I also found it strange that the only active account that was attacked was blurthispano. This account was created with a third party service. The good thing about it all was that thanks to that we became aware of it, alerts were raised and the whole community was informed to change their passwords and be on the lookout for any suspicious activity.
Thank you for multiplying the information to reach more people. Greetings dear.
This account was created with a third party service.
It would be logical then to conclude that the person who owns the many dormant accounts either also owned the third party service, or is connected with it in some manner. The amount of games and acting that takes place among some of the initial miners of Steem who went on to be the power accounts at Hive are renowned for role playing. Given the hostilities some of them have exhibited towards both Blurt and the founders it isn't so farfetched to see such a maneuver as a possibility.
Given they didn't change the keys to access the stake through power down it's also likely they meant this more as a "gotcha, look what we can do" than to actually destroy the account. They say criminals often return to the scene of a crime, and I suspect that's so they can admire their handiwork. In this case perhaps they needed folks to understand how they had gotten over with their account creation service. Hopefully everyone who has used such services will now change their passwords, and this will serve as a warning for any who use this service in the future to do so immediately as well as check if there is another account set for reclaiming ones account so they don't use that method to take over accounts.
There are always execptics who think they are right, after the publication in the morning hours some users have told me that the problem is Blurt and that it is unthinkable that an infrastructure like Hive allows the theft of passwords. The irony is that this has been going on for months and people still don't know it. I attach the link of the account active today and stealing funds without anyone being able to stop it.
It seems as I mentioned this has to be originating from somewhere at Hive. The confusing part for me is how they accessed the blurthispano account, unless it also operates on Hive. All other accounts I looked at have never been used since they were created at the fork. This rules out individuals getting hacked, or a hack at the point of log in and had to most likely occur from either the Steem or Hive points, as the keys were identical to Steem keys, and could be so for Hive as well if the accounts in question never changed them there after the Hive fork.
I tried just now using the db database to see if I could try matching the wallet ID for Binance to someone who could be behind it, but unfortunately that part of the tool no longer works. Chances are that whomever is doing this created a new Binance account, but maybe they were careless and used that before with an account they wouldn't want tied to this hack.
I think more of a service implemented on the blockchain, we must remember that both chains existed developers who for various reasons are no longer around. Without alluding to any in particular I can say that at some point we had referral services, link for the creation of accounts, among other . much source code that is still in possession of the attacker and by that method seeks to extract the funds. With respect to the passwords we are 3 chains that use the same technology, at least two of them share some source code and from there we can imagine that there is something that helps the attacker.
Hackers and scammers are harmful to any platform. I was attacked by a hacker a long time ago, but I did not suffer any loss.
We have to be more careful...
I think most of us have been hacked at one time or another as well. Yes, we all must be careful and when we see this happening act quickly to warn the rest of the community to try mitigating the damage.
Hi, there are many more apps on Hive and Steem, some of the user keys are the same on all three chains, so if compromised by phishing on one chain, all chains can be compromised.
Thank you so much for weighing in so quickly. I have a little more time so can expand my thoughts on this.
Based on the dormancy of almost all of the accounts, I would have leaned towards there likely being no hack at all. I know at the beginning of Steem there were many who ninja mined who created thousands of accounts. Who also then continued to create many more accounts. In fact, one of the original miners who was the cause of much misery there was once caught having a flag war with himself some time after the said flag war was over. He grew careless and performed actions tying the two accounts together.
So based on the fact most of the accounts transferring from Blurt are dormant would suggest the possibility that they al could have the same owner who is taking the time to cash them out now, or place them into a new account for the snapshot in an account that won't have the stigma of being dormant.
The part that nags at me is the blurthispano account. It doesn't exist anywhere but here. Not on Steem, not on Hive. This changes things a little.
Before I proceed I wish to state for yourself and any reading this that I don't believe there is a security hole in Blurt itself. The hole would then have to exist at Steem and Hive most likely and have been exploited and discovered long ago.
However, I do believe that it's possible that a third party app, such as the many different front ends we've seen as well as other third party services could be a possible culprit. By possibly recording this data through login. It makes it difficult to narrow down not knowing the systems employed by the blurthispano account.
