what broker lets you withdraw all of your money including the profit ??
and which one has the best spreads?
every broker i every traded with and all brokers on our list unless they went scam
EDIT: every broker lets you withdraw all of your money including the profit unless they went scam
3 Likes
will do for sure
2 Likes
Yes of course.
3 Likes
Hey HyperScalper,
Is been a while after we communicated, and I just wanted to say thanks so much
for the feed backs you gave me last year on NJ4X before going overseas for an
activity. I want your opinion on NINJA 8 Future Platform Lifetime license with $.09
per Micro contract on commission. The lifetime is likable to me with good tools
innumerable - rich features plus multi-broker platform compared to other brokers.
They provide unlimited support, and you can start with $400 on future platform.
They offer free platform that includes needed key features in live trading.
Any feed back on the above comment?
I’m still learning on the rich features in the tutorials.
Thanks in advance and I look forward to seeing your reply ASAP.
In the distant past, I worked with futures, especially with calculating Order
Flow from the Time and Sales. But most of my clients blew their accounts,
as they were over-committed. So I morphed everything into Forex, synthesized
Time and Sales and calculated Order Flow, direction, etc… in Forex.
Then I realized that most Forex traders are failed flunkees from Futures, so
most of 'em have no money. Nevertheless, I then moved into Currency
Analytics, but merged that stuff with the Order Flow and Market Depth
prediction stuff. So the only thing I’d say is that for Futures contracts
where the underlying is Forex, I can help; but sorry I don’t know anything
about Ninja 8.
[EDIT] Got this ridiculous response from the forum software:
[EDIT2] got it to post by eliminating this:
Hope that helps 
but I know it doesn’t… 
[EDIT3] HA HA just saw that apparently I double-posted ???
Maybe my mouse needs de-bouncing…
hyperscalper
Hey HyperScalper,
Below is the tutorial on how to get started with the 8 version of the new software.
Thanks so much for the updates.
I was just a little spooked, as this is my first offshore account. But opened an account with them yesterday, all good so far.
1 Like
I’ve tried to apply ATAS to crypto to look at order flow and time and sales but the beta version stopped working or glitched on me. Ninja Trader was a very unsettling platform for me compared to meta trader. It’s prone to freezing up.
As a followup, COINEXX ABSOLUTELY REFUSES TO ACCEPT
RESPONSIBILITY FOR THE THEFT. I am so deeply committed
to Coinexx that, as a practical matter, I have to continue with them.
They have beefed up security procedures so, as they say,
“fingers crossed” ??? Crossed fingers help with security, right?
Also they don’t even have procedure to move from Google Authenticator
to the superior LastPass Authenticator for those of us who do not wish
to deal with Google identities or perhaps not even Android phones
with required Gapps on them !!! Maybe they’ll be able to
figure that one out ! Coinbase allows Authenticators to be
changed easily through the web portal, but not Coinexx.
Am I complaining? Well, yes, but I’m stuck with Coinexx so
don’t want to piss them off too much ! LOL 
[EDIT] the email in question was from the “secure” email at
ProtonMail. Perhaps the hackers “hacked” the ProtonMail
headers; at least that’s what Coinexx claims happened, since
there was no SENT email from the real account requesting
any total account withdrawal, and especially not to a BitCoin
address. Makes me so angry, but the fundamental mistake
was that a Key Logger snagged the Coinexx login credentials,
and from there, they were able to empty the 2 accounts. The
amount lost was close to $150 so no Big Deal, but it could
have been much much more…
hyperscalper
How did this process go for you? Does their echeck system also handle withdrawals? Thanks.
Given the circumstances, Coinexx is justified for not taking responsibility. They have done the right thing by increasing security measures, as well. Could they have credited the account anyways, and probably look good from a PR perspective…yes, but they could also open themselves up to abuse if word got out that they did that and were not responsible, then the PR backlash might even be worse when people start complaining about it. Better to establish firm rules early on and to not take responsibility for security measures that do not fall within their scope.
