Bitcoin Forum
August 20, 2019, 04:37:31 AM *
News: Latest Bitcoin Core release: 0.18.0 [Torrent] (New!)
 
   Home   Help Search Login Register More  
Pages: « 1 ... 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 [184] 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 ... 345 »
  Print  
Author Topic: [ANN] KRAKEN.COM - Exchange with USD EUR GBP JPY CAD BTC LTC XRP NMC XDG STR ETH  (Read 616862 times)
HPt
Member
**
Offline Offline

Activity: 62
Merit: 10


View Profile
July 28, 2016, 11:27:09 AM
 #3661

I wonder, whether I am the only one who considers it disturbing that Kraken's two-factor authentication, e.g. for withdrawing funds, can easily be by-passed by simply changing the authentication method. For example, despite having Yubikey enabled for withdrawing funds, it is possible to withdraw funds without possessing the Yubikey (and without knowing the Master key) as follows:
   1. Go to Security/Two-Factor Authentication
   2. Click on the "Edit/View details" link for Funding
   3. Change Method to Password
   4. Set a new password (no Yubikey and no master key is required!)
   5. Go to Funding/Withdraw
   6. Add a new address and withdraw funds to it using the newly set password
So, anyone who is able to log in to a Kraken account or catches a browser with an open Kraken session is able to deplete this account.
I reported this vulnerability to Kraken more than two weeks ago. According to Kraken, this behaviour is intended and can be suppressed by going to Settings/Account and enabling "Global Settings Lock". However, I wonder who is aware of the fact that, without this "Global Settings Lock", the two-factor authentication is completely ineffective.


I just heard that some Kraken accounts were compromised a week ago. So, I take this opportunity to bring up the issue above (for the third time!), because it is still not addressed.
1566275851
Hero Member
*
Offline Offline

Posts: 1566275851

View Profile Personal Message (Offline)

Ignore
1566275851
Reply with quote  #2

1566275851
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1566275851
Hero Member
*
Offline Offline

Posts: 1566275851

View Profile Personal Message (Offline)

Ignore
1566275851
Reply with quote  #2

1566275851
Report to moderator
MatTheCat
Hero Member
*****
Offline Offline

Activity: 840
Merit: 1000


View Profile
July 28, 2016, 12:51:02 PM
 #3662

I wonder, whether I am the only one who considers it disturbing that Kraken's two-factor authentication, e.g. for withdrawing funds, can easily be by-passed by simply changing the authentication method. For example, despite having Yubikey enabled for withdrawing funds, it is possible to withdraw funds without possessing the Yubikey (and without knowing the Master key) as follows:
   1. Go to Security/Two-Factor Authentication
   2. Click on the "Edit/View details" link for Funding
   3. Change Method to Password
   4. Set a new password (no Yubikey and no master key is required!)
   5. Go to Funding/Withdraw
   6. Add a new address and withdraw funds to it using the newly set password
So, anyone who is able to log in to a Kraken account or catches a browser with an open Kraken session is able to deplete this account.
I reported this vulnerability to Kraken more than two weeks ago. According to Kraken, this behaviour is intended and can be suppressed by going to Settings/Account and enabling "Global Settings Lock". However, I wonder who is aware of the fact that, without this "Global Settings Lock", the two-factor authentication is completely ineffective.


I just heard that some Kraken accounts were compromised a week ago. So, I take this opportunity to bring up the issue above (for the third time!), because it is still not addressed.

Kraken's system is set up to facilitate theft, and also offer plausible deniabilty.....i.e. "we offered you the security procedures to protect your account, but u never used them, etc etc".

Kraken Account, Robbed/Emptied. Kraken say "Fuck you, its your loss": https://bitcointalk.org/index.php?topic=1559553.msg15656643#msg15656643

Bitfinex victims. DO NOT TOUCH THE BFX TOKEN! Start moving it around, or trading it, and you will be construed as having accepted it as an alternative means of payment to your USD, BTC, etc.
oinquer
Member
**
Offline Offline

Activity: 94
Merit: 10


View Profile
August 02, 2016, 06:44:41 PM
 #3663

Today i had an interesting thing to happen.

Had a position to sell at 545€ XBTEUR done at 9:xx AM
At 15PM a huge spike up to 590€ appears and my trade doesn't execute....really awesome...not.

Care to explain why anyone?
Serpens66
Legendary
*
Offline Offline

Activity: 2170
Merit: 1017



View Profile
August 02, 2016, 07:19:38 PM
 #3664

Today i had an interesting thing to happen.

