[ANN] KRAKEN.COM - Exchange with USD EUR GBP JPY CAD BTC LTC XRP NMC XDG STR ETH

[KrakenTrader]

Whoever is doing the DDoS is probably doing it to manipulate price and of course they are going to try to cause trouble right when the market starts to move and is most ripe for manipulation.

If your website is down and API unaccessible how is price moved? Who can place market orders while all the rest can't? Why the attackers are so confident they can trade at Kraken while all the rest can't?

We are investigating to see if we can find a connection between the DDoS and trading on our site and will take appropriate action if we can identify someone, but it may be very hard to do so.

Is there a customer or group of customers that have privileged access to your trading engine? They must also have access to the order book, including hidden orders! They can profit only if they know at what price level majority of 'take profit' and 'margin liquidation' orders are grouped.

Dargo,

Scary stuff.
My observation from the last 3 hours is, that as long the price is moving *not close* to any important trend line, the site is accessible. But, at the very moment when the price moves very close to an important trend line (possible breakout expected), site becomes inaccessible or as I am logged in already it stoppes responing at all. - this happened the last 3 hour every single time for such a case.  So the last 3 hours wasn't any breakout or huge price move, and the site became accessible again.
But during my trading yesterday, once  larger price moves happened, it was impossible to perform any action until about 5 -10 minutes after heavy price movements had stopped.
It's obvious that this didn't help me to prevent losses or take profits.

The scary part is, that it really happened every single time. So the attackers clearly seem to know what they are doing.
Anyone else observing similar things ?

[Dargo]

Whoever is doing the DDoS is probably doing it to manipulate price and of course they are going to try to cause trouble right when the market starts to move and is most ripe for manipulation.

If your website is down and API unaccessible how is price moved? Who can place market orders while all the rest can't? Why the attackers are so confident they can trade at Kraken while all the rest can't?

We are investigating to see if we can find a connection between the DDoS and trading on our site and will take appropriate action if we can identify someone, but it may be very hard to do so.

Is there a customer or group of customers that have privileged access to your trading engine? They must also have access to the order book, including hidden orders! They can profit only if they know at what price level majority of 'take profit' and 'margin liquidation' orders are grouped.

Sure, if the attackers are trading on our exchange, then they wouldn't be relying on having access while access is limited. But that doesn't mean that there's no way for them to profit from it. They might be trying to initiate a market crash so they can pick up cheaper coins later, or they might open a short position beforehand looking to close it later after the crash. The market can still move during an attack, because DDoS doesn't usually take down servers - it constrains the access to those servers and different people may experience different levels of access. Some may have no access while others just find that the site is slow for them. It can also happen that people aren't able to login and trade on our platform, but the API is still working. So people can have different levels of access, but there's no group with privileged access.

I should emphasize that we don't know if the attackers are trading on our exchange, only that they could be. It may even be that the attacks are not intended to manipulate price. Maybe the attackers have some other motive, but this seems less likely.  

[Dargo]

Dargo,

Scary stuff.
My observation from the last 3 hours is, that as long the price is moving *not close* to any important trend line, the site is accessible. But, at the very moment when the price moves very close to an important trend line (possible breakout expected), site becomes inaccessible or as I am logged in already it stoppes responing at all. - this happened the last 3 hour every single time for such a case.  So the last 3 hours wasn't any breakout or huge price move, and the site became accessible again.
But during my trading yesterday, once  larger price moves happened, it was impossible to perform any action until about 5 -10 minutes after heavy price movements had stopped.
It's obvious that this didn't help me to prevent losses or take profits.

The scary part is, that it really happened every single time. So the attackers clearly seem to know what they are doing.
Anyone else observing similar things ?

As I mentioned before, this may be due to increased trade action under those circumstances rather than increased level of attack under those circumstances. With the heavy increase in traffic, some legit, some not, our systems are under heavy load and part of the solution we are working on is a system upgrade. 

[Totscha]

Whoever is doing the DDoS is probably doing it to manipulate price and of course they are going to try to cause trouble right when the market starts to move and is most ripe for manipulation.

If your website is down and API unaccessible how is price moved? Who can place market orders while all the rest can't? Why the attackers are so confident they can trade at Kraken while all the rest can't?

We are investigating to see if we can find a connection between the DDoS and trading on our site and will take appropriate action if we can identify someone, but it may be very hard to do so.

Is there a customer or group of customers that have privileged access to your trading engine? They must also have access to the order book, including hidden orders! They can profit only if they know at what price level majority of 'take profit' and 'margin liquidation' orders are grouped.

Sure, if the attackers are trading on our exchange, then they wouldn't be relying on having access while access is limited. But that doesn't mean that there's no way for them to profit from it. They might be trying to initiate a market crash so they can pick up cheaper coins later, or they might open a short position beforehand looking to close it later after the crash. The market can still move during an attack, because DDoS doesn't usually take down servers - it constrains the access to those servers and different people may experience different levels of access. Some may have no access while others just find that the site is slow for them. It can also happen that people aren't able to login and trade on our platform, but the API is still working. So people can have different levels of access, but there's no group with privileged access.