1 Like
So I am to believe that they sent a token to a ProtonMail email address,
which was intercepted (like a man in the middle attack; over email),
never having been received by the real email account,
and that the token was then used to verify and authorize a transfer
request which was also not sent by the real email account? Sure,
that makes sense…
This required them to transfer money to empty the account into a BTC wallet.
When their support people wouldn’t even talk to you, without first verifying
a token via email… Not having a criminal mind, I’m not going to think
about it any further, or just how it may have been done.
Could also just have been “an inside job”… Transmission ended.
hyperscalper
My reply was based on your previous post. I cannot fully comment on something that I do not know the specifics about. If the cause for the security breach was due to a key-logger, as you said, then Coinexx should not be responsible for that because a key-logger would most likely be hosted on the local machine. That is what my reply was based on. If that was not the case, then my response might be different.
Regarding your new post, the odds of an email being intercepted are highly unlikely.
The odds of an email account being hacked are very possible. Emails can be sent/received and then deleted from an account without the account holder knowing about it. ProtonMail is encrypted, so I cannot say with certainty that the system admins could even confirm that such correspondence even occurred or if there is any record of exchange on their servers.
The odds of an email being spoofed are very possible, also. For Coinexx to check and verify email header data is another matter. If the email was spoofed and Coinexx overlooked the discrepancy, then liability could fall on them…but that is not what you posted about.
In any case, everyone can learn from this; even the people that are not directly affected, that may read this thread.
An inside job would likely have not bothered taking such a risk on such a small account.
I am not taking sides, for what it’s worth, I am simply stating my opinion while trying to be objective.
2 Likes
SECURITY SUGGESTIONS AND PASSWORDS
For Windows users, a product called KeyScrambler or a similar
product is likely a good idea in an attempt to thwart Key Loggers.
This product encrypts key input across a range of browsers
automatically, especially user and password type fields.
Additionally, I’m adopting LastPass for password management but,
they also offer a “LastPass Authenticator” for 2FA (two factor
authentication via OTP) which is a drop-in
equivalent to the Google Authenticator OTP (One Time Password)
approach, with the additional advantage that it is backed up
to their secure cloud password vault. This authenticator
is integrated into LastPass password management,
so that user does not need to type the 6 digit code each time, etc.
I realize that these password managers are, in a sense, a single point
of failure, as everything depends upon access to the password vault.
Hoping this is not too far off-topic, but we are dealing with offshore
entities in which we are placing significant trust. The requirement
for secure 2FA (other than SMS or email) is increasingly critical.
It’s also prudent to keep only equity balances which are actually
necessary for trading leverage, and minimize excess funding.
hyperscalper
are you having trust issues with coinexx? at one point you suggest this could be a inside job should we be concern about coinexx
Yes, after a theft which breached their security procedures, I do
have “trust issues”. They have since beefed things up.
Yes, you should be concerned that these brokers enforce their
security policies, and do the “due diligence” to verify that they do…
I’ve already stated, I am so far committed that I need to stay
with Coinexx, since they are best overall. I hope this was an
isolated incident, and also my associates have been advised that
cyber security is a top priority, and can’t be neglected. The
theft of primary user/pass should not have been a disaster here,
but it was…
[EDIT] The associate this happened to is a “normal” computer user
and clearly a Key Logger was installed. S/he routinely installs
software that I would not personally install, and previously there
was an issue that I created an account for him/her on one of
my machines with admin privs. Then Microsoft Word was
installed, and then malware exploited a VBScript vulnerability,
and the entire computer was encrypted by ransomware.
S/he felt terrible about it, but you just can’t treat a business system
in the same way, especially when it is connected directly to the
internet, not in the same way as a “home computer”. Lessons learnt !!!
hyperscalper
1 Like
that’s why i suggest spreading your funds around to multiple brokers, i now keep 4 brokers with equal equity
1 Like
could a computer security like anit virus / malware detect and prevented what happen to your friend
Not always. AV/AM software are not built equally and new attacks and exploits are created and discovered all of the time. There are things that you can do to better-safeguard yourself, however. It is important that each person perform their own due diligence and employ effective safety measures. We live in a tech world and people need to be properly educated so that they can be better-protected.
