|
MatTheCat (OP)
|
 |
September 08, 2016, 12:59:25 PM |
|
It is mad how this doesn't seem to have affected Kraken's reputation in the slightest. That's because the only ones complaining are people like you. and dozens of other people, IT security specialists amongst them who had 2FA enabled for withdrawals. |
|
|
|
Ibian
Legendary
 Offline
Activity: 2268
Merit: 1278
|
|
September 08, 2016, 01:09:01 PM |
|
It is mad how this doesn't seem to have affected Kraken's reputation in the slightest. That's because the only ones complaining are people like you. and dozens of other people, IT security specialists amongst them who had 2FA enabled for withdrawals. Right. People like you. |
Look inside yourself, and you will see that you are the bubble.
|
|
|
ThorvaldAagaard
Newbie
Offline
Activity: 11
Merit: 0
|
|
September 14, 2016, 06:41:24 PM |
|
It would be nice if GMK can post the wallets used for the withdrawals from Kraken, as I am tracing the BTC and ETH stolen.
Currently we gave traced some BTC, and it would be interesting to see if your BTC can be traced to the same spot.
Thorvald
|
|
|
|
|
ThorvaldAagaard
Newbie
Offline
Activity: 11
Merit: 0
|
|
September 14, 2016, 07:03:44 PM |
|
---> Ibian
Are you in any way connected to kraken since you keep defending the poor implementation of security ?
You say that people not activating 2FA by default are stupid, well if that is right the problem is that kraken is not defaulting (or even forcing) 2FA.
My main concern is still how the hacker bypassed the security as I know I had done nothing that could give away my password.
By as I told the police. Kraken is to busy hiding what really happened that they will not answer any of my questions.
As long as there are no explanation of what really happened I would not trust Kraken as it is probably just a matter of time before their 2FA are bypassed (I have a user that claims he has been robbed with 2FA on logon)
And then the questions that I think Kraken should answer:
How many was hacked?
How much was withdrawn?
Can I get a log of all login attempts god and bad on my account?
What about the moving of 555,000 ETH?
Can I get a copy of the row in your database with information about me, including all history for changes
Have you studied all the logs from the days and weeks before the incident ? Words like Cross-site scripting, SQL-injections are familiar words ?
Have you performed an external security check, or is everything just based on your own testing ?
By the way have you looked thru Google Analytics trace from these logins, that might be a clue to what the hacker also have visited, and you might be able to see if it is one or multiple persons
But as expected the only answer is something like:
We are still looking at some common patterns between all compromised accounts. Several of our agents are talking to account holders whose accounts have been breached.
I will soon assign this request to our compliance department so you can give the police the contact information provided by our compliance officers.
Robert
Kraken Client Engagement
but since that mostly silence from kraken.
It might not have helped that I have expressed my opinion of their current security compared to other exchanges.
Best regards
Thorvald
|
|
|
|
|
|
marky89
|
|
September 14, 2016, 10:23:38 PM |
|
These guys even offer a "2fa" option that is a static password. That's unheard of. This is security snake oil. A static password is something you know, not something you have (like a 2fa token on a phone).
All we're saying to Kraken is: remove bad security options that confuse users. Stop offering fake 2fa. Send email confirmation for withdrawal like every other exchange out there. Enforce 2fa on login, so 2fa on withdrawal can't be disabled without access to the token. These are basic, basic issues that make Kraken look laughable in this space.
|
|
|
|
Ibian
Legendary
Offline
Activity: 2268
Merit: 1278
|
|
September 15, 2016, 06:47:29 PM |
|
---> Ibian
Are you in any way connected to kraken since you keep defending the poor implementation of security ? So far all I have seen is idiots who don't use the available security features, and then bitch. And to answer your question, yes. I have money there, and have never lost a satoshi. Because I actually use their security features. That's all it takes, don't be a self-sabotaging dumbass and things work out. |
Look inside yourself, and you will see that you are the bubble.
|
|
|
ThorvaldAagaard
Newbie
Offline
Activity: 11
Merit: 0
|
|
September 16, 2016, 06:37:36 AM |
|
Hi Ibian
Will you make a promise that after the day, when your assets on Kraken gets stolen, you will never make a post on the internet?
