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password
4. They don't have an email confirmation system for withdrawals
5. They don't have a sms confirmation system for withdrawals
6. When I expose this facts, their support never reply

I am surprised to read ppl who are sure Kraken is honest and reliable, they are pure fucking vampires..just I don't have known if they are correlated in some way to Bitfinex robbery

[MatTheCat]

Hi all,

I am one of the robbed Kraken's customers, and I'm happy to have found this thread because in another one somebody told me "You have to prove otherwise ppl ignore you"

I use BTCs since 2013, and of course I store the most of them out of websites exchange because I think they are ALL absolutely unreliable and uncontrollable; lucky to have avoided MtGox, lucky to have avoided Bitfinex, so this time I have been caught! but I also have been lucky and able to limit damage under 0.6 BTC only, and it's the 1st time I have been robbed by an exchange.

Kraken is simply an akward 100% criminal band, and this because:

1. They sent me an email telling they detected a suspicious login on the account and for this reason as precaution all withdrawals were on hold. Unfortunately the account was already emptied since 5 hours!!
2. Their support told me I probably had been a victim of phishing: Unfortunately, since I open the account I had user and pwd stored in the browser so I never digited nor on a fake site nor on their original one
3. Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password
4. They don't have an email confirmation system for withdrawals
5. They don't have a sms confirmation system for withdrawals
6. When I expose this facts, their support never reply

I am surprised to read ppl who are sure Kraken is honest and reliable, they are pure fucking vampires..just I don't have known if they are correlated in some way to Bitfinex robbery

Yes.....loads and loads of Kraken customers are all the victims of 'fishing attacks'. Of course. What else?

Really hard to say for sure what is going on here, but my best stab would be, that Kraken likely have rats within their own ranks, with back end server access, who are aware how shockingly bad and misleading Kraken's security is, and are taking advantage of it. This has been going on a long time, but recently, the frequency of account thefts has been picking up, and the level of complaints going on social media, has become noticeable to the point that Kraken's squeeky clean image (fuck knows how they have that, just shows the power of good PR), is finally coming under question.

I suggest you make a complaint to the SEC. Enough complaints pile up on their desks, and they may just eventually investigate.

[Ibian]

Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password

Explain.

[GMK]

Hi all,

I am one of the robbed Kraken's customers, and I'm happy to have found this thread because in another one somebody told me "You have to prove otherwise ppl ignore you"

I use BTCs since 2013, and of course I store the most of them out of websites exchange because I think they are ALL absolutely unreliable and uncontrollable; lucky to have avoided MtGox, lucky to have avoided Bitfinex, so this time I have been caught! but I also have been lucky and able to limit damage under 0.6 BTC only, and it's the 1st time I have been robbed by an exchange.

Kraken is simply an akward 100% criminal band, and this because:

1. They sent me an email telling they detected a suspicious login on the account and for this reason as precaution all withdrawals were on hold. Unfortunately the account was already emptied since 5 hours!!
2. Their support told me I probably had been a victim of phishing: Unfortunately, since I open the account I had user and pwd stored in the browser so I never digited nor on a fake site nor on their original one
3. Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password
4. They don't have an email confirmation system for withdrawals
5. They don't have a sms confirmation system for withdrawals
6. When I expose this facts, their support never reply

I am surprised to read ppl who are sure Kraken is honest and reliable, they are pure fucking vampires..just I don't have known if they are correlated in some way to Bitfinex robbery

Yes.....loads and loads of Kraken customers are all the victims of 'fishing attacks'. Of course. What else?

Really hard to say for sure what is going on here, but my best stab would be, that Kraken likely have rats within their own ranks, with back end server access, who are aware how shockingly bad and misleading Kraken's security is, and are taking advantage of it. This has been going on a long time, but recently, the frequency of account thefts has been picking up, and the level of complaints going on social media, has become noticeable to the point that Kraken's squeeky clean image (fuck knows how they have that, just shows the power of good PR), is finally coming under question.

I suggest you make a complaint to the SEC. Enough complaints pile up on their desks, and they may just eventually investigate.