I posted this link before, for generating strong usernames/passwords, but it contains a good overview of safe practices:
https://passwordsgenerator.net/
To prevent your passwords from being hacked by social engineering, brute force or dictionary attack method, and keep your online accounts safe, you should notice that:
Do not use the same password, security question and answer for multiple important accounts.
Use a password that has at least 16 characters, use at least one number, one uppercase letter, one lowercase letter and one special symbol.
Do not use the names of your families, friends or pets in your passwords.
Do not use postcodes, house numbers, phone numbers, birthdates, ID card numbers, social security numbers, and so on in your passwords.
Do not use any dictionary word in your passwords. Examples of strong passwords: ePYHc~dS*)8$+V-’ , qzRtC{6rXN3N\RgL , zbfUMZPE6`FC%)sZ. Examples of weak passwords: qwert12345, Gbt3fC79ZmMEFUFJ, 1234567890, 987654321, nortonpassword.
Do not use two or more similar passwords which most of their characters are same, for example, ilovefreshflowersMac, ilovefreshflowersDropBox, since if one of these passwords is stolen, then it means that all of these passwords are stolen.
Do not use something that can be cloned( but you can’t change ) as your passwords, such as your fingerprints.
Do not let your Web browsers( FireFox, Chrome, Safari, Opera, IE ) to store your passwords, since all passwords saved in Web browsers can be revealed easily.
Do not log in to important accounts on the computers of others, or when connected to a public Wi-Fi hotspot, Tor, free VPN or web proxy.
Do not send sensitive information online via unencrypted( e.g. HTTP or FTP ) connections, because messages in these connections can be sniffed with very little effort. You should use encrypted connections such as HTTPS, SFTP, FTPS, SMTPS, IPSec whenever possible.
When travelling, you can encrypt your Internet connections before they leave your laptop, tablet, mobile phone or router. For example, you can set up a private VPN( with MS-CHAP v2 or stronger protocols ) on your own server( home computer, dedicated server or VPS ) and connect to it. Alternatively, you can set up an encrypted SSH tunnel between your router and your home computer( or a remote server of your own ) with PuTTY and connect your programs( e.g. FireFox ) to PuTTY. Then even if somebody captures your data as it is transmitted between your device( e.g. laptop, iPhone, iPad ) and your server with a packet sniffer, they’ll won’t be able to steal your data and passwords from the encrypted streaming data.
How secure is my password? Perhaps you believe that your passwords are very strong, difficult to hack. But if a hacker has stolen your username and the MD5 hash value of your password from a company’s server, and the rainbow table of the hacker contains this MD5 hash, then your password will be cracked quickly.
To check the strength of your passwords and know whether they’re inside the popular rainbow tables, you can convert your passwords to MD5 hashes on a MD5 hash generator, then decrypt your passwords by submitting these hashes to an online MD5 decryption service. For instance, your password is “0123456789A”, using the brute-force method, it may take a computer almost one year to crack your password, but if you decrypt it by submitting its MD5 hash( C8E7279CD035B23BB9C0F1F954DFF5B3 ) to a MD5 decryption website, how long will it take to crack it? You can perform the test yourself.It’s recommended to change your passwords every 10 weeks.
It’s recommended that you remember a few master passwords, store other passwords in a plain text file and encrypt this file with 7-Zip, GPG or a disk encryption software such as BitLocker, or manage your passwords with a password management software.
Encrypt and backup your passwords to different locations, then if you lost access to your computer or account, you can retrieve your passwords back quickly.
Turn on 2-step authentication whenever possible.
Do not store your critical passwords in the cloud.
Access important websites( e.g. Paypal ) from bookmarks directly, otherwise please check its domain name carefully, it’s a good idea to check the popularity of a website with Alexa toolbar to ensure that it’s not a phishing site before entering your password.
