[Witness Talk] Change your keys and take care of security! [ENG/PL]

in blurt •  last year  (edited)

Recently, everyone has probably noticed a sharp drop in the blurt price on the Probit exchange.

The situation is not accidental. There was a theft of funds from the account of the well-known curator @R2cornell, which were transferred by the thief to the account: @richardman.

Screenshot_2023-12-04-13-42-35-62_572064f74bd5f9fa804b05334aa4f912.jpg

The account was reported to Probit and blocked, but unfortunately the thief had already withdrawn the funds.

This is over 240,000 blurts that were sent from the @R2cornell account to the probit exchange.

obraz.png

Due to this situation, @R2cornell unfortunately decided to resign from the curatorial project and is withdrawing the rest of the funds from his accounts, which is why further declines occurred after the theft.

It is not known how exactly the active key was leaked from the colonel's account. Steps have been taken to determine whether this could have been a vulnerability in the devices or network, but this is unlikely.

Other possible scenarios include a keylogger or other software used to extort data on one of the colonel's personal devices, or human error in giving the key to an unauthorized person.

Whatever the true scenario, we encourage users to take security issues in blockchain networks very seriously.

The network environment is a place where security is a matter of a programmer versus hacker arms race.

Most often, data loss occurs when the user allows himself to be approached by a hacker in some way.

  • Be sure to change your blurt keys if you haven't changed them yet after splitting from the Steem chain! If you have the same key here and here, no one can guarantee you that someone from the steem network will not use these keys here.
  • Never open links or emails of unknown origin.
  • Do not use suspicious applications.
  • Take serious care of the security of your operating system (antivirus programs, firewalls, etc.)
  • Do not store your keys on devices unless on encrypted disks or virtual drives. It's best to use brand new Ledgers to store keys.
  • Protect physical prints of your keys. A safe may sound like a joke to some people, but if you have larger funds, it's no joke ;) It also happens that someone from our close circle, aware that we have large funds in cryptocurrency accounts, can take advantage of a moment of our inattention to take a photo of our keys and use anonymity. networks to steal our funds.

Best regards and stay safe.

----- PL -----

Ostatnio zapewne każdy zauważył gwałtowne spadki ceny Blurta na giełdzie Probit.

Sytuacja nie jest przypadkowa. Doszło do kradzieży środków z konta znanego wszystkim kuratora @R2cornell które zostały przelane przez złodzieja na konto: @richardman.

Konto zostało zgłoszone do Probit i zablokowane jednak niestety złodziej zdążył już wycofać środki.

To ponad 200 tysięcy blurtów które zostały przesłane z konta @R2cornell na giełdę Probit.

@R2cornell z powodu tej sytuacji zdecydował się niestety zrezygnować z projektu kuratorskiego i wycofuje resztę środków ze swoich kont w związku z czym po kradzieży nastąpiły dalsze spadki.

Nie wiadomo jak dokładnie doszło do wycieku klucza aktywnego z konta pułkownika. Podjęte zostały kroki w celu ustalenia czy mogła to być jakaś luka w zabezpieczeniach frontendów lub sieci jest to mało prawdopodobne.

Inne możliwe scenariusze to keylogger lub też inne oprogramowanie słurzące do wyłudzania danych na którymś z osobistych urządzeń pułkownika, lub też błąd ludzki w udostępnieniu klucza osobie niepożądanej.

Jakikolwiek scenariusz jest prawdziwy, uczulamy użytkowników żeby do kwestii zabezpieczeń w sieciach blockchain podchodzili bardzo poważnie.

Środowisko sieci to miejsce w którym bezpieczeństwo jest kwestią wyścigu zbrojeń programista kontra haker.

Najczęściej z kolei i tak do utraty danych dochodzi w momęcie gdy użytkownik daje się w jakiś sposób podejść hakerowi.

