(if you read the transcript, this fool didn't even enable it after the loss)
Is he a fool? His account was cleaned out.
Very much agreed.
What are you agreeing too Ukyo? A refund to the op?
He was calling him a fool because after the cleanout, the user still refused to enable 2factor.
I am agreeing to a code revamp and update with more enhanced security options and features which we started a few weeks ago when this problem with transfers was fixed requiring google 2-factor authentication. Without 2-factor, anyone can claim "I was hacked! It was a bad website, it was a trojan, a virus loaded pages and grabbed a per-page generated code and did everything!"
Unfortunately there is so much fraud and so many fraudsters when it comes to bitcoin, that we cannot accept that as an answer since there is no proof otherwise.
This is why we have adopted the 2-factor requirement. We are looking to add additional options such as optional pins (That can easily be recorded one time by a trojan though), yubikeys, and other new technologies.
-Ukyo
Am I the only one finding your excuse for not refunding victims here a little disingenuous?
The 'htemp' hack has been documented by many people, and the root cause was a clear defect in your security model. But you won't own up to the failure because somebody might pretend to be hacked? You have a clear trail for anyone who had funds transferred to the 'htemp' account.
I don't see how you can justify not compensating victims in this case. Considering the huge fees you are collecting on trades you should take a day's income and make your mistake right for the victims. If you want to require 2FA for compensation in the future, that is a different matter.