1. Indeed I suggested them to check the robbery at their internal, but they don't want to listen reasons and they always sing the same song: phishing or somebody has stolen my pwd. It's also obvious they don't try to improve security, likely intentionally..should we guess why?
2. Make a complaint to the SEC? What is the SEC? could be useful? I know that when BTCs are stolen, are stolen forever.

[GMK]

Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password

Explain.

When I set 2-factor authentication on their security options, after i logged out. I re-login, I back to security options, and I was able to remove the 2-factor option WITHOUT the use of itself.
To be clearer, if after I set 2-factor protection somebody steal my user and password and login from the homepage, he/she is also able to remove the 2-factor protection, add another btc address, and withdraw all the balance. So their 2-factor protection is a pure fake, just an illusion to be protected.

[MatTheCat]

1. Indeed I suggested them to check the robbery at their internal, but they don't want to listen reasons and they always sing the same song: phishing or somebody has stolen my pwd. It's also obvious they don't try to improve security, likely intentionally..should we guess why?
2. Make a complaint to the SEC? What is the SEC? could be useful? I know that when BTCs are stolen, are stolen forever.

Securities & Exchange Commission:

Thank you for contacting the U.S. Securities and Exchange Commission (SEC).

We appreciate you alerting the SEC's Office of Investor Education and Advocacy (OIEA) about the activities in your Kraken account.

OIEA processes many comments from individual investors and others. We keep records of the correspondence we receive in a searchable database that SEC staff may make use of in inspections, examinations, and investigations. In addition, some of the correspondence we receive is referred to other SEC offices and divisions for their review. If they have any questions or wish to respond directly to your comments, they will contact you.
 
In addition to the SEC, you may also want to contact the U.S. Commodity Futures Trading Commission (CFTC) and Consumer Financial Protection Bureau (CFPB ) for assistance.  The contact information for the CFTC and CFPB are as follows:
 
Commodity Futures Trading Commission (www.cftc.gov)
Three Lafayette Centre
1155 21st Street, NW
Washington DC 20581
CFTC Toll-Free Complaint Line: 866-366-2382
Online Complaint Info: www.cftc.gov/ConsumerProtection/FileaTiporComplaint/index.htm.
 
Consumer Financial Protection Bureau (www.cfpb.gov)
P.O. Box 4503
Iowa City, Iowa 52244
Fax (855) 237-2392
(855) 411-CFPB (2372)
Online Complaint Info:  www.consumerfinance.gov/complaint
 
Since you are in the U. K., we suggest that you contact the Financial Conduct Authority (FCA), the U.K. securities regulator, for any further assistance it could provide.  You may call FCA at 0800 111 6768 (toll-free) or 0300 500 8082, or send FCA an email at consumer.queries@fca.org.uk.

For general information regarding virtual currency, please review our publication "Bitcoin and Other Virtual Currency-Related Investments," at http://investor.gov/news-alerts/investor-alerts/investor-alert-bitcoin-other-virtual-currency-related-investments, as well as our investor alert "Ponzi Schemes Using Virtual Currencies" at: http://www.sec.gov/investor/alerts/ia_virtualcurrencies.pdf.

Sincerely,

K****** R******
Investor Assistance Specialist
Office of Investor Education and Advocacy
U.S. Securities and Exchange Commission
(800) 732-0330
www.sec.gov
www.investor.gov
www.twitter.com/SEC_Investor_Ed

No way are you gonna get your money back, and the same goes for me, and for other Kraken victims I have been in touch with, some who have lost massive sums of money. Most who had 2FA enabled for withdrawals, but not for logins! That is correct. Only 2FA enabled for logins was 'secure', because as you discovered, the 2FA for withdrawals could be turned off once in the account with zero confirmation required........with all that said, there have been reports of someone even with 2FA login being robbed also....in which case the rats at Kraken doing the thieving, may have fucked up a little bit, and emptied an account that they shouldn't have.....

.....but yeah...kiss the money goodbye, but you can at least do your bit to add the pile of complaints mounting up on authorities desks against Kraken. Enough of those, and these fucking vampires will be investigated.

Jesse Powell, fucking softly spoken snake.

[Ibian]

Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password

Explain.

