"When Wells Fargo claims that Bitcoin and other cryptocurrencies are risky and volatile, it may be forgetting its prominent and infamous role during the 2008-2009 financial crisis, when markets collapsed. As a result, millions lost their homes, and millions lost their jobs, producing economic mayhem all over the world.
But astonishingly, although Wells Fargo was a contributor to one of the largest-ever financial crises, and after a series of financial scandals, U.S. taxpayers had to bail out the bank."
Hilarious. So, banks are deciding what we cannot do with our own money. The same banks that we bailed out during the financial crisis back in 2008.
In the distant past, I worked with futures, especially with calculating Order
Flow from the Time and Sales. But most of my clients blew their accounts,
as they were over-committed. So I morphed everything into Forex, synthesized
Time and Sales and calculated Order Flow, direction, etcā¦ in Forex.
Then I realized that most Forex traders are failed flunkees from Futures, so
most of 'em have no money. Nevertheless, I then moved into Currency
Analytics, but merged that stuff with the Order Flow and Market Depth
prediction stuff. So the only thing Iād say is that for Futures contracts
where the underlying is Forex, I can help; but sorry I donāt know anything
about Ninja 8.
[EDIT] Got this ridiculous response from the forum software:
Iāve tried to apply ATAS to crypto to look at order flow and time and sales but the beta version stopped working or glitched on me. Ninja Trader was a very unsettling platform for me compared to meta trader. Itās prone to freezing up.
As a followup, COINEXX ABSOLUTELY REFUSES TO ACCEPT
RESPONSIBILITY FOR THE THEFT. I am so deeply committed
to Coinexx that, as a practical matter, I have to continue with them.
They have beefed up security procedures so, as they say,
āfingers crossedā ??? Crossed fingers help with security, right?
Also they donāt even have procedure to move from Google Authenticator
to the superior LastPass Authenticator for those of us who do not wish
to deal with Google identities or perhaps not even Android phones
with required Gapps on them !!! Maybe theyāll be able to
figure that one out ! Coinbase allows Authenticators to be
changed easily through the web portal, but not Coinexx.
Am I complaining? Well, yes, but Iām stuck with Coinexx so
donāt want to piss them off too much ! LOL
[EDIT] the email in question was from the āsecureā email at
ProtonMail. Perhaps the hackers āhackedā the ProtonMail
headers; at least thatās what Coinexx claims happened, since
there was no SENT email from the real account requesting
any total account withdrawal, and especially not to a BitCoin
address. Makes me so angry, but the fundamental mistake
was that a Key Logger snagged the Coinexx login credentials,
and from there, they were able to empty the 2 accounts. The
amount lost was close to $150 so no Big Deal, but it could
have been much much moreā¦
Given the circumstances, Coinexx is justified for not taking responsibility. They have done the right thing by increasing security measures, as well. Could they have credited the account anyways, and probably look good from a PR perspectiveā¦yes, but they could also open themselves up to abuse if word got out that they did that and were not responsible, then the PR backlash might even be worse when people start complaining about it. Better to establish firm rules early on and to not take responsibility for security measures that do not fall within their scope.
So I am to believe that they sent a token to a ProtonMail email address,
which was intercepted (like a man in the middle attack; over email),
never having been received by the real email account,
and that the token was then used to verify and authorize a transfer
request which was also not sent by the real email account? Sure,
that makes senseā¦
This required them to transfer money to empty the account into a BTC wallet.
When their support people wouldnāt even talk to you, without first verifying
a token via emailā¦ Not having a criminal mind, Iām not going to think
about it any further, or just how it may have been done.
Could also just have been āan inside jobāā¦ Transmission ended.
My reply was based on your previous post. I cannot fully comment on something that I do not know the specifics about. If the cause for the security breach was due to a key-logger, as you said, then Coinexx should not be responsible for that because a key-logger would most likely be hosted on the local machine. That is what my reply was based on. If that was not the case, then my response might be different.
Regarding your new post, the odds of an email being intercepted are highly unlikely.
The odds of an email account being hacked are very possible. Emails can be sent/received and then deleted from an account without the account holder knowing about it. ProtonMail is encrypted, so I cannot say with certainty that the system admins could even confirm that such correspondence even occurred or if there is any record of exchange on their servers.
The odds of an email being spoofed are very possible, also. For Coinexx to check and verify email header data is another matter. If the email was spoofed and Coinexx overlooked the discrepancy, then liability could fall on themā¦but that is not what you posted about.
In any case, everyone can learn from this; even the people that are not directly affected, that may read this thread.
An inside job would likely have not bothered taking such a risk on such a small account.
I am not taking sides, for what itās worth, I am simply stating my opinion while trying to be objective.
For Windows users, a product called KeyScrambler or a similar
product is likely a good idea in an attempt to thwart Key Loggers.
This product encrypts key input across a range of browsers
automatically, especially user and password type fields.
Additionally, Iām adopting LastPass for password management but,
they also offer a āLastPass Authenticatorā for 2FA (two factor
authentication via OTP) which is a drop-in
equivalent to the Google Authenticator OTP (One Time Password)
approach, with the additional advantage that it is backed up
to their secure cloud password vault. This authenticator
is integrated into LastPass password management,
so that user does not need to type the 6 digit code each time, etc.
I realize that these password managers are, in a sense, a single point
of failure, as everything depends upon access to the password vault.
Hoping this is not too far off-topic, but we are dealing with offshore
entities in which we are placing significant trust. The requirement
for secure 2FA (other than SMS or email) is increasingly critical.
Itās also prudent to keep only equity balances which are actually
necessary for trading leverage, and minimize excess funding.
Yes, after a theft which breached their security procedures, I do
have ātrust issuesā. They have since beefed things up.
Yes, you should be concerned that these brokers enforce their
security policies, and do the ādue diligenceā to verify that they doā¦
Iāve already stated, I am so far committed that I need to stay
with Coinexx, since they are best overall. I hope this was an
isolated incident, and also my associates have been advised that
cyber security is a top priority, and canāt be neglected. The
theft of primary user/pass should not have been a disaster here,
but it wasā¦
[EDIT] The associate this happened to is a ānormalā computer user
and clearly a Key Logger was installed. S/he routinely installs
software that I would not personally install, and previously there
was an issue that I created an account for him/her on one of
my machines with admin privs. Then Microsoft Word was
installed, and then malware exploited a VBScript vulnerability,
and the entire computer was encrypted by ransomware.
S/he felt terrible about it, but you just canāt treat a business system
in the same way, especially when it is connected directly to the
internet, not in the same way as a āhome computerā. Lessons learnt !!!
but I know it doesnātā¦ 
