Kraken: trustworthy or not ?

AjM

Well-known Member
Foundation Member
Jun 23, 2014
1,341
575
283
Finland
Today i signed to the kraken.com and started verification process.
My purpose is(was) going to trade there, because of Dash-Euro trading pair.
I'm now in tier 3 verification with them, but...

I did some searching about kraken, and found some very alarming stories about robbery and such.
Now i do not trust them and probably newer will transfer ANY funds or crypto to my kraken account.

These claims are from summer 2016.
Here are 2 links to read about, what you guys think about this?

Enable 2FA: Kraken Accounts Compromised, Funds Stolen:
https://cointelegraph.com/news/enable-2fa-kraken-accounts-compromised-funds-stolen

Multiple Kraken Accounts, Robbed/Emptied:
https://bitcointalk.org/index.php?topic=1559553.0

I tag some our core team members because 'we' funded Dash integration to the kraken.
@fernando @Minotaur @babygiraffe @TanteStefana @flare @moocowmoo


There are claims that several accounts on Kraken have been compromised and funds taken. Representatives of Kraken told Cointelegraph that the cases mentioned below are currently being investigated.
 

dashly

Member
Mar 5, 2017
110
44
78
These security breaches are less to do with Kraken, and more to do with weak security setup by the user. Kraken offers 2FA, so use it. Also, these users were most likely "hacked" because they used the same username/password combination they've used on other sites that were hacked. Pick a unique strong password and use 2FA and you'll be fine.
 

7dhdaQhZ

New Member
Mar 6, 2016
36
18
8
I've had a Kraken account for approx 3 years now, 2FA enabled. Always ok. Touch wood....
 

Biltong

Active Member
Mar 22, 2017
363
134
113
Dash Address
XmPNBEQyaVNyFudWL3hhhcWfkdYK6T9nCF
Don't trust any of the exchanges EVER
 

Tallyho

Member
Mar 15, 2015
124
68
78
Indeed, never trust any exchange. But Kraken's as good as you'll get. Use 2FA and they're at least as reliable as any other exchange out there.
 

AjM

Well-known Member
Foundation Member
Jun 23, 2014
1,341
575
283
Finland
These security breaches are less to do with Kraken, and more to do with weak security setup by the user. Kraken offers 2FA, so use it. Also, these users were most likely "hacked" because they used the same username/password combination they've used on other sites that were hacked. Pick a unique strong password and use 2FA and you'll be fine.
And how you do explain stolen funds, even if login 2FA was enabled?
 

AjM

Well-known Member
Foundation Member
Jun 23, 2014
1,341
575
283
Finland
Don't trust any of the exchanges EVER
Yep, but if you sell or buy something with in exchange, you need to deposit some funds in, right?
And when you trade, it take some time, days, weeks...

Some victims claims robbing was inside job.
 

Biltong

Active Member
Mar 22, 2017
363
134
113
Dash Address
XmPNBEQyaVNyFudWL3hhhcWfkdYK6T9nCF
Yep - used to do lending, but decided the risk is too high vs the small gain - took another risk and split my Dash between Moo and Splawik - consider it a smaller risk :)
 

crowning

Well-known Member
May 29, 2014
1,414
1,997
183
Alpha Centauri Bc
I use Kraken since early 2014 and had never any issues, however I never leave any funds there.

Deposit -> Trade -> Withdraw

Recommended for ALL exchanges.
 

AjM

Well-known Member
Foundation Member
Jun 23, 2014
1,341
575
283
Finland
Well, my current confidence to kraken is not high enough to deposit 500 or 1000 Dash to them.
But Dash->Euro exhanges are limited at this time.
 

dashly

Member
Mar 5, 2017
110
44
78
Deposit -> Trade -> Withdraw
^^^
And how you do explain stolen funds, even if login 2FA was enabled?
I skimmed through the link you posted, and it looks like the person that claimed they had 2FA enabled only had it enabled for trades and not login. Apparently Kraken sucks as far as security because they let the hackers login and change 2FA trade settings. Make sure 2FA is setup for LOGIN so this type of thing can't happen. As far as trusting an exchange, I agree with everyone on this thread... NEVER fully trust an exchange... Use it just long enough to make your trades and get out.

Kraken is legit as far as exchanges are concerned and I don't believe they had a hand in this... This was a hacker with stolen credentials who hit several people in one day.
 

crowning

Well-known Member
May 29, 2014
1,414
1,997
183
Alpha Centauri Bc
Well, my current confidence to kraken is not high enough to deposit 500 or 1000 Dash to them.
But Dash->Euro exhanges are limited at this time.
Understandable.
I'm just a small trader exchanging a Dash or three from Masternode rewards...
 

AjM

Well-known Member
Foundation Member
Jun 23, 2014
1,341
575
283
Finland
Understandable.
I'm just a small trader exchanging a Dash or three from Masternode rewards...
Yep, my plan is liquidate some of my investment and quit my day job,
so, i'm little doubtful about kraken after i read all those claims.
 

