Bitcoin Forum
November 11, 2024, 06:47:28 AM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Kraken - 2FA updated and all coins robbed - Kraken refuses response!  (Read 298 times)
krakened (OP)
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
October 16, 2019, 03:27:59 PM
Last edit: October 16, 2019, 05:06:32 PM by krakened
 #1

Hi all

!! I'm writing this article as a warning to all users of Kraken.com !! This plattform is everything but secure and the support is everything else but helpfull !

Last Tuesday the 8th October my account was krakened (plundered !) by somebody and I was robbed 29'449 Euros (32'000 US$s) !! I had the 2FA enabled (already for the login which changes the code every 30 seconds!) and my gmail-account was definitely not compromised. All devices google shows in the my device list are mine and there we're no logins from anybody else. If they had access to either my password safe of google account then they would have tried at steal everything else too which they didn't! I'm using only cryptic 20-digit generated and unique passwords and 2FA wherever possible (always with the generated code that changes every 30 seconds). I also was not logged into the Kraken.com website at that point of time on any device as I was having dinner together with a colleague.

As I'm not a teenager anymore I don't check my mobile for every sound it makes.

The chronology of the robbery is like this:
1. Email - 19:27 2FA was updated
2. email - 19:28 withdrawal address added - confirmation needed
3. email - 19:29 withdrawal address deleted
4. email - 19:29 withdrawal address added - confirmation needed
5. Email - 19:45 withdrawal request made
6. email - 20:00 withdrawal request made
7. email - 21:10 account locked ==> I got it locked some when between 19:45 and 20:15 - so this email arrived with a delay of about one hour  Angry

When I saw the emails at around 19:45 I tried to logon to my Kraken account immediately and locked it immediately with the link in the email (which worked within about 2 seconds) when I could not login. Unfortunately the emails arrive with such a delay that the transfer was already executed when I saw the withdrawal request email. Both transfers we're executed at 19:44.  Shocked

What security shall this be for us users? This is a super bad joke of Kraken.com !! After about 20 hours I got my account unlocked - the support even refused to even tell me if any transfer found place or if my 32'449 Euros are still there after they knew it's the owner writing with them - I saw that everything I owned was gone...  Cry

After collecting all the infos in a PDF (complete chronology which I also needed to file this to the police and FBI) I sent it to Kraken.com support asking them to help me and tell me exactly what happened and how this is even possible with the 2FA enabled ?!  Huh

The Kraken support is very unfriendly and of zero help!! I expected to get a least a protocol of my accounts activities of that day ! But NO - they refused to give out any information to me which is very suspicious (coin transactions are irreversible and the BS others also received that got robbed) - it already looked like an inside job before (how the hell should anyone have changed my 2FA ?!) and I assume that some people working for Kraken.com are multi-millionaires by now thanks to the robbed customers !

Here's why for me this is clearly an inside job: The 2FA was updated out of the blue sky and this is not be possible! I sold all my coins a few days before the 8th, transferred more BTCs to Kraken from my Poloniex account and prepared everything to pay out the 38'449 Euros I had on the account to my bank account. The same day of the robbery I luckily payed out the first 9000 Euros in the morning at 11:17 which arrived on my bank account the next day.
The remaining 29'449 Euros (32'000 US$s) are gone (3,92xy BTC) - the hacker did 2 transactions what I do not understand why (one of 0.0045 BTC and 42 seconds after that a second one of 3.92501 BTC, both we're executed at 19:44:05 and 19:44:47). I verified my account about 2 weeks before this happened (end of September), before that this would not have been possible. And I was in contact with the Kraken online support a few days earlier (chat) to ask them how to pay out Euros with SEPA. After writing a few days later I changed all the US$s I had into BitCoins and sold them for EUROS to be able to do the payout. So the Kraken support knew I was going to withdraw my money which makes me feel very strange and angry ... !

As Krakens emails arrive so late (after payments we're executed) Kraken is responsible for this loss of my money and should return it to me for the lack of security and for the delay with the emails! This i ZERO security and a disaster !

Crypto-owners be warned of using Kraken as I'm not the only one who was robbed and terribly helped after it happened by the support! Kraken is having NO security at all as the 2FA can be changed like this! When I added a new Bitcoin address to my verified Poloniex account to withdraw my 0.42548 BTC I had to verify myself with passport, photo and again with the mobile app. This is security! Kraken gives a shit about anyone's security or what happens to their users ! And they answer you like if you we're the last idiot!
Kraken-Chase
Jr. Member
*
Offline Offline

Activity: 59
Merit: 2


View Profile WWW
October 16, 2019, 07:43:10 PM
 #2

Chase from Kraken support here. I'm very sorry to hear about this and that you feel the support team has been unhelpful. Security is our top priority and this is the last thing we'd ever want to hear from any of our clients.

