I've tried not to think about this because it makes me feel bad just thinking about it, but it's my responsibility to share what happened so it doesn't happen to anyone else.The whole situation is a bit ironic, especially the reason why I got a Kraken account in the first place, I'll try to see the funny side of this even though it's just tragic (Buttcoin surely will like this though).To begin with, I got my Kraken account to claim lost Mt.Gox funds (yes, I lost money in the Mt. Gox hack, not close to this amount but still a significant amount), so I got Kraken because I lost money on Mt.Gox and later the committee told me to use Kraken to claim my lost funds.One of the reasons I kept this amount on Kraken was because I wanted to have quick access in case of drastic moves, especially if Tether would collapse since Kraken is the only place where you can short USDT (people might think this is dumb, but I did this in October and shorted it from about $0.99 to 0.87, so I knew it worked).I had done my research on the most secure exchanges although I might have used a few short cuts in my reasoning. I thought that they HAD to be safe since they were selected to aid the redistribution of the Mt.Gox funds, surely the Mt.Gox committee most have made their assessment on the security of the exchange. I also read several articles and other sources rating the security of different exchanges, Kraken always came out in the top. Lastly they are one of the most widely used, so I thought this was fine.Still, of course I thought I wasn't being no dummy, I did activate 2FA and took every measure to increase security such as using a unique password on the exchange as well as for my e-mail.The 2FA especially made me feel a sense of security (which obviously was false).I've been trying to figure out how this could happened.I have scanned my computer and there is no trace of malware and I don't use unknown computers to access my mail.It does seem as if the hacker initially got access to my mail by gaining access to customer support accounts at Microsoft Outlook:http://bit.ly/2XHZmtE hackers then proceeded to set rules on my account to send any mails from Kraken to the trash:http://bit.ly/2IeSUoA later went on by gaining access to my Kraken account:http://bit.ly/2XKCtpF frustrates me a lot is that the hacker could do this, all in one day:A. Ask for my usernameB. Ask for a password requestC. Ask for a 2FA bypassD. Set a new withdrawal addressE. Withdraw $50 000 (and $20 000 more the next day)They haven't given me any information about the 2FA bypass, I have no clue why they allowed it.My SIM-card does still have network so I don't think my SIM-card was duplicated (which I've read have happened to others in the past in a similar situation).Suggestions to Kraken to increase the security in the future:Set up some flagging, if someone is asking for username and password, then maybe you shouldn't allow a 2FA bypass directly afterwards, especially if someone have a larger sum of money ( eg. $10 000 > ) on the account.Ability to voluntarily block any new withdrawal addresses, which only can be re-activated by ID verification (if that wouldn't make any sense for Kraken from a business perspective due to too much administration work, then charge a fee for the re-activation of new withdrawal addresses).Seriously reconsider how you're managing your 2FA system, while doing some research of what could have happened I read that Bitstamp require their users to do an ID-verification before the bypass (at least give users the ability to chose this, again at a fee if so be).What can you do and what should I have done in hindsight?Shouldn't have been stupid and kept it on the exchange, period (I if anyone should know this by now, I know.. I am a dummy, I admit it.). My reasoning was having quick access to trades in case of Tether collapse or other drastic movements, but this was a dumb risk. I simply should have put it in the bank and accept a few days waiting time.Only real solution is to not use exchanges, but I might have increased my security by using a dedicated e-mail address only for this... And especially avoiding Microsoft Outlook since their security does not seem to be the best.$70 000 is a lot of money, I still have a decent chunk of crypto and fiat. I'm doing fine financially so I can take this hit. But I had recently started planning to use a large chunk of these $70 000 or the whole amount to buy a local and set up a co-working business and/or rent out the local if the co-working business wouldn't take off. I don't think I'll be able to do that now, at least not the next few years unless I settle for a sub-optimal local.So now I'm suppose to start a new legal process to recover my lost funds, with a lot of time and worry, just like how the Mt.Gox situation was/still is.My hopes are close to zero of recovering this, unless Kraken takes some responsibility on their part.Wish me luck, the whole situation is just sad and honestly makes me depressed just thinking about it, one part of me just want to forget this and not think about it anymore.
Submitted June 14, 2019 at 06:41PM
No comments:
Post a Comment