Because of the impossibility of knowing just how exactly the keys were copied from blurthispano, leaving open the possibility of one of our now defunct third party front ends as the culprit, it just makes good sense for safety reasons that the community change their keys and eliminate any of those potential sources of this issue to have any further power.
One last thought on the blurthispano account. It has a decent amount of stake powered up. The fact that the entire set of keys weren't changed suggests as well that the hacker didn't have possession of the master key, or those would have been changed from the start to power down and liquidate that as well.
I tried to use the steemdb to see if perhaps carelessness might reveal other accounts ties to that Binance id, but it looks as if that feature has been disabled now there.
It turns out that it was the third option in the case of blurthispano it looks like.
I still lean towards the other dormant accounts weren't a hack at all, and all belong to the same whale. Probably the one who attacked the chain late last year as he is renowned for his many thousands of accounts. With the snapshot coming, coupled with the rising value of Blurt there are multiple reasons such a person with so many accounts would move them, to either cash out or to a new account where the activity would qualify them for the snapshot.
I have all my keys different in this three platforms. But my recovery is my steemit account. Is this any problem??? Can you tell me please how can I secure my account well??
Another question is that when I have installed kplr and took cosmosdrop address, they gave me no mnemonic code but a private key. I set a password also. Is there all right? Please help me @megadrive.
There is no recovery account here at Blurt, if you lose your keys or get hacked the account is gone.
You should have gotten a mnemonic code, as well as the key for the keplr wallet. I just did a search on how to view and export it. Try this.
Do you want to export your Seed Phrase?
In the extension click on the silhouette in the upper-right corner.
Click on the three dots and in the drop-down menu select [View Mnemonic Seed].
Confirm the operation by writing your Password.
Copy the Mnemonic Seed Phrase and store it in a safe place.
The recovery features still work if you want to set a personal account for recovery, we didn't collect email addresses like steemit did to verify original owners of accounts so we aren't running any official recovery service.
Thank you for the clarification. On the post by Freakeao when he had indicated this as well someone corrected him that there was no such feature. I'll head over there now and let them know so others don't think this is the case as I did.
Having different keys on all platforms is good, using one of own accounts for recovery is perfect.
Hmm, I think you can choose whether to setup with private key or mneumonic, do a test, load Keplr on another machine and see if you can use the private key to restore it. If so then all good.
It is very shocking news from you. I see that blockbhain is being under attacked in time to time. Is the security system is loo weak of blockchain. Many have all dream with blockchain. If it falls for any reason, then their dreams will be vanished.
Hi, I wish to ease your mind with this thought. I doubt it is the blockchain itself. We've had many third parties running front ends and other services who I believe it possible either installed a capture system at login, or were hacked and someone else did.
Please read some of my other comments, but will reiterate here again.
Other than the blurthispano account, the other accounts all appear to be dormant accounts, never used since the fork of Blurt. That suggests perhaps they all might belong to one person, or that person somehow has compromised their keys at Steem where they originated at the fork.
However, the blurthispano hack had to have originated here, as that account is a Blurt only account. So either they were hacked directly, or they used a third party service that was either hacked or set up to collect such information for hacking. Let me illuminate why the blurthispano account should ease our mind that Blurt itself is not hacked.
That they have 192480 Blurt staked. If the hacker had their master key they would have simply changed the keys and powered that down instead of settling for the small amount (in comparison) of liquid the account had. This is suggestive they were limited to the active key in their capture/compromise of that accounts keys.
Needless to say, I do urge those who have been here awhile to change their keys so that however that compromise tool place, one need not worry. As I mentioned above, I don't see Blurt itself as the weak link here. It was either a direct hack on whomever is running that particular account, or more likely one of the now defunct third party apps we had here like one of the front ends that have closed.
Indeed the first attack made was on my account, for which we made a first alert in the discord to the founders and witness. We proceeded to change the passwords immediately, I have been monitoring the activity in my wallet in case we manage to detect any other suspicious activity. What is certain is that the attacker collected these keys through some service, because this account does not exist neither in steem nor in blurt.
What is certain is that the attacker collected these keys through some service, because this account does not exist neither in steem nor in blurt.