I should emphasize that we don't know if the attackers are trading on our exchange, only that they could be. It may even be that the attacks are not intended to manipulate price. Maybe the attackers have some other motive, but this seems less likely.  

One word: Incapsula

[InvestorPerson]

website unavailable again

should change that to useless 

no honestly, this is stooopid

[KrakenTrader]

Dargo,

Scary stuff.
My observation from the last 3 hours is, that as long the price is moving *not close* to any important trend line, the site is accessible. But, at the very moment when the price moves very close to an important trend line (possible breakout expected), site becomes inaccessible or as I am logged in already it stoppes responing at all. - this happened the last 3 hour every single time for such a case.  So the last 3 hours wasn't any breakout or huge price move, and the site became accessible again.
But during my trading yesterday, once  larger price moves happened, it was impossible to perform any action until about 5 -10 minutes after heavy price movements had stopped.
It's obvious that this didn't help me to prevent losses or take profits.

The scary part is, that it really happened every single time. So the attackers clearly seem to know what they are doing.
Anyone else observing similar things ?

As I mentioned before, this may be due to increased trade action under those circumstances rather than increased level of attack under those circumstances. With the heavy increase in traffic, some legit, some not, our systems are under heavy load and part of the solution we are working on is a system upgrade. 

All right I get it.
However, once action happens, trading on the website like placing/cancelling orders is not possible for me.
Good to know you are working on a system upgrade.

[gotmilk_]

Dargo. Please check request 65448. Thank you.

I've alerted support to your request and they will respond as soon as they can.

This is taking some time...

[Dargo]

Dargo. Please check request 65448. Thank you.

I've alerted support to your request and they will respond as soon as they can.

This is taking some time...

We have a backlog of tickets right now so support is slower than usual, but we'll respond as soon as we can.

[InvestorPerson]

well i'm giving up even trying. hope you get this sorted out soon

exchange becomes totally unavailable when something is going on 

good luck kraken

[gotmilk_]

Dargo, this is getting annoying... 24h?

[garan]

I know this has been asked before but is there any news on a websocket-based API (at least for trades and the order book). As the Kraken's trading volume grows, it would be great. Thanks!

[Slavewarrior]

Dargo, this is getting annoying bcs over 4 days it isn`t possible for the support to give me an temporary OTP? You`re kidding, eh!?  

[gotmilk_]

Ok, solved with support.
Question... What will Kraken do to prevent such ddos attacks in future? Bitstamp for example solved that perfectly with Amazon.

[Dargo]

Dargo, this is getting annoying bcs over 4 days it isn`t possible for the support to give me an temporary OTP? You`re kidding, eh!?  

See the update to your ticket for instructions on accessing your account. You should have access now. I'm very sorry for the delay - support is normally very responsive, but has been under heavy load the past week or so and is still catching up.

 

[Dargo]

One thing we recommend for everyone is creating a master key

https://support.kraken.com/hc/articles/201396847-What-is-the-master-key-shown-on-the-two-factor-authentication-page-

One thing the master key will do is allow you to recover your account on your own (that way you don't need to rely on support at all). It's important that you store the master key on a different two-factor (2FA) device than the one you use for account login. If you only have one 2FA device (i.e. one cell phone that you use for 2FA), then the next best option is to just make the master key a static password and store that password very securely. If you use a static password you can always create a new static password after using the old one (effectively making it similar to a one-time password). You rarely need to use the master key, so it wouldn't be hard to just create a new static password each time you have to use the master key for something.

In case it's helpful for anyone, here's a Kraken blog post from a long time ago discussing two-factor authentication and why it's important to set up distinct authentication channels.

http://blog.kraken.com/post/96737897057/the-importance-of-two-factor-authentication

[Dargo]

I know this has been asked before but is there any news on a websocket-based API (at least for trades and the order book). As the Kraken's trading volume grows, it would be great. Thanks!

Yes, we are in the process of building websockets now. But I can't give an ETA on it.

[Dargo]

Ok, solved with support.
Question... What will Kraken do to prevent such ddos attacks in future? Bitstamp for example solved that perfectly with Amazon.

We've already done some things that should help and plan to do a lot more. We are considering a switch to a different provider of DDoS protection. This is something the developers are working on and I don't have too many details at this point, so I can't say too much about it. But we understand that clients are concerned to know that we are taking appropriate measures, so we'll make a more detailed statement about it soon.

[Slavewarrior]

Thank you, Dargo. Now everything works fine 

[KrakenTrader]

Ok, solved with support.
Question... What will Kraken do to prevent such ddos attacks in future? Bitstamp for example solved that perfectly with Amazon.

We've already done some things that should help and plan to do a lot more. We are considering a switch to a different provider of DDoS protection. This is something the developers are working on and I don't have too many details at this point, so I can't say too much about it. But we understand that clients are concerned to know that we are taking appropriate measures, so we'll make a more detailed statement about it soon.

Great idea to move to a different DDoS provider

[FlensGold]

I just have a problem I never had before with Kraken:
I just bought some BTC and wanted to withdraw them. Although my balance is ~8.5BTC the maximum withdrawal is set to ~7.7BTC, which is the same amount as the shown "Free margin". What does this mean?
I am Tier3 User far away from any limits...