XRP funds stolen from Kraken

[CrisSyd]

Hi all,

On the 13th of Oct 2018, someone managed to hack my account on Kraken and sent all my XRP (about 85,000) to a Binance wallet.

**** edit ****
I've previously reported here the details of the 2 transactions used by the hacker to move the coins, but I've decided to delete them from this post upon suggestion by the moderator
**** edit ****

I've contacted Binance support on the same day, and I got asked to provide more evidence before they would proceed locking that account, which I promptly did.
However, as of today, Binance support team is yet to provide a clear answer on where the XRP are. So far they've only reassured me that they are still working on my case in the attempt to track the stolen funds. Shouldn't they know if the coins are still on their exchange in the frozen account? At the beginning they mentioned the presence of funds in that account but they never specify how much. Now they are saying that they are trying to track the funds. If they locked the account with funds in there, I'm expecting them to be in possess of the funds but when I ask them precise questions at this regard, they never provide a clear answer.

Is anyone able to check where the funds might be if I provide the wallet address and destination tag of the hacker Binance account?
Can anyone from the Ripple team be in touch with Binance and check if they are in posses of the funds?

I've already contacted the local authorities in Italy, but maybe there is a more appropriate entity which can handle the case. Any suggestion is welcomed.

Unfortunately Kraken response was pretty useless as they refused to provide support of any kind.
Their level of security is quite low as I got several emails asking to approve withdrawal addresses I never triggered. These requests came from a different IP than my one, but Kraken failed to warn me.
Eventually I ended up approving the not legit XRP Binance wallet after the hacker was continuously cancelling the withdrawals I tried to submit against the correct address.
I hope more and more people can learn from my bad experience and avoid storing their crypto on Kraken.

Edited November 16, 2018 by CrisSyd

[Dario_o]

43 minutes ago, CrisSyd said:

Eventually I ended up approving the not legit XRP Binance wallet after the hacker was continuously cancelling the withdrawals I tried to submit against the correct address.

I'm sorry for the situation, hope you can recover your funds

BTW Could you please help me better understand this?

[Pablo]

This is terrible and I'm really sorry to hear what's happened. We keep warning people to take their coins off exchanges unless they are there for a good reason and a short period only so your situation is a reminder of why this warning is so important.

At this stage, you are relying on the goodwill of the 2 exchanges to track down the XRP and of course the police. I hope they can coordinate to return your XRP.

For now, can I suggest you keep your comments to yourself because you don't know who is watching this thread. I also recommend that you think carefully before posting your holdings, wallet address or transactions online and limit sharing that via DMs to trusted recipients who absolutely need to know.

Best of luck.

[CrisSyd]

Just now, Dario_o said:

I'm sorry for the situation, hope you can recover your funds

BTW Could you please help me better understand this?

Hi Dario, thanks a lot for your comments.

What happened was the following:
1. I started to note a strange activity on my Kraken account where my XRP got converted into BTC. This happened few times but I initially thought it could have been a bug of the exchange.
2. A couple of weeks later, the 13th of October, due to the repeated suspicious activity, I decided to move all my funds to Binance.
3. I submitted 2 small transactions to make sure the address and destination tag where correct. Both transactions went through successfully with no problem.
4. I then tried to transfer a much larger amount, but all attempts where immediately cancelled and I couldn't tell what was going on. Now I know the hacker was most luckily using an API to perform operations on my account.
5. After the 4th attempt of trying to send funds to Binance, I received an email from Kraken asking to confirm the wallet. I didn't need to do this for the first 2 transactions so I should have been suspicious of that email. But given the awkward situation, I was quite in a rush to proceed and I clicked on the link to approve the wallet.
6. Soon after, the 2 transactions I mentioned in my initial post, got triggered from my account.
7. I noticed the amount was not the one I've entered in the cancelled transactions, but I though the "buggy" exchange probably submitted them in replace of the cancelled ones.
8. But time went buy and after about 30 minutes, no funds arrived to my Binance account.
9. Here is where I realized I got hacked and I started to look for clues on what happened and where the crypto could have gone.
10. And when I looked at my spam folder, I noticed several wallet approval requests coming from Kraken in the past few days. Basically the hacker was hoping for me to click on any of them in order to transfer the funds on a different exchange.

I hope it's clearer now what happened. I didn't want to write all of this in the first place as I know it's a fair bit to go through.

I did read an article dated about 2 years ago, mentioning a similar issue where Kraken users complained the fact that Kraken itself stolen the funds, hence I'm warning people of that exchange. If I can find the link, I will post it here.