Exactly, that stood out to me from the beginning. I'm glad you were able to salvage the account. It would have been tragic if the hacker had changed the passwords before they stole from you.
Do you think this might be what happened to my fund transfer? Long shot? I still have not received the transfer and it's been 4 days now. Thankyou by the way for your very kind loan until I'm up and running xxx
No, this is not what happened to your money. Yehey who runs blurtlink is holding it and not giving it back as of yet no matter how much proof he is provided. I wrote a post on it
I've named you beneficiary to try help offsetting some of your loss if the public pressure I'm now trying to mount on him to return it doesn't work.
Please don't hold this against Blurt. While he is a witness, he is not Blurt and his conduct should reflect solely on him and not the chain.
Thank you by the way for your very kind loan until I'm up and running xxx
Please, no more talk of loans. It wasn't sent as a loan. I appreciate how much care you take in researching and presentation. Your presence here, while not for a good chunk of people, is at the same time a draw for those not threatened at the thought of examining science that is contrary to the funded science that often has no basis in science and instead is merely propaganda.
I believe that you are one of many pieces that will see the value of Blurt rise, as the value, contrary to what the whales at Hive think, starts with the community itself. There is an audience for your presentations, and the platforms allowing any form of presentation and debate dwindle by the week.
So please, no more talk of loans. A loan is something a person seeks and agrees to. You did neither, nor was it sent with such intent. If you must, consider this as my investing in Blurt itself, as your presence here enriches the platform and serves as a draw for others who are finding it difficult now to find such alternative presentations rooted in fact.
I also found it strange that the only active account that was attacked was blurthispano. This account was created with a third party service. The good thing about it all was that thanks to that we became aware of it, alerts were raised and the whole community was informed to change their passwords and be on the lookout for any suspicious activity.
Thank you for multiplying the information to reach more people. Greetings dear.
Hi Vickie,
Thanks you for clarifying this
It would be logical then to conclude that the person who owns the many dormant accounts either also owned the third party service, or is connected with it in some manner. The amount of games and acting that takes place among some of the initial miners of Steem who went on to be the power accounts at Hive are renowned for role playing. Given the hostilities some of them have exhibited towards both Blurt and the founders it isn't so farfetched to see such a maneuver as a possibility.
Given they didn't change the keys to access the stake through power down it's also likely they meant this more as a "gotcha, look what we can do" than to actually destroy the account. They say criminals often return to the scene of a crime, and I suspect that's so they can admire their handiwork. In this case perhaps they needed folks to understand how they had gotten over with their account creation service. Hopefully everyone who has used such services will now change their passwords, and this will serve as a warning for any who use this service in the future to do so immediately as well as check if there is another account set for reclaiming ones account so they don't use that method to take over accounts.
There are always execptics who think they are right, after the publication in the morning hours some users have told me that the problem is Blurt and that it is unthinkable that an infrastructure like Hive allows the theft of passwords. The irony is that this has been going on for months and people still don't know it. I attach the link of the account active today and stealing funds without anyone being able to stop it.
https://wallet.hive.blog/@darkwarrior33/transfers
It seems as I mentioned this has to be originating from somewhere at Hive. The confusing part for me is how they accessed the blurthispano account, unless it also operates on Hive. All other accounts I looked at have never been used since they were created at the fork. This rules out individuals getting hacked, or a hack at the point of log in and had to most likely occur from either the Steem or Hive points, as the keys were identical to Steem keys, and could be so for Hive as well if the accounts in question never changed them there after the Hive fork.
I tried just now using the db database to see if I could try matching the wallet ID for Binance to someone who could be behind it, but unfortunately that part of the tool no longer works. Chances are that whomever is doing this created a new Binance account, but maybe they were careless and used that before with an account they wouldn't want tied to this hack.
I think more of a service implemented on the blockchain, we must remember that both chains existed developers who for various reasons are no longer around. Without alluding to any in particular I can say that at some point we had referral services, link for the creation of accounts, among other . much source code that is still in possession of the attacker and by that method seeks to extract the funds. With respect to the passwords we are 3 chains that use the same technology, at least two of them share some source code and from there we can imagine that there is something that helps the attacker.