But as you are a wise man, please explain the actual implementation you have selected on kraken.
Global Lock, 2FA on everything, session timeout of 10 sec etc, external keys ?,
please enlighten us you wise man.
How often do you check that there have been attempts to lock in on your account ?
Do you only use Kraken, og are you using other exchanges?
Best Regards
Thorvald
|
|
|
|
|
|
MatTheCat (OP)
|
|
September 18, 2016, 04:32:50 PM |
|
Ibian is just a bit stressed and bitter........best u keep of his case.....especially if you actually get the message through his thick skull, that Kraken is a dangerous exchange.
Nothing would please me more than for Ibian to have his Kraken stash plundered.
|
|
|
|
|
trashman43
|
|
September 19, 2016, 01:18:38 AM |
|
These guys even offer a "2fa" option that is a static password. That's unheard of. This is security snake oil. A static password is something you know, not something you have (like a 2fa token on a phone).
All we're saying to Kraken is: remove bad security options that confuse users. Stop offering fake 2fa. Send email confirmation for withdrawal like every other exchange out there. Enforce 2fa on login, so 2fa on withdrawal can't be disabled without access to the token. These are basic, basic issues that make Kraken look laughable in this space.
people have been telling them this for years. i'm not sure why they haven't done anything about it by now. maybe they think that having all the security "options" is a valuable sell point to their customers. they haven't learned yet -- keep it simple, stupid. maybe all these recent "phishing attacks" on their customers will open their eyes. |
|
|
|
|
MatTheCat (OP)
|
|
September 20, 2016, 10:28:26 AM |
|
These guys even offer a "2fa" option that is a static password. That's unheard of. This is security snake oil. A static password is something you know, not something you have (like a 2fa token on a phone).
All we're saying to Kraken is: remove bad security options that confuse users. Stop offering fake 2fa. Send email confirmation for withdrawal like every other exchange out there. Enforce 2fa on login, so 2fa on withdrawal can't be disabled without access to the token. These are basic, basic issues that make Kraken look laughable in this space.
people have been telling them this for years. i'm not sure why they haven't done anything about it by now. maybe they think that having all the security "options" is a valuable sell point to their customers. they haven't learned yet -- keep it simple, stupid. maybe all these recent "phishing attacks" on their customers will open their eyes. Maybe it is in their interests to maintain their default security options in a state that will always offer 'plausible deniability', when the rat at Kraken, scurries around selectively emptying customer accounts? Perhaps like many other exchanges, Kraken have been robbed. Bitstamp and Poloniex were robbed, there response was to admit they had been robbed, and opt to pay all their customers back. Bitfinex was robbed, their response was to admit they had been robbed, and give all their customers a 36% haircut. Perhaps Kraken have been robbed, and their response has been to keep the fact out of the public domain, and rebalance their books by slowly selectively draining customer accounts? |
|
|
|
Ibian
Legendary
Offline
Activity: 2268
Merit: 1278
|
|
September 21, 2016, 10:59:01 AM |
|
Mat, what is this -2 trust thing? What did you do? This time?
|
Look inside yourself, and you will see that you are the bubble.
|
|
|
|
MatDerKater
|
|
September 21, 2016, 09:15:07 PM
Last edit: September 21, 2016, 09:25:14 PM by MatDerKater |
|
Mat, what is this -2 trust thing? What did you do? This time?
