THis is a follow up post from the following https://www.reddit.com/r/CryptoCurrency/comments/qedj6t/kucoin_is_using_cloudflare_to_deny_website_access/
First and foremost Reddit thank you for hearing me out. u/johnny_kucoin Has responded to my post and I have also followed up.
I am going to share all the details with you as I am not going to censor them to paint a picture for myself.
For what it’s worth. I want to be wrong, and I love Kucoin. I feel betrayed by their actions and I tried to give them every chance to explain their actions. This resulted in me finally bringing my concerns to their own subreddit and they insta banned me ending a 2-month debacle of inquiries.
On a positive note, they have since lifted my ban on r/kucoin since the post blew up a bit
I think it’s important to hear out Kucoin and the team. this is not a witch hunt.
They dont ever address the issues.
Cloud flare is an industry tool and the most widely used Edge Network service. Under normal circumstances it is great, but like any tool, it can be weaponized
I do believe this is what’s happening here.
It seems they want to talk about how everyone uses Cloudflare and how much they spend on AWS (amazon)
I do know for a fact other exchanges do the same thing, and if and when it comes up I will do the exact same thing to those exchanges but only when I have sufficient material to present.
Additionally, Johnny Lyu says he doesn’t know why I got banned but guesses “maybe spamming?”
If he went and looked at my post history for 34 seconds he would know that is very much not true.
Here is his PM to ME as follows:
Noted. Will discuss with the team
Also, noticed on the post you created. Here’s our response FYI
Thanks for raising your question about KuCoin. As the People’s Exchange, we always pursue user satisfaction. Regarding the issues you mentioned, we are very willing to discuss them openly and transparently.
Firstly, Cloudflare is a world-renowned CDN solution. As you said, one of its main functions is to prevent DDoS attacks, which is also our main purpose for deploying it. Currently, almost all major exchanges are working closely with Cloudflare.
All exchanges have applied an access frequency limit through Cloudflare to ensure the stability of their services. Once the limit has been surpassed, denial of website access may occur. When setting the limit, we discussed thoroughly with high-frequency traders, like API traders, for instance, before concluding on the limit. We believe that in most cases, the frequency limit will not affect our users. But it is possible that, when there’s a big price move or someone visits the site too frequently, 504 pages may still appear due to the limitation. We have been working on improving this for a while, and if you encountered such an issue, we would appreciate it if you could share the RAY ID from the 504 pages with our support team so that we can better solve the problem. Thank you.
Secondly, regarding the AWS server, KuCoin invests a lot in IT infrastructure and network security. Compared with other exchanges of our size and scale, our investment in AWS servers is almost twice as much as theirs. And we will continue to invest in this sector as we know this is one of the fundamentals of our services.
In fact, as a platform, we care about usability and stability more than anyone else. The access issue will not only impact KuCoin’s revenue but also affect user experience. As a platform dedicated to building itself and the industry for the long term, we know that reputation is everything. We hope that all users can trade with KuCoin easily and pleasantly, achieve their investment goals, and even improve their lives. As a neutral platform, we do not profit from users’ liquidation. Therefore, we are constantly introducing new functions and educating users to help them manage their futures positions properly and reduce the risk of liquidation.
Having noticed that you’ve been banned in the KuCoin Subreddit, I am checking with the team for the reason, but our current guess is due to spamming. We have unbanned your account. All opinions are welcomed in our community, no matter if they are positive or negative. We are very sorry for the inconvenience. As for the Moderator List you claimed that we made private, actually we didn’t change any setting on that. It’s likely because banned users cannot see it. Please check again since you are now unbanned.
Since its establishment in 2017, we have experienced many ups and downs, but KuCoin always believes in the future of crypto. So, we will continue to invest in our system and strive to provide users with a better experience. I apologize again for the inconvenience. If you have any questions about KuCoin, our 24/7 customer support will always be there to help you out. If you are unhappy with their services, you can also DM me at any time, and I am very happy to help you. Thank you.
Here is my response
I am going to post this publicly so here is the TLDR summary
You are running a business that solely functions on the web, and do a self proclaimed 1 billion in transactions a day.