[CrisSyd]

1 minute ago, Pablo said:

This is terrible and I'm really sorry to hear what's happened. We keep warning people to take their coins off exchanges unless they are there for a good reason and a short period only so your situation is a reminder of why this warning is so important.

At this stage, you are relying on the goodwill of the 2 exchanges to track down the XRP and of course the police. I hope they can coordinate to return your XRP.

For now, can I suggest you keep your comments to yourself because you don't know who is watching this thread. I also recommend that you think carefully before posting your holdings, wallet address or transactions online and limit sharing that via DMs to trusted recipients who absolutely need to know.

Best of luck.

Thanks Pablo for your comments. I do appreciate your suggestions, however I haven't much to hide at this stage. I also wanted to disclose these sensitive info so hopefully someone can assist with valuable information.

[Pablo]

I think it's way too much info but I've unhidden the post on your request.

[CrisSyd]

11 minutes ago, Pablo said:

I think it's way too much info but I've unhidden the post on your request.

Thanks again Pablo. I will ask Binance to review my post in case they also think there are sensitive info I better not disclose.

[Guest]

1 hour ago, CrisSyd said:

I hope it's clearer now what happened. I didn't want to write all of this in the first place as I know it's a fair bit to go through.

Sorry, if I missed it in your post, but did you have 2FA activated for your accounts?

There are three different and unique 2FA possible at kraken. 1. login 2. Trade 3. Withdrawals.

If yes, has your phone left your possession at any point? If no, please immediately secure your account with 2FA.

[CrisSyd]

6 hours ago, fidgetspinner said:

Sorry, if I missed it in your post, but did you have 2FA activated for your accounts?

There are three different and unique 2FA possible at kraken. 1. login 2. Trade 3. Withdrawals.

If yes, has your phone left your possession at any point? If no, please immediately secure your account with 2FA.

I had 2FA but for login only

[NightJanitor]

You admit clicking to confirm the transactions when Kraken emailed you to ask.  I do not see how this is Kraken's fault.  Wish you luck.

[Gepster]

9 hours ago, CrisSyd said:

 Their level of security is quite low 

-Krakens level of security is actually quite high. You can set 2FA for almost any action, require email confirmation for new adresses and they are one of 3 exchanges that support U2f two factor authentication(!!).

Quote

I hope more and more people can learn from my bad experience and avoid storing their crypto on Kraken.

This should say exchanges instead of kraken.

 

Sorry for your loss and i hope Binance can be of service to you!

Edited November 16, 2018 by Gepster

[CrisSyd]

1 minute ago, NightJanitor said:

You admit clicking to confirm the transactions when Kraken emailed you to ask.  I do not see how this is Kraken's fault.  Wish you luck.

I was logged into my account at the same time as the hacker, hence Kraken should have warned me of it. When you log into Bittrex with a different IP, they always send you an email to confirm it's you. I'm not saying I'm not responsible as well by clicking on the link to confirm the wallet, but from Kraken there was no effort to prevent this, nor to provide support right after the XRP was stolen.

Moreover, the hacker had access to my account already because he managed to sell my XRP for BTC, and trigger new wallet approval emails.
He could have changed the email address as well (and approve new wallets) but he didn't do that. How strange is this?
Did he use an API which could perform only the first two operations but not change the email address?
Or was Kraken part of this operation, and by letting me confirm the new address, can now state it was my responsibility for the stolen funds?
Why Kraken didn't notify me of someone else logging into my account? I never received any email about this.
And how did the hacker gain access to my account while I had a 2FA on and I store all my PW on paper?

[CrisSyd]

3 minutes ago, Gepster said:

-Krakens level of security is actually quite high. You can set 2FA for almost any action, require email confirmation for new adresses and they are one of 3 exchanges that support U2f two factor authentication(!!).

This should say exchanges instead of kraken.

 

Sorry for your loss and i hope Binance can be of service to you!

Thanks for your comments.
Please refer to my reply to NightJanitor. I had a 2FA but apparently it didn't work. I might be wrong but I suspect an inside job.
And sure, all exchanges are insecure but I can only speak for my experience with Kraken in particular.

[Ripple-Stiltskin]

11 minutes ago, CrisSyd said:

Thanks for your comments.
Please refer to my reply to NightJanitor. I had a 2FA but apparently it didn't work. I might be wrong but I suspect an inside job.
And sure, all exchanges are insecure but I can only speak for my experience with Kraken in particular.

Was the GLS ( global lock settings) activated? 

[Gepster]

 

32 minutes ago, CrisSyd said:

And how did the hacker gain access to my account while I had a 2FA on and I store all my PW on paper?

Who has acces to that piece of paper ?