Atdhe
Sr. Member
Offline
Activity: 326
Merit: 250
Atdhe Nuhiu
|
|
August 03, 2016, 05:52:16 PM |
|
To my knowledge nobody has reported having funds stolen with login 2fa enabled. However, some did have funds stolen with 2fa enabled only for funding. With 2fa for funding, it doesn't increase security unless you also enable the settings lock. This point has confused people and we are currently looking at changing it to eliminate this confusion. I will send you PM where you can defend yourself and myself now too. Because it was me who recommended Kraken and it would help me a lot if you can put shine on that. I would like to buy a bit more now through Kraken, but I am scared since I do not know what is going on.
|
|
|
|
Dargo
Legendary
Offline
Activity: 1820
Merit: 1000
|
|
August 03, 2016, 07:03:19 PM |
|
To my knowledge nobody has reported having funds stolen with login 2fa enabled. However, some did have funds stolen with 2fa enabled only for funding. With 2fa for funding, it doesn't increase security unless you also enable the settings lock. This point has confused people and we are currently looking at changing it to eliminate this confusion. Kraken was hacked, probably by the same hackers who just hit Bitfinex, albeit for a much smaller amount of BTC..... .....and rather than admit it, Kraken opted to raid their own customer's 'unprotected' accounts and then blame the customer for them being robbed. Admit it u fkn rodent. Kraken was not hacked. We did have a significant number of accounts that were compromised because the attacker(s) somehow obtained the login credentials (username and password) for the accounts and gained access to the accounts individually by logging in. There is no evidence that the login credentials were obtained through any breach in Kraken's database. We are still investigating to find out how the attacker(s) might have obtained the credentials and it may have been through a variety of methods. Again, to my knowledge none of the compromised accounts had 2fa protection for login, meaning that the username and password was all that was needed to obtain access to the account. Some of the accounts did have 2fa for funding enabled without the settings lock but that does not provide any additional protection. If the settings lock isn't enabled, then anyone who can login to the account can bypass the funding 2fa. So if you only have 2fa for funding enabled, your account is only as secure as your username and password. This has been confusing and we are going to change how it works to eliminate the confusion. But for now everyone should enable 2fa for login at minimum. And if you want to enable any other 2fa settings, but sure to use them in conjunction with the settings lock.
|
|
|
|
TReano
|
|
August 03, 2016, 10:20:35 PM |
|
Also always keep in mind:
Do not instantly believe what you read on the Internet by someone.There is a lot of FUD spreading around currently about everything to somehow benefit from this Bitfinex hack. As long as the person can't provide any evidence I would always believe what the official statement is. (In this case by the Kraken support)
Most of the time people lose money because they click on phishing links. That's also the reason why the Blockchain info wallet has a bad reputation. It's simply because people don't know about any basic security measurements.
|
|
|
|
MatTheCat
|
|
August 04, 2016, 12:51:35 AM |
|
Also always keep in mind:
Do not instantly believe what you read on the Internet by someone.There is a lot of FUD spreading around currently about everything to somehow benefit from this Bitfinex hack. As long as the person can't provide any evidence I would always believe what the official statement is. (In this case by the Kraken support)
Most of the time people lose money because they click on phishing links. That's also the reason why the Blockchain info wallet has a bad reputation. It's simply because people don't know about any basic security measurements.
Yeah sure....cos all these unregulated Bitcoin exchanges have a fucking fantastic record don't they!? imo, all Bitcoin exchanges are guilty until proven innocent. Whatever the case, a big bunch of Kraken accounts, were emptied all at the same time, on July 20th. That seems much more to me like Kraken was compromised, as opposed to customer computers being littered with key logging Spyware, like their support guys tried to tell us all. Had Kraken enabled even so much as Email verification, then these accounts would not have been emptied. Yet, just as the case with Bitfinex will turn out, Kraken take no responsibility for their shite security. All losses are to be incurred by their users whose accounts have been affected. Don't know what fkn legal system that Kraken operate under, but in this country, Kraken would be found to be negligent in their Duty of Care...probably the same legal system as Bitfinex operate under...... ....but like I said. Only someone willing to bestow the most charitable views upon the exchanges, would so readily believe the stories that the exchanges put it. Kraken account hacks = some form of inside job, until Kraken can prove otherwise as far as I am concerned. Criminal Complaint for Fraud, is pending.