When I set 2-factor authentication on their security options, after i logged out. I re-login, I back to security options, and I was able to remove the 2-factor option WITHOUT the use of itself.
To be clearer, if after I set 2-factor protection somebody steal my user and password and login from the homepage, he/she is also able to remove the 2-factor protection, add another btc address, and withdraw all the balance. So their 2-factor protection is a pure fake, just an illusion to be protected.

You have to use 2fa to log in when 2fa is enabled. So, no, you can in fact not remove 2fa without the use of 2fa, unless you specifically choose to set things up that way. In which case you are deliberately sabotaging yourself and so deserve no pity. You are just another random fudster.

But that's not the important part. Why weren't you using it? Why would you intentionally weaken security for your money?

[Ibian]

victims

When you do not use the security options available, you do not qualify as a victim.

[GMK]

1. Indeed I suggested them to check the robbery at their internal, but they don't want to listen reasons and they always sing the same song: phishing or somebody has stolen my pwd. It's also obvious they don't try to improve security, likely intentionally..should we guess why?
2. Make a complaint to the SEC? What is the SEC? could be useful? I know that when BTCs are stolen, are stolen forever.

Securities & Exchange Commission:

Thank you for contacting the U.S. Securities and Exchange Commission (SEC).

We appreciate you alerting the SEC's Office of Investor Education and Advocacy (OIEA) about the activities in your Kraken account.

OIEA processes many comments from individual investors and others. We keep records of the correspondence we receive in a searchable database that SEC staff may make use of in inspections, examinations, and investigations. In addition, some of the correspondence we receive is referred to other SEC offices and divisions for their review. If they have any questions or wish to respond directly to your comments, they will contact you.
 
In addition to the SEC, you may also want to contact the U.S. Commodity Futures Trading Commission (CFTC) and Consumer Financial Protection Bureau (CFPB ) for assistance.  The contact information for the CFTC and CFPB are as follows:
 
Commodity Futures Trading Commission (www.cftc.gov)
Three Lafayette Centre
1155 21st Street, NW
Washington DC 20581
CFTC Toll-Free Complaint Line: 866-366-2382
Online Complaint Info: www.cftc.gov/ConsumerProtection/FileaTiporComplaint/index.htm.
 
Consumer Financial Protection Bureau (www.cfpb.gov)
P.O. Box 4503
Iowa City, Iowa 52244
Fax (855) 237-2392
(855) 411-CFPB (2372)
Online Complaint Info:  www.consumerfinance.gov/complaint
 
Since you are in the U. K., we suggest that you contact the Financial Conduct Authority (FCA), the U.K. securities regulator, for any further assistance it could provide.  You may call FCA at 0800 111 6768 (toll-free) or 0300 500 8082, or send FCA an email at consumer.queries@fca.org.uk.

For general information regarding virtual currency, please review our publication "Bitcoin and Other Virtual Currency-Related Investments," at http://investor.gov/news-alerts/investor-alerts/investor-alert-bitcoin-other-virtual-currency-related-investments, as well as our investor alert "Ponzi Schemes Using Virtual Currencies" at: http://www.sec.gov/investor/alerts/ia_virtualcurrencies.pdf.

Sincerely,

K****** R******
Investor Assistance Specialist
Office of Investor Education and Advocacy
U.S. Securities and Exchange Commission
(800) 732-0330
www.sec.gov
www.investor.gov
www.twitter.com/SEC_Investor_Ed

No way are you gonna get your money back, and the same goes for me, and for other Kraken victims I have been in touch with, some who have lost massive sums of money. Most who had 2FA enabled for withdrawals, but not for logins! That is correct. Only 2FA enabled for logins was 'secure', because as you discovered, the 2FA for withdrawals could be turned off once in the account with zero confirmation required........with all that said, there have been reports of someone even with 2FA login being robbed also....in which case the rats at Kraken doing the thieving, may have fucked up a little bit, and emptied an account that they shouldn't have.....

.....but yeah...kiss the money goodbye, but you can at least do your bit to add the pile of complaints mounting up on authorities desks against Kraken. Enough of those, and these fucking vampires will be investigated.

Jesse Powell, fucking softly spoken snake.