Had a position to sell at 545€ XBTEUR done at 9:xx AM
At 15PM a huge spike up to 590€ appears and my trade doesn't execute....really awesome...not.

Care to explain why anyone?
this is a known bug, it happend 3 times within the past 3 days. It is just a bug that shows an order for ~590€, but this trade did not happen, so nothing else is executed.
You can also see the 3 spikes at bitcoinity

Mit Cointracking behältst du die Übersicht über all deine Trades und Gewinne. Sogar ein Tool für die Steuer ist dabei Wink                              binance.je als EUR Börse
Testen ist kostenlos und mit dem obigen Link bekommst du 10% Rabatt auf die kostenpflichtigen Pakete. Thread                                        Great Freeware Game: Clonk Rage
Für instant Handel auch am Wochenende bei bitcoin.de sollte man das Fidorkonto verwenden Smiley FAQ Ref-Link: Registrieren
Atdhe
Sr. Member
****
Offline Offline

Activity: 327
Merit: 250

Atdhe Nuhiu


View Profile
August 03, 2016, 03:12:28 PM
 #3665

Can someone react jesus christ: https://cointelegraph.com/news/enable-2fa-kraken-accounts-compromised-funds-stolen

I recommended Kraken to MANY people and at least one guy got money stolen from Kraken even when he used 2FA and unique passwords (he is not an idiot).

I can not believe nobody responds.
aesma
Hero Member
*****
Offline Offline

Activity: 812
Merit: 505



View Profile
August 03, 2016, 03:37:19 PM
 #3666

I wonder, whether I am the only one who considers it disturbing that Kraken's two-factor authentication, e.g. for withdrawing funds, can easily be by-passed by simply changing the authentication method. For example, despite having Yubikey enabled for withdrawing funds, it is possible to withdraw funds without possessing the Yubikey (and without knowing the Master key) as follows:
   1. Go to Security/Two-Factor Authentication
   2. Click on the "Edit/View details" link for Funding
   3. Change Method to Password
   4. Set a new password (no Yubikey and no master key is required!)
   5. Go to Funding/Withdraw
   6. Add a new address and withdraw funds to it using the newly set password
So, anyone who is able to log in to a Kraken account or catches a browser with an open Kraken session is able to deplete this account.
I reported this vulnerability to Kraken more than two weeks ago. According to Kraken, this behaviour is intended and can be suppressed by going to Settings/Account and enabling "Global Settings Lock". However, I wonder who is aware of the fact that, without this "Global Settings Lock", the two-factor authentication is completely ineffective.


I just heard that some Kraken accounts were compromised a week ago. So, I take this opportunity to bring up the issue above (for the third time!), because it is still not addressed.

Kraken's system is set up to facilitate theft, and also offer plausible deniabilty.....i.e. "we offered you the security procedures to protect your account, but u never used them, etc etc".

That's ridiculous. They offer incredible safety features, they just don't impose them on you because they know they will turn off many people.

I have in fact set the global settings lock on my account more than a year ago and now can't change my settings because I've lost the key (I know I have it somewhere, can't remember where). I still can withdraw my funds fortunately.
aesma
Hero Member
*****
Offline Offline

Activity: 812
Merit: 505



View Profile
August 03, 2016, 03:38:59 PM
 #3667

Today i had an interesting thing to happen.

Had a position to sell at 545€ XBTEUR done at 9:xx AM
At 15PM a huge spike up to 590€ appears and my trade doesn't execute....really awesome...not.

Care to explain why anyone?

It could just be that there were other people in the order queue before you.
Dargo
Legendary
*
Offline Offline

Activity: 1820
Merit: 1000



View Profile
August 03, 2016, 04:11:52 PM
 #3668

Can someone react jesus christ: https://cointelegraph.com/news/enable-2fa-kraken-accounts-compromised-funds-stolen

I recommended Kraken to MANY people and at least one guy got money stolen from Kraken even when he used 2FA and unique passwords (he is not an idiot).

I can not believe nobody responds.

To my knowledge nobody has reported having funds stolen with login 2fa enabled. However, some did have funds stolen with 2fa enabled only for funding. With 2fa for funding, it doesn't increase security unless you also enable the settings lock. This point has confused people and we are currently looking at changing it to eliminate this confusion.
MatTheCat
Hero Member
*****
Offline Offline

Activity: 840
Merit: 1000


View Profile
August 03, 2016, 05:05:42 PM
 #3669

Can someone react jesus christ: https://cointelegraph.com/news/enable-2fa-kraken-accounts-compromised-funds-stolen

I recommended Kraken to MANY people and at least one guy got money stolen from Kraken even when he used 2FA and unique passwords (he is not an idiot).