|
|
|
|
aesma
|
|
August 04, 2016, 10:12:24 PM |
|
So did you lose money ?
|
|
|
|
Atdhe
Sr. Member
Offline
Activity: 326
Merit: 250
Atdhe Nuhiu
|
|
August 04, 2016, 11:06:50 PM |
|
They apply from now on 24 hours lock on btc payouts to new addresses. Idk why this was not there from beginning.
I would like to have feature that I can set this delay. For me even one week until new address is useful for payout would be enough most of the time.
|
|
|
|
aesma
|
|
August 04, 2016, 11:31:11 PM |
|
Good idea.
|
|
|
|
MatTheCat
|
|
August 05, 2016, 01:40:41 AM |
|
So did you lose money ?
YES!
|
|
|
|
HostFat
Staff
Legendary
Offline
Activity: 4256
Merit: 1208
I support freedom of choice
|
|
August 05, 2016, 03:08:38 PM |
|
Is there any news about adding the support of cryptocapital.co directly on the interface instead of always asking to the support?
|
|
|
|
aesma
|
|
August 05, 2016, 07:51:09 PM |
|
So did you lose money ?
YES! I saw your thread.
|
|
|
|
ThePokerTranslator
|
|
August 06, 2016, 12:25:56 AM |
|
Anybody else getting logged out after just 5-20 seconds after logging in? This is pretty annoying because you can't do anything, been happening the last few hours....
|
|
|
|
HPt
Member
Offline
Activity: 70
Merit: 15
|
|
August 06, 2016, 01:33:41 AM |
|
Anybody else getting logged out after just 5-20 seconds after logging in? This is pretty annoying because you can't do anything, been happening the last few hours....
For me it works fine (no log outs).
|
|
|
|
oinquer
Member
Offline
Activity: 94
Merit: 10
|
|
August 06, 2016, 05:23:05 PM |
|
Today i had an interesting thing to happen.
Had a position to sell at 545€ XBTEUR done at 9:xx AM At 15PM a huge spike up to 590€ appears and my trade doesn't execute....really awesome...not.
Care to explain why anyone?
It could just be that there were other people in the order queue before you. Kraken has not come forth with an explanation except those from a member that it is a bug and that spike didn't happen....although it appears on graphic... Also how could i have people in the order queue before me if i intend to sell at 545 and it spiked to 590? it would have to go past my order right?
|
|
|
|
Dargo
Legendary
Offline
Activity: 1820
Merit: 1000
|
|
August 06, 2016, 09:09:55 PM |
|
Today i had an interesting thing to happen.
Had a position to sell at 545€ XBTEUR done at 9:xx AM At 15PM a huge spike up to 590€ appears and my trade doesn't execute....really awesome...not.
Care to explain why anyone?
It could just be that there were other people in the order queue before you. Kraken has not come forth with an explanation except those from a member that it is a bug and that spike didn't happen....although it appears on graphic... Also how could i have people in the order queue before me if i intend to sell at 545 and it spiked to 590? it would have to go past my order right? We haven't come forth with an explanation because we are still investigating. The bug is difficult to reproduce so it's difficult to diagnose and fix as well. We'll update everyone when we have more information. Keep in mind that even if the 590 spike was a real trade, it doesn't necessarily mean that you were improperly skipped over with a sell at 545. We had this kind of situation come up a long time ago when we had a bug related to bid > ask conditions. Here is a post about it I made in this thread (the post only explains the most basic scenario and there were a bunch of other more complicated cases not covered). https://bitcointalk.org/index.php?topic=290799.msg4788527#msg4788527
|
|
|
|
LouisVuitton
Legendary
Offline
Activity: 896
Merit: 1000
Louis Vuitton
|
|
August 06, 2016, 11:16:19 PM |
|
This is my new favorite exchange. Stupid bitfinex knew I should have never trusted bitfinex... Kraken forever.
|
|
|
|
MatTheCat
|
|
August 06, 2016, 11:43:49 PM |
|
This is my new favorite exchange. Stupid bitfinex knew I should have never trusted bitfinex... Kraken forever.