Thanks for explanation and I am so sorry some ppl lost a massive amount; I can only hope they didn't have all the eggs in the kraken basket. That's why I store most of BTCs offline and I leave just small quantities on a third party==>common excuse of hacker attack is too comfortable to steal customer's balances;
in the same way I store most of my fiat money at home==>common excuse of bankrupt, failure etc. is too comfortable for a standard bank to freeze the accounts
By the way, many years ago I signaled to FBI https://www.ic3.gov/default.aspx a fraud to me from a notorious betting exchange. And nothing happened, nor to me, nor to the betting exchange. So, I'm sorry but I don't believe in these organisations, of course unless I should be a VIP with a lot of money and lot of best lawyers. And no incentive to make them know I use BTCs, a financial instrument at the edge of razor with the law

[GMK]

Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password

Explain.

When I set 2-factor authentication on their security options, after i logged out. I re-login, I back to security options, and I was able to remove the 2-factor option WITHOUT the use of itself.
To be clearer, if after I set 2-factor protection somebody steal my user and password and login from the homepage, he/she is also able to remove the 2-factor protection, add another btc address, and withdraw all the balance. So their 2-factor protection is a pure fake, just an illusion to be protected.

You have to use 2fa to log in when 2fa is enabled. So, no, you can in fact not remove 2fa without the use of 2fa, unless you specifically choose to set things up that way. In which case you are deliberately sabotaging yourself and so deserve no pity. You are just another random fudster.

But that's not the important part. Why weren't you using it? Why would you intentionally weaken security for your money?

Well, if you want take defense of kraken, you are free to do it. I can just tell you that I'm used to move money online since 17 years on many activities and kraken it's the 1st exchange in which I have been robbed. Of course I already told in a previous post, I have been lucky to miss MtGox and Bitfinex, and in both cases 2fa is useless anyway.
But after so many years, I developped the nose to smell who cheats and kraken has all the features to be a vampire. There is the behaviour, the attitude. They made their robbery so akward and so in a stupid way through email that's easy to understand they are guilty.
But they have the screen, the distance protection, the international borders so there's nothing to do.
Do you want to become their defensive lawyer? There's no need. Internet and blockchain protect them. So you can also save your silly moral for yourself.

[Ibian]

Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password

Explain.

When I set 2-factor authentication on their security options, after i logged out. I re-login, I back to security options, and I was able to remove the 2-factor option WITHOUT the use of itself.
To be clearer, if after I set 2-factor protection somebody steal my user and password and login from the homepage, he/she is also able to remove the 2-factor protection, add another btc address, and withdraw all the balance. So their 2-factor protection is a pure fake, just an illusion to be protected.

You have to use 2fa to log in when 2fa is enabled. So, no, you can in fact not remove 2fa without the use of 2fa, unless you specifically choose to set things up that way. In which case you are deliberately sabotaging yourself and so deserve no pity. You are just another random fudster.

But that's not the important part. Why weren't you using it? Why would you intentionally weaken security for your money?

Well, if you want take defense of kraken, you are free to do it. I can just tell you that I'm used to move money online since 17 years on many activities and kraken it's the 1st exchange in which I have been robbed. Of course I already told in a previous post, I have been lucky to miss MtGox and Bitfinex, and in both cases 2fa is useless anyway.
But after so many years, I developped the nose to smell who cheats and kraken has all the features to be a vampire. There is the behaviour, the attitude. They made their robbery so akward and so in a stupid way through email that's easy to understand they are guilty.
But they have the screen, the distance protection, the international borders so there's nothing to do.
Do you want to become their defensive lawyer? There's no need. Internet and blockchain protect them. So you can also save your silly moral for yourself.

You didn't answer the question. Why didn't you use 2fa?

[MatTheCat]

Well, if you want take defense of kraken, you are free to do it. I can just tell you that I'm used to move money online since 17 years on many activities and kraken it's the 1st exchange in which I have been robbed. Of course I already told in a previous post, I have been lucky to miss MtGox and Bitfinex, and in both cases 2fa is useless anyway.
But after so many years, I developped the nose to smell who cheats and kraken has all the features to be a vampire. There is the behaviour, the attitude. They made their robbery so akward and so in a stupid way through email that's easy to understand they are guilty.
But they have the screen, the distance protection, the international borders so there's nothing to do.
Do you want to become their defensive lawyer? There's no need. Internet and blockchain protect them. So you can also save your silly moral for yourself.