Your website, API’s, and app servers are going down and still processing orders on the backend
Your website is not failing over
There is ZERO fail safe or kill switch that cancels orders or suspends trades when the servers go down despite this being common industry practice)
When the website does not fail over by design
Cloudflare is being weaponized to deny access to the web server rather than failing over to a redundant gateway/ web server.
Kucoin is knowing taking funds and keeping them when this happens
All retail traders are sent to an endless customer service feedback look that gives them literally no resolution
You can elect to fix these issues and go back and actually settle all the funds that were literally stolen by Kucoin. Subsequently you can fix your technical architecture.
Anything less than this and you are playing politics and the community will see ZERO action on this matter.
The extended answer to your response is as follows:
The one thing I will accuse you of publicly Johnny is being disingenuous. Let’s stop the politics and get on with the resolution.
It’s sad that it took my subreddit post on r/Cryptocurrecy getting to the top of the subreddit for you to acknowledge the issue.
It’s frankly disturbing I was instantly censored for publicly speaking up on this matter on r/kucoin. I was not banned for “spam,” I am happy to review everyone of my posts with you to prove this.
I am not the only one that has been censored, there is a pattern of behavior surrounding Kucoins social media management to ban any counter perspective if it has weight.
On to the technical portion:
Everyone uses Cloudflare in almost every industry. It’s good that you are using Cloudflare.
In your situation Cloudflare is not innocuous; it has been weaponized. Your Cloudflare settings and policy are such that it does not fail over to redundant infrastructure but treats retail traders as if they are doing a DDOS attack and denying access.
Why is Cloudflare denying access under Kucoins settings and policies? Liquidations are happening while people are still exhibiting and practising proper risk management protocols.
In our instance on September 7th we were intermittently denied access for 5 hours.
Cloudflare either accelerates or decelerates requests to recover or improve application and or web performance.
Cloudflare has the option to failover to redundant website gateways should your peak loads exceed their capability. For enterprise level websites such as Kucoin this is combined with a Ge load balancer that balances user loads to different gateways based of the users source IP and a ton of other policies that get add in in (these are too numerous to document here, I am happy to defer anyone to whitepapers on the matter).
In Kucoins instance they have consciously opted to not fail over website gateways. This means that users are being denied access as the only other viable option when your gateway goes down
To say everyone uses cloudflare as we do is also disingenuous.
For lack of a better metaphor, if you swing a hammer (Cloudflare) and hit some patrons, you can’t turn to the crowd and say “hey folks it’s just a hammer (Cloudflare)…. Everyone has one.”
To mention your Amazon AWS spend is also disingenuous:
By virtue of the fact you’re not opting for a failover gateway and geo load balancing but still processing trades that result in liquidation while retail investors get locked out of their accounts is not ok.
Your IT spend is irrelevant.
You have a fiduciary duty and the trust of the community to tend to their funds and respect their trades. This trust is being violated and repainted as “an IT outage and then blame shifting to the retail trader themselves saying they need to exhibit better risk management.”
You don’t get to lock people out of their house for several hours and subsequently burn the house to the ground and blame shift telling them to act more responsibly.
You have ZERO plausible deniability here!
I brought this to your attention personally as I also did with your help desk and our customer Rep Zoe.
Cloudflare and outages are keeping people from accessing their account. Their money is being taken, and Helpdesk sends them to an endless loop with no path of escalation. No one is getting their funds or crypto actually restored after an outage to the point previous to that very outage. Cloudflare is denying access rather than deferring to other gateways to handle the load.
This is by design, there is no plausible deniability as I have personally brought this to your attention as well as the help desk. Since that time there have been no less than 5-10 more outages resulting in more losses by the community.
You have 2 options on how to fix this issue (both of which should be implemented tied together)
Again, you would still do both to protect the people
Kucoin has consciously made a choice to do neither after I repeatedly brought this up.
I repeat for emphasis here “You have no plausible deniability.”
This puts Kucoin on par with Robinhood the app on how they removed AMC, GME, and Dogecoin buy/ sell functionality to benefit the exchanges needs.
This is an old playbook that predates the Great Depression when banks would lock their doors so customers could not get to their funds for withdrawal to stop a run on the bank.
You are locking your doors via Cloud Flare and server outages stopping us from getting access to our property and breaching fiduciary duty in doing so.
I don’t have data proving you have a liquidity issue but your behavior emulates the same issues demonstrated for literally hundreds of years.