For the highest level of account security, it is absolutely essential that users fully utilize the various security features that the Kraken platform has to offer (not just login 2FA, but funding/trading 2FA, as well as a Master Key and Global Settings Lock). More detailed information outlining the various available security features can be found here: https://support.kraken.com/hc/en-us/articles/201396837

If your support request is still outstanding, please provide us with your ticket number so we can further help and work with you in regards to your case. Please understand, however, that for security and compliance reasons, we are unable to provide further information about individual cases until we are contacted by a verified law enforcement official.
squatter
Legendary
*
Offline Offline

Activity: 1666
Merit: 1196


STOP SNITCHIN'


View Profile
October 16, 2019, 09:05:03 PM
 #3

The chronology of the robbery is like this:
1. Email - 19:27 2FA was updated
2. email - 19:28 withdrawal address added - confirmation needed
3. email - 19:29 withdrawal address deleted
4. email - 19:29 withdrawal address added - confirmation needed
5. Email - 19:45 withdrawal request made

We're assuming the attacker logged in before updating the 2FA, right? Meaning the login 2FA was compromised, whether from Kraken or you. The first email you list says the 2FA was updated -- did they send you an email about a successful login prior to that?

Kraken-Chase, there's absolutely no way to remove login 2FA without being logged into the account, is there?

Also, is there no email confirmation required for withdrawals on Kraken? That's typically a very basic security requirement that all exchanges employ. The OP says their email account was not compromised.

krakened (OP)
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
October 17, 2019, 06:56:36 AM
Last edit: October 17, 2019, 07:46:22 AM by krakened
 #4

Thank you very much for your reply squatter. The first email that got was that the 2FA was updated (before that there was only the email about the withdrawal of 9000 Euros which I made the same day about 8 hours earlier). And as I said I have all passwords in the safeincloud passwordsafe and had no open session with Kraken on any computer at that time. My 2FA is generated (6 digits).

If my email would have been hacked they would have changed the password at first and they would have deleted the emails - but they we're all unread in the inbox!

I'm asking the absolut same questions as you:
1. how was the 2FA changed? If that is possible then also the global setting lock is useless...
2. how we're these payments confirmed without my email beeing hacked?
3. was a password reset made (I forgot my password) ?! There is no email about that!
4. what security are emails that say a withdrawal was ordered BUT arrive after it was executed?
5. why is Kraken refusing ANY help and information?

As I'm refused any information (information about MY account nothing else - me as the robbed one!) that destroys any confidence I had into Kraken.com  Shocked

I will forward this to any coin-magazins and post this in many forums that is not how the first and one of the biggest exchanges should treat their customers!
krakened (OP)
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
October 17, 2019, 07:53:29 AM
 #5

As I read I'm not the first and only one that got robbed on Kraken - the same thing happened to this user also:

***
“On Kraken this morning I had a bunch of emails show up with changes to my 2 factor, and then a series of withdrawals. None of these changes were made by me! I had USD in the account which was used to buy BTC and all the BTC was withdrawn. I did not do any of this. I have opened a ticket with kraken support as soon as I found out but no response yet.

Is anyone else seeing this happen to them??

Posted this on behalf of my brother /u/ds720 since he couldn't post on this subreddit. Expect replies from him.”
***

Read the full article of the cointelegraph here:
https://cointelegraph.com/news/enable-2fa-kraken-accounts-compromised-funds-stolen
1Referee
Legendary
*
Offline Offline

Activity: 2170
Merit: 1427


View Profile
October 17, 2019, 11:35:19 AM
 #6

Also, is there no email confirmation required for withdrawals on Kraken? That's typically a very basic security requirement that all exchanges employ. The OP says their email account was not compromised.
How can there not be? Kraken's guide to request a withdrawal of any coin points out that a withdrawal can only be completed by clicking the confirmation link in the email sent to you.

If my email would have been hacked they would have changed the password at first and they would have deleted the emails - but they we're all unread in the inbox!
Read emails can be marked as unread super easily.

I'm inclined to think that in some way a hacker got access to your computer well before your coins were stolen, all to wait for the right moment to strike. If that turns out to be the case, the hacker has had all the data you have to access your account/withdraw/make account changes, etc.

I'm very curious to see Kraken's explanation after doing some investigation. They should know what exactly happened by the detail.
krakened (OP)
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
October 17, 2019, 12:34:42 PM
 #7

Hi 1Referee

I agree with you if someone has more details then it's Kraken.

But as Kraken refuses to tell me anyhting this is very suspicious or what would you think if you we're me?!