Indeed.

The absence of basic Email verification on Kraken tells us everything that we need to know, and it isn't that our computers have key-logging spyware on them.


Kraken are either crooks from the top down, or they have crooks wedged within their ranks, who selectively steal from their customers.

[GMK]

Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password

Explain.

When I set 2-factor authentication on their security options, after i logged out. I re-login, I back to security options, and I was able to remove the 2-factor option WITHOUT the use of itself.
To be clearer, if after I set 2-factor protection somebody steal my user and password and login from the homepage, he/she is also able to remove the 2-factor protection, add another btc address, and withdraw all the balance. So their 2-factor protection is a pure fake, just an illusion to be protected.

You have to use 2fa to log in when 2fa is enabled. So, no, you can in fact not remove 2fa without the use of 2fa, unless you specifically choose to set things up that way. In which case you are deliberately sabotaging yourself and so deserve no pity. You are just another random fudster.

But that's not the important part. Why weren't you using it? Why would you intentionally weaken security for your money?

Well, if you want take defense of kraken, you are free to do it. I can just tell you that I'm used to move money online since 17 years on many activities and kraken it's the 1st exchange in which I have been robbed. Of course I already told in a previous post, I have been lucky to miss MtGox and Bitfinex, and in both cases 2fa is useless anyway.
But after so many years, I developped the nose to smell who cheats and kraken has all the features to be a vampire. There is the behaviour, the attitude. They made their robbery so akward and so in a stupid way through email that's easy to understand they are guilty.
But they have the screen, the distance protection, the international borders so there's nothing to do.
Do you want to become their defensive lawyer? There's no need. Internet and blockchain protect them. So you can also save your silly moral for yourself.

You didn't answer the question. Why didn't you use 2fa?

because I just had a low amount and if after 2fa set the smartphone is lost or broken is a lot of complication and wasted time to restore for a small amount

[GMK]

Well, if you want take defense of kraken, you are free to do it. I can just tell you that I'm used to move money online since 17 years on many activities and kraken it's the 1st exchange in which I have been robbed. Of course I already told in a previous post, I have been lucky to miss MtGox and Bitfinex, and in both cases 2fa is useless anyway.
But after so many years, I developped the nose to smell who cheats and kraken has all the features to be a vampire. There is the behaviour, the attitude. They made their robbery so akward and so in a stupid way through email that's easy to understand they are guilty.
But they have the screen, the distance protection, the international borders so there's nothing to do.
Do you want to become their defensive lawyer? There's no need. Internet and blockchain protect them. So you can also save your silly moral for yourself.

Indeed.

The absence of basic Email verification on Kraken tells us everything that we need to know, and it isn't that our computers have key-logging spyware on them.


Kraken are either crooks from the top down, or they have crooks wedged within their ranks, who selectively steal from their customers.

Right. And not only absence of basic email verification, there's absence of confirmation through SMS too. Both are easy ways to be protected, while 2fa means lot of troubles if you lose, break or accidentally format your smartphone.
What do you mean exactly "crooks from the top down"?

[Ibian]

Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password

Explain.

When I set 2-factor authentication on their security options, after i logged out. I re-login, I back to security options, and I was able to remove the 2-factor option WITHOUT the use of itself.
To be clearer, if after I set 2-factor protection somebody steal my user and password and login from the homepage, he/she is also able to remove the 2-factor protection, add another btc address, and withdraw all the balance. So their 2-factor protection is a pure fake, just an illusion to be protected.

You have to use 2fa to log in when 2fa is enabled. So, no, you can in fact not remove 2fa without the use of 2fa, unless you specifically choose to set things up that way. In which case you are deliberately sabotaging yourself and so deserve no pity. You are just another random fudster.

But that's not the important part. Why weren't you using it? Why would you intentionally weaken security for your money?

Well, if you want take defense of kraken, you are free to do it. I can just tell you that I'm used to move money online since 17 years on many activities and kraken it's the 1st exchange in which I have been robbed. Of course I already told in a previous post, I have been lucky to miss MtGox and Bitfinex, and in both cases 2fa is useless anyway.
But after so many years, I developped the nose to smell who cheats and kraken has all the features to be a vampire. There is the behaviour, the attitude. They made their robbery so akward and so in a stupid way through email that's easy to understand they are guilty.
But they have the screen, the distance protection, the international borders so there's nothing to do.
Do you want to become their defensive lawyer? There's no need. Internet and blockchain protect them. So you can also save your silly moral for yourself.