AjM

Well-known Member
Foundation Member
Jun 23, 2014
1,341
575
283
Finland
^^^

I skimmed through the link you posted, and it looks like the person that claimed they had 2FA enabled only had it enabled for trades and not login. Apparently Kraken sucks as far as security because they let the hackers login and change 2FA trade settings. Make sure 2FA is setup for LOGIN so this type of thing can't happen. As far as trusting an exchange, I agree with everyone on this thread... NEVER fully trust an exchange... Use it just long enough to make your trades and get out.

Kraken is legit as far as exchanges are concerned and I don't believe they had a hand in this... This was a hacker with stolen credentials who hit several people in one day.
Yes, so whats the point if trade/withdrawal 2FA can be disabled without email verification, if you do not use login 2FA?
 

dashly

Member
Mar 5, 2017
110
44
78
Yes, so whats the point if trade/withdrawal 2FA can be disabled without email verification, if you do not use login 2FA?
Exactly! Hopefully they fixed it since then... I use it for login though so I'm not certain.
 

AjM

Well-known Member
Foundation Member
Jun 23, 2014
1,341
575
283
Finland
Exactly! Hopefully they fixed it since then... I use it for login though so I'm not certain.
I have not tested at all 2FA yet, but i will when i have more time.
But if the thief is allready in the house, there is no point to lock the door :D
 

Naruto

Member
Dec 26, 2014
176
89
88
I have a Kraken account too. Nothing happens. The only thing I concern is the trading volume.


使用Tapatalk 發送
 

fernando

Powered by Dash
Dash Core Team
Moderator
Foundation Member
May 9, 2014
1,527
2,058
283
I believe Kraken to be as serious and trustworthy as it can get. But, as it has been said many times above, no exchange is completely safe. One of the reasons is that security is not only on them, but also on the users. And many users suck at security.

Kraken is huge, has outside investors, everyone is public and they have always been compliant everywhere. I understand fears because with crypto there is usually no recourse if you lose your money, but if you want to trade you'll have risks any place you go.
 

AjM

Well-known Member
Foundation Member
Jun 23, 2014
1,341
575
283
Finland
Yep, i will test their security and after that begin test usage in the small scale first.
 

AjM

Well-known Member
Foundation Member
Jun 23, 2014
1,341
575
283
Finland
Ok, i made my Kraken security setup like this:

EMAIL:
- Protonmail (end to end PGP encrypted)

LOGIN:
- Strong password (20-30 random chars)
- 2FA

FUNDING:
- 2FA

ACCOUNT SETTINGS:
- Global settings lock enabled
- Global settings masterkey strong password (20-30 random chars)

With this setup, i am quite confident about security.
Thanks for all comments.


https://www.kraken.com/help/faq
What can I do to make my Kraken account more secure?

Kraken offers the most advanced tools in the industry for securing your account.
You can make your account more secure in the following ways.

Basic

Create Two-factor authentication for account login and funding
Secure the email tied to your Kraken account with a strong password and two-factor authentication
Create a master key to require authentication for account recovery

Advanced

Create additional two-factor authentication for trading
Lock your account settings with the global settings lock
If your email supports PGP/GPG signing and encryption, give us your PGP key to receive signed and encrypted email from us
 

jimbursch

Well-known Member
Mar 5, 2017
837
502
163
57
Also, to improve your security and reduce your third-party exposure risk, don't store your Dash in the Kraken account -- just move funds in to make a trade, then move founds out to your secure storage -- ideally a hardware wallet. Leaving funds sitting in the exchange account is not recommended.
 

AjM

Well-known Member
Foundation Member
Jun 23, 2014
1,341
575
283
Finland
Also, to improve your security and reduce your third-party exposure risk, don't store your Dash in the Kraken account -- just move funds in to make a trade, then move founds out to your secure storage -- ideally a hardware wallet. Leaving funds sitting in the exchange account is not recommended.
Indeed.
 

fernando

Powered by Dash
Dash Core Team
Moderator
Foundation Member
May 9, 2014
1,527
2,058
283
Instant send was not instant, only normal speed when i sent to them.
Well, not pure intant send, but they credit your account after 1 block confirmation if you send with instant send. I've just rechecked and it still works. If you are not experiencing it, maybe it is related to verification levels or history or something like that...
 

AjM

Well-known Member
Foundation Member
Jun 23, 2014
1,341
575
283
Finland
Well, not pure intant send, but they credit your account after 1 block confirmation if you send with instant send. I've just rechecked and it still works. If you are not experiencing it, maybe it is related to verification levels or history or something like that...
Yep, my first test instantsend was 10 Dash and it took about 10 mins to get it done.
No problem to me, i'm not in that hurry.

Now i 'fight' with euro withdrawal, can someone clear to me what this mean?
My own name or bank account name?
Important:
The name on the bank account you are withdrawing to
must match the name on the account you are withdrawing from.
 

Tallyho

Member
Mar 15, 2015
124
68
78
The bank account must be in the same name as the name you gave in your Kraken verification, so if you're signed up to Kraken as Fred Smith, you can only withdraw funds to a bank account in the name of Fred Smith. It's an AML thing, to prevent Kraken being used as a middle man in transactions with third parties.
 
  • Like
Reactions: fernando and AjM