Fix this shit immediately!
You can spend all the money on Amazon ( AWS) you want. It doesnt change the fact that your infrastructure prohibits people from accessing their account in times of need. You are locking the doors, stopping people, while putting Kucoin’s interests first
They are liquidated even when they follow proper risk management protocol. They are left powerless, and have no path of engagement to rectify the situation. IF it gets to you, you don’t ever actually fix the situation but send every person back down the ladder.
Ask our account Rep Zoe. The person you personally directed us to, and did not deal with our issue either. We have been having this conversation for 2 months!
The situations are not rectified.
I am happy to post all of my emails and telegram messages to back up what I am saying here right now.
Your website could absolutely fail over to a redundant gateway and take on the concurrent load, but it doesn’t do that by design (literally). If you can’t handle the load then you need to have a kill switch that pauses all trading activity no different than the HKex, CME, and other major exchanges.
Please referring to these links for reference
Anything less is a breach of fiduciary duty of Kucoin and you as an individual, and frankly spitting in the face of everyone who believed you and trusted you.
These are all measures that I brought to your and your team’s attention. No action was taken but repeated outages have happened.
I am calling bullshit that you don’t know the exchange is going down and that you don’t know that people’s funds are not getting restored.
I can post my messages with you and all the team right now to back up what I am saying.
The fact stands your website goes down and you knowingly take peoples money. It’s never restored and they are sent to an endless loop of customer service until they submit the stolen funds to you.
There is no kill switch and your website does not failover. The OTC desk still processes Institutional orders ( whales) while putting the people of the “peoples exchange” on the menu for harvesting.
The only reason you are responding to me and lifting my ban from Kucoins subreddit is the “people” pulled together and put your company’s reputation on the line.
That being said, you have an opportunity to right the situation at this very moment.
I will ask everyone to present their case and we publicly resolve these issues.
If your exchange can’t handle the load all leveraged trades should be auto-cancelled without penalty and margin debt clocks are suspended with a path to restoration. Anything less than this and your words are mere words and not actions aka playing politics.
It’s a de facto response from any broker/ exchange in a liquidity crisis to remove the buy/sell buttons or turn down the servers removing retail investor access.
Your website is removing retail access while still processing transactions and taking the hard earned funds of the community. No matter what you say this is the reality. It’s calculated, it’s methodical, and those funds are not being restored for more than 0.5% in a settlement best case scenario. The vast majority of users never have their funds restored.
Retail investors are literally being harvested by Kucoin.
This post is only round one of the screen shots, videos, scans and logs we have.
This is a point brought up several times on Reddit!
You are doing so with no failover or kill switch and exposing people to imminent risk and not informing them of your shody IT practices.
Yet when your website goes down it brings the API server and application server for the app down as well but you still manage to process orders on the back end via the OTC desk. To typically engage with an OTC desk the threshold is often 5 million to 35 million in assets.
So you are liquidating the little guy while providing white glove concierge service to whales.
I am calling you out on the carpet here and now asking you to do what you said you would do and repay those affected.
Subsequently fix your shit!
Lastly I want you to publicly answer one question
“Why did you remove the liquidation price from margin contracts and increase the liquidation risk of all retail traders??
********If you do not answer this question directly, I will publicly repeat it until you do.****
You are taking away traders ability to manage risk and then accusing those same people of not managing risk when you liquidate them in an outage.
I am happy to keep sharing with the community what info I have on your environment and business practices “if Kucoin does not exercise proper risk management” and proper fiduciary duties.
This is round 1
Johnny Lyu the ball is in your court and the whole world is watching.
Here is a screen shot of your debt clock that liquidates people.
We are liquidated at 97%
Here is another angle
The margin debt clock jumps sporadically. It may liquidate you via a bug
Your team removed the margin liquidation reference price
here is a thread. I would really like to know why the liquidation reference price was removed. It would make
Your users were not happy this was removed
I am sorry but it makes no sense to remove the margin liquidation reference price
here is some great reading/
The following text was taken from the article headers3 Things to Know About BTC Futures and Crypto Exchange Liquidation Engines
Some Bitcoin derivatives exchanges profit massively from position liquidations but traders can avoid this by actively managing stop-losses.