  • Koniecznie zmieńcie swoje klucze blurt jeśli jeszcze tego nei zmieniliście po rozdzieleniu z łańcucha Steem! Jeśli macie ten sam klucz tu i tu nikt nie możę wam zagwarantować że ktoś z sieci steem nie wykorzysta tych kluczy tutaj.
  • Nigdy nie otwierajcie linków ani maili z nieznanego pochodzenia.
  • Nie korzystajcie z podejrzanych z aplikacji.
  • Dbajcie poważnie o zabezpieczenia swojego systemu operacyjnego ( programy antywirusowe firewalle etc)
  • Nie przechowujcie swoich kluczy na urządzeniach chyba ze na zaszyfrowanych dyskach lub wirtualnych napędach. Do przechowywania kluczy najlepiej używajcie fabrycznie nowych Ledgerów.
  • Chrońcie fizyczne wydruki swoich kluczy. Sejf dla niektórych może brzmieć jak żart ale jeśli dysponujesz większymi środkami to nie żart ;) Bywa i tak, że ktoś z naszego bliskiego otoczenia świadom tego że posiadamy duże środki na kontach kryptowalutowych, potrafi wykorzystać chwilę naszej nieuwagi aby zrobić zdjęcie naszych kluczy i wykorzystując anonimowość sieci wykraść nasze środki.

Pozdrawiam serdecznie i trzymajcie się bezpiecznie


Posted from https://blurtlatam.intinte.org

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE BLURT!
Sort Order:  
Loading...
  ·  last year  ·  

Shouldn't it be easy to trail where were the funds transfered to?

  ·  last year  ·  

It depends on how the thief secured himself. If he used VPNs and fake data and converted the funds into some cryptocurrency that cannot be traced, it will probably be difficult.

  ·  last year  ·  

But it had to move to a specific account as first hop, even if its exchange account it leaves a memo. I don't see anyway to steal without a trace.

  ·  last year  ·  

yes, but on a probit basis up to certain amounts you trade, you do not have to verify your account, so he could have provided false data


Posted from https://blurtlatam.intinte.org

  ·  last year  ·  

I've said it once. I said it twice. Ive said it 27373 times. I'll say it once more. And many at the top have looked at this as something bad.

BUT

you need to distribute your currency to different accounts so it is harder to be "hacked" and stolen. Big accounts are just targets. Distribute your wealth into many multiple accounts and waallaa. Hightened account security. So simple.


Posted from https://blurtlatam.intinte.org

  ·  last year  ·  

I would really really appreciate it , if you could say it, 273734 times.

Thank you very much for understanding...

...or does this counts as 273734 times?

In which case, can you make 273735 times..


Posted from https://blurtlatam.intinte.org

  ·  last year  ·  

I am skeptical, but I don't believe this! I mean what if, R2cornell got tired of Blurt and left. Oh if he really was robbed I'm so sorry. But there is something behind it. You don't know who to trust anymore. I wish you much success wherever you go! It's a lot of work to maintain a community !! ❤️‍🔥🥰

  ·  last year  ·  

yes i agree especially after this what @mariuszkarowski wrote here above.


Posted from https://blurtlatam.intinte.org

  ·  last year  ·  

Dlatego przestaję używać frontendów z kilku czynników również minimalizując grono odpowiedzialnych za projekt. A sam się przygotuje na nowy rok. Jak widzę to konto jest co jakiś czas aktywne i drenuje konta...?

  ·  last year  ·  

nie no ostatnio było aktywne 2 lata temu i były jakieś transfey ale nikt najwyraźniej albo nei zauwazył albo nie zgłaszał problemów albo też już nikt nie pamęta.


Posted from https://blurtlatam.intinte.org

  ·  last year  ·  

Oczywiście no jest kilka takich pasożytów z rodu steem jedni siedzą tu a drudzy na hiv dalej robią te same numery. Tego nie zmienimi i to nie tylko w tych sieciach. Tak samo, jak się chce, to znajdzie się daną osobę, bo prędzej czy później popełni błąd i wizyta co do metra wjazd z IT albo agresywnie z pałą:).

Patrz podrzucę w następnym poście perełki warte przeglądu na strefacrypto...

  ·  last year  ·  

A quick addition: richardman is one of many accounts belonging to a long-time scammer on Steem & Hive who usually uses fishing campaigns. When it's too good to be true, it's bound to be a scam! When there's a claim asking for your keys, it's obviously a scam...