Protect your computer with firewall and antivirus software, block all incoming connections and all unnecessary outgoing connections with the firewall. Download software from reputable sites only, and verify the MD5 / SHA1 / SHA256 checksum or GPG signature of the installation package whenever possible.
Keep the operating systems( e.g. Windows 7, Windows 10, Mac OS X, iOS, Linux ) and Web browsers( e.g. FireFox, Chrome, IE, Microsoft Edge ) of your devices( e.g. Windows PC, Mac PC, iPhone, iPad, Android tablet ) up-to-date by installing the latest security update.
If there are important files on your computer, and it can be accessed by others, check if there are hardware keyloggers( e.g. wireless keyboard sniffer ), software keyloggers and hidden cameras when you feel it’s necessary.
If there are WIFI routers in your home, then it’s possible to know the passwords you typed( in your neighbor’s house ) by detecting the gestures of your fingers and hands, since the WIFI signal they received will change when you move your fingers and hands. You can use an on-screen keyboard to type your passwords in such cases, it would be more secure if this virtual keyboard( or soft keyboard ) changes layouts every time.
Lock your computer and mobile phone when you leave them.
Encrypt the entire hard drive with LUKS or similar tools before putting important files on it, and destroy the hard drive of your old devices physically if it’s necessary.
Access important websites in private or incognito mode, or use one Web browser to access important websites, use another one to access other sites. Or access unimportant websites and install new software inside a virtual machine created with VMware, VirtualBox or Parallels.
Use at least 3 different email addresses, use the first one to receive emails from important sites and Apps, such as Paypal and Amazon, use the second one to receive emails from unimportant sites and Apps, use the third one( from a different email provider, such as Outlook and GMail ) to receive your password-reset email when the first one( e.g. Yahoo Mail ) is hacked.
Use at least 2 differnet phone numbers, do NOT tell others the phone number which you use to receive text messages of the verification codes.
Do not click the link in an email or SMS message, do not reset your passwords by clicking them, except that you know these messages are not fake.
Do not tell your passwords to anybody in the email.
It’s possible that one of the software or App you downloaded or updated has been modified by hackers, you can avoid this problem by not installing this software or App at the first time, except that it’s published to fix security holes. You can use Web based apps instead, which are more secure and portable.
Be careful when using online paste tools and screen capture tools, do not let them to upload your passwords to the cloud.
If you’re a webmaster, do not store the users passwords, security questions and answers as plain text in the database, you should store the salted ( SHA1, SHA256 or SHA512 )hash values of of these strings instead. It’s recommended to generate a unique random salt string for each user. In addition, it’s a good idea to log the user’s device information( e.g. OS version, screen resolution, etc. ) and save the salted hash values of them, then when he/she try to login with the correct password but his/her device information does NOT match the previous saved one, let this user to verify his/her identity by entering another verification code sent via SMS or email.
If you are a software developer, you should publish the update package signed with a private key using GnuPG, and verify the signature of it with the public key published previously.
To keep your online business safe, you should register a domain name of your own, and set up an email account with this domain name, then you’ll not lose your email account and all your contacts, since your can host your mail server anywhere, your email account can’t be disabled by the email provider.
If an online shopping site only allows to make payment with credit cards, then you should use a virtual credit card instead.
Close your web browser when you leave your computer, otherwise the cookies can be intercepted with a small USB device easily, making it possible to bypass two-step verification and log into your account with stolen cookies on other computers.
Distrust and remove bad SSL certificates from your Web browser, otherwise you will NOT be able to ensure the confidentiality and integrity of the HTTPS connections which use these certificates.
Encrypt the entire system partition, otherwise please disable the pagefile and hibernation functions, since it’s possible to find your important documents in the pagefile.sys and hiberfil.sys files.
To prevent brute force login attacks to your dedicated servers, VPS servers or cloud servers, you can install an intrusion detection and prevention software such as LFD( Login Failure Daemon ) or Fail2Ban.
2 Likes