I can not believe nobody responds.

To my knowledge nobody has reported having funds stolen with login 2fa enabled. However, some did have funds stolen with 2fa enabled only for funding. With 2fa for funding, it doesn't increase security unless you also enable the settings lock. This point has confused people and we are currently looking at changing it to eliminate this confusion.


Kraken was hacked, probably by the same hackers who just hit Bitfinex, albeit for a much smaller amount of BTC.....

.....and rather than admit it, Kraken opted to raid their own customer's 'unprotected' accounts and then blame the customer for them being robbed.

Admit it u fkn rodent.

Kraken Account, Robbed/Emptied. Kraken say "Fuck you, its your loss": https://bitcointalk.org/index.php?topic=1559553.msg15656643#msg15656643

Bitfinex victims. DO NOT TOUCH THE BFX TOKEN! Start moving it around, or trading it, and you will be construed as having accepted it as an alternative means of payment to your USD, BTC, etc.
Atdhe
Sr. Member
****
Offline Offline

Activity: 327
Merit: 250

Atdhe Nuhiu


View Profile
August 03, 2016, 05:52:16 PM
 #3670

Can someone react jesus christ: https://cointelegraph.com/news/enable-2fa-kraken-accounts-compromised-funds-stolen

I recommended Kraken to MANY people and at least one guy got money stolen from Kraken even when he used 2FA and unique passwords (he is not an idiot).

I can not believe nobody responds.

To my knowledge nobody has reported having funds stolen with login 2fa enabled. However, some did have funds stolen with 2fa enabled only for funding. With 2fa for funding, it doesn't increase security unless you also enable the settings lock. This point has confused people and we are currently looking at changing it to eliminate this confusion.

I will send you PM where you can defend yourself and myself now too. Because it was me who recommended Kraken and it would help me a lot if you can put shine on that. I would like to buy a bit more now through Kraken, but I am scared since I do not know what is going on.
Dargo
Legendary
*
Offline Offline

Activity: 1820
Merit: 1000



View Profile
August 03, 2016, 07:03:19 PM
 #3671

Can someone react jesus christ: https://cointelegraph.com/news/enable-2fa-kraken-accounts-compromised-funds-stolen

I recommended Kraken to MANY people and at least one guy got money stolen from Kraken even when he used 2FA and unique passwords (he is not an idiot).

I can not believe nobody responds.

To my knowledge nobody has reported having funds stolen with login 2fa enabled. However, some did have funds stolen with 2fa enabled only for funding. With 2fa for funding, it doesn't increase security unless you also enable the settings lock. This point has confused people and we are currently looking at changing it to eliminate this confusion.


Kraken was hacked, probably by the same hackers who just hit Bitfinex, albeit for a much smaller amount of BTC.....

.....and rather than admit it, Kraken opted to raid their own customer's 'unprotected' accounts and then blame the customer for them being robbed.

Admit it u fkn rodent.

Kraken was not hacked. We did have a significant number of accounts that were compromised because the attacker(s) somehow obtained the login credentials (username and password) for the accounts and gained access to the accounts individually by logging in. There is no evidence that the login credentials were obtained through any breach in Kraken's database. We are still investigating to find out how the attacker(s) might have obtained the credentials and it may have been through a variety of methods. Again, to my knowledge none of the compromised accounts had 2fa protection for login, meaning that the username and password was all that was needed to obtain access to the account. Some of the accounts did have 2fa for funding enabled without the settings lock but that does not provide any additional protection. If the settings lock isn't enabled, then anyone who can login to the account can bypass the funding 2fa. So if you only have 2fa for funding enabled, your account is only as secure as your username and password. This has been confusing and we are going to change how it works to eliminate the confusion. But for now everyone should enable 2fa for login at minimum. And if you want to enable any other 2fa settings, but sure to use them in conjunction with the settings lock.
TReano
Sr. Member
****
Offline Offline

Activity: 448
Merit: 256



View Profile
August 03, 2016, 10:20:35 PM
 #3672

Also always keep in mind:

Do not instantly believe what you read on the Internet by someone.There is a lot of FUD spreading around currently about everything to somehow benefit from this Bitfinex hack.
As long as the person can't provide any evidence I would always believe what the official statement is. (In this case by the Kraken support)



Most of the time people lose money because they click on phishing links. That's also the reason why the Blockchain info wallet has a bad reputation. It's simply because people don't know about any basic security measurements.
MatTheCat
Hero Member
*****
Offline Offline

Activity: 840
Merit: 1000


View Profile
August 04, 2016, 12:51:35 AM
 #3673

Also always keep in mind:

Do not instantly believe what you read on the Internet by someone.There is a lot of FUD spreading around currently about everything to somehow benefit from this Bitfinex hack.
As long as the person can't provide any evidence I would always believe what the official statement is. (In this case by the Kraken support)

Most of the time people lose money because they click on phishing links. That's also the reason why the Blockchain info wallet has a bad reputation. It's simply because people don't know about any basic security measurements.