So yes, having different keys for each blockchain is important! As a reminder, you can change your Blurt keys via BlurtWallet: https://blurtwallet.com/change_password

And when using a third-party application, dApp, bots or an open-source library, always check how the keys are managed (encryption).

  ·  last year  ·  

When it's too good to be true, it's bound to be a scam!

I see - Like getting paid to produce written AI content ? Or being paid to belong to a group, irrlevant of content quality ?
Who's the scammER, and who's the scamEE? )...it's very difficult to tell in DPoS structures, isnt it? lol


Posted from https://blurtlatam.intinte.org

  ·  last year  ·  

It's a sad situation to see moments like these. Whatever the reason is, everybody should take this as a precaution and resecure their funds.


Posted from https://blurtlatam.intinte.org

  ·  last year  ·   (edited)

Some of what I have read on what happened to me with the theft of Blurt from my @r2cornell account seems be trying to place blame on me. So be it.

Prior to this happening I was undelegating BP for some of my accounts and then sending the Blurt to my main accounts to power-up. My plan is that there would no longer be any delegating and each of my accounts being used for curating would have its own BP. The main aim was to have the 3 main curation accounts to have 1 million BP each and no delegations. @scilwa has not been used for curating for awhile so the power down at the time was to be moved to the other accounts.

I have no idea how the theft occurred. I think I read someone that insinuated it being an "inside job"... WTF! I thought my reputation was better than that.

I have been very careful not to place blame for what has happened on Blurt. The blame is on the damn thief, and no reflection on Blurt. I would appreciate the same courtesy.

I was very angry and yes after the theft I started powering down everything. I since slowed that process down. You will find a little of my planning in a post I just recently uploaded.

https://blurt.blog/r2cornell/@dsc-r2cornell/discontinuation-of-the-r2cornell-curation-project

I do not think I blamed anything on Blurt in this publication.

I would also like to point out that the price of Blurt has been dropping long before the theft took place. I know because I paid a lot for some of my Blurt. The price kept dropping. No one's fault as far as I can see. Just what was going on in the market. If the price has been dropping for sometime now, that means that there were other sellers all along. So please do not blame me for pushing the price down. I recently bought some Blurt on Probit because the price was too low, from other sellers.

I had my computer tech look things over on my computer. My main computer is server grade with security software to match. To be safe we changed security software. My tech in the 15 years he has been keeping my system and network up and running cannot figure out how my system could be hacked.

I feel like I am having to defend myself for some of what has been said about me...or in the least insinuating. I am now feeling I should not have discontinued the power-downs.

BTW prior to the theft my curators were still working, and I had no plans on making any other changes other than moving Blurt around. I paid a fee for those moves.

  ·  last year  ·   (edited)

sorry if you feel attacked. The whole situation results from the fact that you decided to withdraw the project right after the hack seemed a bit suspicious. This decision, whether you added any words or not, looks like a tacit statement that you think Blickchain Blurt is to blame and that you don't feel your funds are safe here.

You have been in the crypto environment for a long time and you have probably also noticed that some people in the world of finance and cryptocurrencies cannot be trusted because they say one thing and do another, or in the interest of one project they can ruin another.

No one is saying this is the case here, but you can't blame people for checking your transactions and wondering how true your words are, especially in the face of a decision that suggests there is something wrong with our blockchain.

@mariuszkarowski also has a large investment here and such an event also affects his wallet. And that's why I'm just wondering what the actual situation is.

Of course, it was not only your withdrawal that influenced the price drop. Most likely, the signal for some was a sudden whistling caused by the thief withdrawing his funds. But you must admit that recently, especially on the Hive engine, the situation looks like the screenshot below:

obraz.png

It's also very good that you're joining this discussion because, to be honest, there was no major comment from you in this situation, and if you think that the security breach could have actually occurred on Blurt's part and you have some theory as to how it happened, your cooperation would be appreciated. pages to help figure out how this happened.

Since I consider myself an honorable person, I personally believe that in such a situation, if it turned out to be the fault of Blockchain security, the community and the team should be willing to help refund at least part of the losses incurred as a sign of solidarity.

Especially since many authors here on Blurt owe you a lot because you supported them with your votes almost from the beginning.