Are u fucking joking? Bitfinex just happened to go public about it. Kraken keep their security breaches concealed, and then blame it on their customers.
|
|
|
|
becoin
Legendary
Offline
Activity: 3431
Merit: 1233
|
|
August 07, 2016, 09:13:21 AM |
|
Keep in mind that even if the 590 spike was a real trade, it doesn't necessarily mean that you were improperly skipped over with a sell at 545.
A spike from 530 to 590 with a real trade at 590? And skipping over a sell at 545 is okay? Is that some kind of a sick joke?
|
|
|
|
MatTheCat
|
|
August 07, 2016, 10:42:24 AM |
|
Keep in mind that even if the 590 spike was a real trade, it doesn't necessarily mean that you were improperly skipped over with a sell at 545.
A spike from 530 to 590 with a real trade at 590? And skipping over a sell at 545 is okay? Is that some kind of a sick joke? Wonder how many shorters got their positions closed at a huge loss, on what should have been trade of the century?
|
|
|
|
Dargo
Legendary
Offline
Activity: 1820
Merit: 1000
|
|
August 07, 2016, 01:14:53 PM |
|
Keep in mind that even if the 590 spike was a real trade, it doesn't necessarily mean that you were improperly skipped over with a sell at 545.
A spike from 530 to 590 with a real trade at 590? And skipping over a sell at 545 is okay? Is that some kind of a sick joke? You have to read the discussion I linked to in order to understand. The point is that it's possible to have a bug where in a bid > ask condition a trade happens @590 even though someone with an ask @545 didn't get skipped over. I'm not saying this is the type of bug we're seeing, but it could be - we haven't isolated the problem yet because it's hard to reproduce and we are staying open about what it could be. To give a simpler example than I linked to, suppose the order book is in the following bid > ask state: sell 1 BTC @531 sell 1 BTC @530 buy 1 BTC @590 buy 1 BTC @529 If the sell side initiates the trade, then the ask @530 should fill at the best price available on the book, which is the bid @590. So the trade executes @590. Does this mean that the ask @531 was skipped over? No, because the ask @530 with its better offer has priority over the ask @531. This is definitely a bug and should not happen. But the problem that makes it a bug is not that someone got skipped. So, again, my only point that it's possible to have a bug where a trade happens @590 even though someone with a sell @545 didn't get skipped. This is a bug we've seen before and addressed but we may not have fixed all cases of it yet.
|
|
|
|
Dargo
Legendary
Offline
Activity: 1820
Merit: 1000
|
|
August 07, 2016, 02:20:39 PM |
|
This is my new favorite exchange. Stupid bitfinex knew I should have never trusted bitfinex... Kraken forever.
Are u fucking joking? Bitfinex just happened to go public about it. Kraken keep their security breaches concealed, and then blame it on their customers. We haven't concealed any security breaches. As I've already said here https://bitcointalk.org/index.php?topic=290799.msg15806484#msg15806484we have had a significant number of accounts compromised by the attacker(s) obtaining usernames and passwords. These accounts would have been protected by enabling two-factor authentication for login, which is something that we highly recommend for everyone. We are in the process of implementing additional base protection for clients who don't enable two-factor for login, but once this protection is fully implemented, two-factor for login should still be considered an important security measure that we recommend for everyone. From what I understand it sounds like Bitfinex clients who had two-factor authentication were not protected, which implies that the attacker(s) somehow managed to breach Bitfinex systems rather than gaining access by obtaining a bunch of client usernames and passwords through other methods such as phishing, keyloggers, or hacking other databases and finding people who were using the same password on multiple accounts. But we're still waiting for a full report from Bitfinex to find out what happened.
|
|
|
|
|