You didn't answer the question. Why didn't you use 2fa?

because I just had a low amount and if after 2fa set the smartphone is lost or broken is a lot of complication and wasted time to restore for a small amount

Because you were lazy. Got it.

[GMK]

Their support accused me I didn't protect enough the account with 2-factor protection: true, but I investigate and tested their system and 2-factor activated option is easily removable without any password

Explain.

When I set 2-factor authentication on their security options, after i logged out. I re-login, I back to security options, and I was able to remove the 2-factor option WITHOUT the use of itself.
To be clearer, if after I set 2-factor protection somebody steal my user and password and login from the homepage, he/she is also able to remove the 2-factor protection, add another btc address, and withdraw all the balance. So their 2-factor protection is a pure fake, just an illusion to be protected.

You have to use 2fa to log in when 2fa is enabled. So, no, you can in fact not remove 2fa without the use of 2fa, unless you specifically choose to set things up that way. In which case you are deliberately sabotaging yourself and so deserve no pity. You are just another random fudster.


But that's not the important part. Why weren't you using it? Why would you intentionally weaken security for your money?

Well, if you want take defense of kraken, you are free to do it. I can just tell you that I'm used to move money online since 17 years on many activities and kraken it's the 1st exchange in which I have been robbed. Of course I already told in a previous post, I have been lucky to miss MtGox and Bitfinex, and in both cases 2fa is useless anyway.
But after so many years, I developped the nose to smell who cheats and kraken has all the features to be a vampire. There is the behaviour, the attitude. They made their robbery so akward and so in a stupid way through email that's easy to understand they are guilty.
But they have the screen, the distance protection, the international borders so there's nothing to do.
Do you want to become their defensive lawyer? There's no need. Internet and blockchain protect them. So you can also save your silly moral for yourself.

You didn't answer the question. Why didn't you use 2fa?

because I just had a low amount and if after 2fa set the smartphone is lost or broken is a lot of complication and wasted time to restore for a small amount

Because you were lazy. Got it.

Yes, you have perfectly understood the reason. Congrats. Now you are also ready to buy alarms for your home doors and windows, and just ignore thieves coming from the WC. Or, you may ask Kraken for an employment or a part of the robbery for your social efforts.

[MatTheCat]

Right. And not only absence of basic email verification, there's absence of confirmation through SMS too. Both are easy ways to be protected, while 2fa means lot of troubles if you lose, break or accidentally format your smartphone.
What do you mean exactly "crooks from the top down"?

Agreed. Kraken's security options are fucking idiotic.....unless the plan is all along to keep a good portion of their customers in 'unprotected' mode, in order that customer accounts can be periodically dipped into.

'crooks from the top down', would be if Jesse Powell was sitting around a table, discussing with high level management, a system whereby they could rob their customers whilst having plausible deniability, and having a plausible case that Kraken offered it's customers bullet proof security, if only it's customers had utilised it.

More likely, are rats within the woodwork at Kraken, who see how shockingly bad Kraken's security system is, and who routinely take advantage of it. I have seen many cases on reddit of users complaining about Kraken accounts being emptied, only to be told by the exchange, that their computer must have spyware on it, etc etc.

It is mad how this doesn't seem to have affected Kraken's reputation in the slightest.

[reb0rn21]

I am sorry if anyone lost anything even if it was their fault its not nice when it happen, but using abusive words and claiming its their system fault is not something ppl believe
If 2fa was not active, its a bit security risk and by now all people should know

Verification by email is good option, but even if exchange have none, if you don`t like it, don`t use them

I left BTC-e with only 2fa on withdrawal and security with no problem, I know the risk if someone login it can trade, if I have more volume there I will eneble it, so its my own decesion

If exchange has low security it should be talked about so people stay clear, but you can not prosecute someone because he has no some option that other do have

[Ibian]

It is mad how this doesn't seem to have affected Kraken's reputation in the slightest.

That's because the only ones complaining are people like you.