Yeah sure....cos all these unregulated Bitcoin exchanges have a fucking fantastic record don't they!?

imo, all Bitcoin exchanges are guilty until proven innocent.


Whatever the case, a big bunch of Kraken accounts, were emptied all at the same time, on July 20th. That seems much more to me like Kraken was compromised, as opposed to customer computers being littered with key logging Spyware, like their support guys tried to tell us all. Had Kraken enabled even so much as Email verification, then these accounts would not have been emptied. Yet, just as the case with Bitfinex will turn out, Kraken take no responsibility for their shite security. All losses are to be incurred by their users whose accounts have been affected.

Don't know what fkn legal system that Kraken operate under, but in this country, Kraken would be found to be negligent in their Duty of Care...probably the same legal system as Bitfinex operate under......

....but like I said. Only someone willing to bestow the most charitable views upon the exchanges, would so readily believe the stories that the exchanges put it. Kraken account hacks = some form of inside job, until Kraken can prove otherwise as far as I am concerned.


Criminal Complaint for Fraud, is pending.

Kraken Account, Robbed/Emptied. Kraken say "Fuck you, its your loss": https://bitcointalk.org/index.php?topic=1559553.msg15656643#msg15656643

Bitfinex victims. DO NOT TOUCH THE BFX TOKEN! Start moving it around, or trading it, and you will be construed as having accepted it as an alternative means of payment to your USD, BTC, etc.
aesma
Hero Member
*****
Offline Offline

Activity: 812
Merit: 505



View Profile
August 04, 2016, 10:12:24 PM
 #3674

So did you lose money ?
Atdhe
Sr. Member
****
Offline Offline

Activity: 327
Merit: 250

Atdhe Nuhiu


View Profile
August 04, 2016, 11:06:50 PM
 #3675

They apply from now on 24 hours lock on btc payouts to new addresses. Idk why this was not there from beginning.

I would like to have feature that I can set this delay. For me even one week until new address is useful for payout would be enough most of the time.
aesma
Hero Member
*****
Offline Offline

Activity: 812
Merit: 505



View Profile
August 04, 2016, 11:31:11 PM
 #3676

Good idea.
MatTheCat
Hero Member
*****
Offline Offline

Activity: 840
Merit: 1000


View Profile
August 05, 2016, 01:40:41 AM
 #3677

So did you lose money ?


YES!

Kraken Account, Robbed/Emptied. Kraken say "Fuck you, its your loss": https://bitcointalk.org/index.php?topic=1559553.msg15656643#msg15656643

Bitfinex victims. DO NOT TOUCH THE BFX TOKEN! Start moving it around, or trading it, and you will be construed as having accepted it as an alternative means of payment to your USD, BTC, etc.
HostFat
Staff
Legendary
*
Offline Offline

Activity: 3178
Merit: 1091


I support freedom of choice


View Profile WWW
August 05, 2016, 03:08:38 PM
 #3678

Is there any news about adding the support of cryptocapital.co directly on the interface instead of always asking to the support?

NON DO ASSISTENZA PRIVATA - The Rock Trading (ref): A good exchange since 2007. 
https://bitcointa.lk: Bitcointalk backup if offline - Bitcoin Foundation Italia - Blog: http://theupwind.blogspot.it
aesma
Hero Member
*****
Offline Offline

Activity: 812
Merit: 505



View Profile
August 05, 2016, 07:51:09 PM
 #3679


I saw your thread.
ThePokerTranslator
Full Member
***
Offline Offline

Activity: 166
Merit: 100


View Profile
August 06, 2016, 12:25:56 AM
 #3680

Anybody else getting logged out after just 5-20 seconds after logging in? This is pretty annoying because you can't do anything, been happening the last few hours....

RB programme: http://betcoinrakeback.com?r=26
Pages: « 1 ... 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 [184] 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 ... 345 »
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!