For me personally, Blurt is a platform to which I decided to devote more heart than to its predecessors, because for me it is a better version of both predecessors, and it makes me sad to see one of the curators make such a decision.

So I hope that after this comment you will understand the reaction of some people.


Posted from https://blurtlatam.intinte.org

Tu post ha sido votado por @habloespanolweb3 ¡Continua creando este maravilloso contenido!

Logo azul comunidad (PNG) 200x200.png

Your post has been voted by @habloespanolweb3 Keep creating this wonderful content!


Post in our community!


Blurt (Curation account): https://blurt.blog/@habloespanolweb3
Read Cash (community): https://read.cash/c/hablo-espanol-6f6a
Telegram: https://t.me/habloespanol_web3
Twitter: https://twitter.com/habloespanolweb

  ·  last year  ·  

There are accounts on Blurt and Hive that are products of Steemit migrations.

The best way, as they say, is to change all the keys. Let each one be an independent account. This helps to increase security.

Changing passwords from time to time is also a measure that we must adopt. We need to keep our accounts safe. It is our effort, investment of time, and even money.

It is unfortunate what happens with R2cornell, it is a project that supports users on all 3 platforms. It is one of the few projects that have been able to do so.

  ·  last year  ·  

I am very sad to see this. But how can this happen? Because in this way data can be stolen from someone's account. thanks for shairng

  ·  last year  ·  

that is a good question.


Posted from https://blurtlatam.intinte.org

  ·  last year  ·  

This is a very serious case in blockchain, and requires attention from witnesses for the survival of the ecosystem from hackers ✌️

@saboin @outofthematrix @fervi @double-u @megadrive @tekraze @zahidsun @sagarkhotari88 @nelaxadre @imransodagar @randula @world-travel-pro @blurtconnect-ng

  ·  last year  ·  

yes, we will certainly continue to check this situation, although see what @mariuszkarowski found under this post, perhaps this whole situation was not a real hack at all, but a planned withdrawal action.

It's hard to say clearly. Blurt is based on well-proven and tested for years inherited from Steem, none of them sends keys anywhere or stores them. it only mediates in decrypting them from the blockchain when the owner's key is used, and everything happens on the computer owner's device.

The possibilities of stealing these keys through some loophole are, according to my knowledge, almost zero, unless the device we are using is compromised.


Posted from https://blurtlatam.intinte.org

  ·  last year  ·  

image

Hi @khrom, great news! Your content was selected by curators @nalexadre, @ten-years-before to receive a special curation from BeBlurt 🎉 Don't hesitate to upvote this comment as the curators will receive 80% of the rewards for their involvement.

You can support us by voting for our witness, our decentralized funding proposal, or through delegation. You're also welcome to join our Discord server 👉 https://discord.beblurt.com

image
*For a delegation of 45,000 BLURT 👉 https://beblurt.com/mydelegation/@beblurt

image
BeBlurt (Blurt frontend) 👉 https://beblurt.com
on IOS/Android 👉 https://beblurt.com/s/aMGBrg

  ·  last year  ·  

Thank you for sharing this information:

I would say just to complement the following:

-Change your passwords periodically, sometimes users go years without changing their passwords.

  • Establish a recovery account for emergency cases.
  ·  last year  ·  

Is it possible to set up a recovery account on blurt?
and how can it be done?

  ·  last year  ·  

yes, it is possible to set a person in the wallet settings who will allow us to recover passwords in case of emergency. This can also be your second account.

https://recovery.blurtwallet.com/


Posted from https://blurtlatam.intinte.org

  ·  last year  ·  

very sad incident. I really appreciate the team's hard work r2cornell. But thieves actually make them targets.

I want to know more about this case. Where is more detailed information?

Thank to @khrom for sharing this information.

  ·  last year  ·  

well some details are on public witness chat but this is all what i know myself. The rest goes on here under the post. It turns out that Mariusz found several inaccuracies in the colonel's statements


Posted from https://blurtlatam.intinte.org

  ·  last year  ·  

I forgot about the most important thing! All people who have not changed their Blurt keys after Steem fork should do so immediately.