Michel
squatter
Legendary
*
Offline Offline

Activity: 1666
Merit: 1196


STOP SNITCHIN'


View Profile
October 17, 2019, 07:32:46 PM
 #8

Also, is there no email confirmation required for withdrawals on Kraken? That's typically a very basic security requirement that all exchanges employ. The OP says their email account was not compromised.
How can there not be? Kraken's guide to request a withdrawal of any coin points out that a withdrawal can only be completed by clicking the confirmation link in the email sent to you.

OP, so you definitely checked the session history on your Gmail account and it shows nothing out of the ordinary? No strange IP ranges? If your email was compromised, that gives us one piece of the puzzle.

I do find it very troubling that it's always Kraken who I'm hearing this about -- 2FA secured accounts being compromised.

I'm very curious to see Kraken's explanation after doing some investigation. They should know what exactly happened by the detail.

It sounds like Kraken plans to keep their lips sealed until a formal law enforcement investigation proceeds.

Did you file a police report yet, OP?

figmentofmyass
Legendary
*
Offline Offline

Activity: 1652
Merit: 1483



View Profile
October 17, 2019, 10:11:32 PM
 #9

For the highest level of account security, it is absolutely essential that users fully utilize the various security features that the Kraken platform has to offer (not just login 2FA, but funding/trading 2FA, as well as a Master Key and Global Settings Lock). More detailed information outlining the various available security features can be found here: https://support.kraken.com/hc/en-us/articles/201396837

i'm amazed you guys still have these horribly implemented security settings. i can only imagine how many people have lost money because of them. it's not confidence inspiring.

there's absolutely no reason to distinguish between login 2fa and withdrawal/trading 2fa. remove the separate options and secure everything with 2fa because customers obviously don't understand the security implications, eg that withdrawal/trading 2fa can easily be removed once logged in.

also, why are static passwords allowed as a 2fa option? 2fa = something you know and something you have. 2 passwords = 2 things you know and 0 things you have.......

1. how was the 2FA changed? If that is possible then also the global setting lock is useless...

was the global setting lock active? why would the hacker need to change the 2fa anyway? it looks like they had access to your account and thus must already have your secret token.

krakened (OP)
Newbie
*
Offline Offline

Activity: 5
Merit: 0


View Profile
October 18, 2019, 01:44:49 PM
 #10

Yes I filed this to the Swiss Police (cybercrime) and to the FBI also.

I managed to track my bitcoins and in the 5th transaction they we're sent to the big BINANCE.COM wallet (which received more than 6'000'000 Bitcoins!). This means in transfer number 4 they arrived on the hackers Binance wallet (and the 5th transaction is when Binance took it over to their main wallet I assume). My Bitcoins we're split but came together again in the Binance wallet '1NDyJtNTjmwk5xPNhjgAMu4HDHigtobu1s' which I found in google and clearly belongs to binance.com ! So the hackers want to do a payout. I also informed Binance with the proof that it's filed with the FBI and hope they will block the accounts belonging to these criminals!

The Swiss Police (Cybercrime) is aware of this and are actively tracking my bitcoins and getting into contact with the support of Kraken which refuses to give out any information to me. What could I see there that I don't get that info?!

No my google account history does not show anything strange, no devices which are not mine nor any unwanted logins. If they had access they would have stolen more than just the Kraken funds...

I agree with you 'figmentofmyass' they must have had any possibility to login to my account (or then it's someone from the inside of Kraken) so no security helps. BUT if they had the login why should they change the 2FA? That and that didn't try to rob anything else tells me clearly that they did not have it...

If Kraken did everything correct then they could handle me out the logs!   Angry  Shocked
birben666
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
November 18, 2019, 08:07:19 AM
 #11

I'm having absolutley the same problem !!!
Didn't receive any email for withdraw or changing passwords and someone stealed 3000 euro from my account two days ago.
I've ask the support for logs or proof but they told me that the emails were send but i delete them so that's the reason i didn't get notification.After i've ask them once again they told, they can't provide any  ips because it's again the policy (no logs from the mail server as well)My password is two months old with 20 symbols and it's not leaked or exposed.

 Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry Cry
birben666
Newbie
*
Offline Offline

Activity: 2
Merit: 0


View Profile
November 18, 2019, 08:32:15 AM
 #12

Somehow someone has logged into my PC because i wans't here during this time and changed my passwords, the only clues that i manage to find are poiting to something with Kraken it's not with us:
Guys take a look at your Chrome browser history ... this is what i found :
https://ibb.co/2WYvCmz
If there were any alerts from Kraken i was going to save my money but they didn't send me anything and the 2FA for withdrawal didn't saved my ass!

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!