I don't know but I guess my account has been compromised........ I had been getting a shit ton of scam PMs, which I had been ignoring.......beyond that, I really don't know. Maybe Kraken's pet rodent didn't like me bad mouthing their exchange all the time and bulldozed my password for this place (it was weak) and needed to discredit my name? Kraken.co(n) website is in the pipelines nontheless....." Kraken.con: The Bitcoin Exchange that gives more Sorries for Your Losses!" When Kraken The Hackers empty your account one day Ibian, you will be free to post your grievances on my website. oh, and fwiw: https://www.reddit.com/r/ethereum/comments/53o2oh/kraken_account_empty/Whatever you say about customers who get burned on Kraken, this is nothing that simple email confirmation wouldn't fix......which does beg the question, why the fuck don't Kraken implement this most simple of measures!? WHY DON'T YOU IMPLEMENT FKN EMAIL CONFIRMATION KRAKEN YOU BUNCH OF FKN CROOKS!? |
|
|
|
|
Ibian
Legendary
Offline
Activity: 2268
Merit: 1278
|
|
September 21, 2016, 09:37:15 PM |
|
You really are worthless.
|
Look inside yourself, and you will see that you are the bubble.
|
|
|
|
MatDerKater
|
|
September 21, 2016, 09:59:11 PM |
|
You really are worthless.
and you are a nasty bitter old piece of shit....and you aren't even that old....perhaps because you have been piling all your hope, energy, and wealth, into the Black Hole that is Bitcoin? That is bound to take is psychological toll on someone. ....man oh man...how the great Bitcoin failure of 201X is gonna impact you!? How I shall LOL when the time comes! |
|
|
|
|
Ibian
Legendary
Offline
Activity: 2268
Merit: 1278
|
|
September 21, 2016, 10:21:06 PM |
|
It's pathetic. You call other people nasty and bitter while talking about how happy you will be at other peoples misfortune. Projection that obvious doesn't convince anyone.
|
Look inside yourself, and you will see that you are the bubble.
|
|
|
ds720
Newbie
Offline
Activity: 1
Merit: 0
|
|
September 23, 2016, 12:05:20 AM |
|
Have you people seen this thread on reddit where I had bitcoins stolen on 7/20 as well as a bunch of other folks and all of the coins remained in the address into which they were stolen until 8/18? Then on 8/18 ALL of the coins were finally moved from the bitcoin address and SOME were "donated" to this company called Bitcoin Unlimited. Along with my stolen money being donated, they also had $500,000 "donated" to them on the same day. Then a day or two after $500,000 us "donated" to Bitcoin Unlimited, they file to register as a non-profit company. Not sure if being a non-profit might provide them with certain protection from any stolen funds that are donated to them. https://www.reddit.com/r/bitcoin_unlimited/comments/50l138/bitcoin_stolen_from_me_on_kraken_donated_to/Kraken is supposed to contact Bitcoin Unlimited to confirm my account was in fact compromised but they still have not done so. |
|
|
|
|
GMK
Member
Offline
Activity: 61
Merit: 10
|
|
October 11, 2016, 04:01:56 PM |
|
It would be nice if GMK can post the wallets used for the withdrawals from Kraken, as I am tracing the BTC and ETH stolen.
Currently we gave traced some BTC, and it would be interesting to see if your BTC can be traced to the same spot.
Thorvald
the one who has stolen my full balance, he/she has done it in a single operation, transferring all to: 1FvzsykhujRhc8MX63v7GDhL3xC973gv1s |
|
|
|
|
|
|
GMK
Member
Offline
Activity: 61
Merit: 10
|
|
January 24, 2017, 03:07:01 PM |
|
thanks for reply and investigation, but I think it's unuseful..BTCs stolen are lost for ever. Just I can hope kraken destruction, as other exchanges, e.g bitfinex provide slowly to recover losses |
|
|
|
|
|
shillfudder
|
|
January 25, 2017, 05:30:57 PM |
|
Oh, wow... Just stumbled in this thread. This sure sucks, I know the feeling (Bitfinex).
|
|
|
|
|
|