Yes. these are my thoughts as well. If it weren't for Blurthispano being hacked I would lean towards this not even being a hack.
Hackers and scammers are harmful to any platform. I was attacked by a hacker a long time ago, but I did not suffer any loss.
We have to be more careful...
I think most of us have been hacked at one time or another as well. Yes, we all must be careful and when we see this happening act quickly to warn the rest of the community to try mitigating the damage.
Hi, there are many more apps on Hive and Steem, some of the user keys are the same on all three chains, so if compromised by phishing on one chain, all chains can be compromised.
Thank you so much for weighing in so quickly. I have a little more time so can expand my thoughts on this.
Based on the dormancy of almost all of the accounts, I would have leaned towards there likely being no hack at all. I know at the beginning of Steem there were many who ninja mined who created thousands of accounts. Who also then continued to create many more accounts. In fact, one of the original miners who was the cause of much misery there was once caught having a flag war with himself some time after the said flag war was over. He grew careless and performed actions tying the two accounts together.
So based on the fact most of the accounts transferring from Blurt are dormant would suggest the possibility that they al could have the same owner who is taking the time to cash them out now, or place them into a new account for the snapshot in an account that won't have the stigma of being dormant.
The part that nags at me is the blurthispano account. It doesn't exist anywhere but here. Not on Steem, not on Hive. This changes things a little.
Before I proceed I wish to state for yourself and any reading this that I don't believe there is a security hole in Blurt itself. The hole would then have to exist at Steem and Hive most likely and have been exploited and discovered long ago.
However, I do believe that it's possible that a third party app, such as the many different front ends we've seen as well as other third party services could be a possible culprit. By possibly recording this data through login. It makes it difficult to narrow down not knowing the systems employed by the blurthispano account.
Because of the impossibility of knowing just how exactly the keys were copied from blurthispano, leaving open the possibility of one of our now defunct third party front ends as the culprit, it just makes good sense for safety reasons that the community change their keys and eliminate any of those potential sources of this issue to have any further power.
One last thought on the blurthispano account. It has a decent amount of stake powered up. The fact that the entire set of keys weren't changed suggests as well that the hacker didn't have possession of the master key, or those would have been changed from the start to power down and liquidate that as well.
I tried to use the steemdb to see if perhaps carelessness might reveal other accounts ties to that Binance id, but it looks as if that feature has been disabled now there.
I think there are a few attack vectors:
It turns out that it was the third option in the case of blurthispano it looks like.
I still lean towards the other dormant accounts weren't a hack at all, and all belong to the same whale. Probably the one who attacked the chain late last year as he is renowned for his many thousands of accounts. With the snapshot coming, coupled with the rising value of Blurt there are multiple reasons such a person with so many accounts would move them, to either cash out or to a new account where the activity would qualify them for the snapshot.
I have all my keys different in this three platforms. But my recovery is my steemit account. Is this any problem??? Can you tell me please how can I secure my account well??
Another question is that when I have installed kplr and took cosmosdrop address, they gave me no mnemonic code but a private key. I set a password also. Is there all right? Please help me @megadrive.
There is no recovery account here at Blurt, if you lose your keys or get hacked the account is gone.
You should have gotten a mnemonic code, as well as the key for the keplr wallet. I just did a search on how to view and export it. Try this.
https://medium.com/chainapsis/how-to-use-keplr-wallet-40afc80907f6
The recovery features still work if you want to set a personal account for recovery, we didn't collect email addresses like steemit did to verify original owners of accounts so we aren't running any official recovery service.
Thank you for the clarification. On the post by Freakeao when he had indicated this as well someone corrected him that there was no such feature. I'll head over there now and let them know so others don't think this is the case as I did.
Having different keys on all platforms is good, using one of own accounts for recovery is perfect.
Hmm, I think you can choose whether to setup with private key or mneumonic, do a test, load Keplr on another machine and see if you can use the private key to restore it. If so then all good.
It is very shocking news from you. I see that blockbhain is being under attacked in time to time. Is the security system is loo weak of blockchain. Many have all dream with blockchain. If it falls for any reason, then their dreams will be vanished.
Hi, I wish to ease your mind with this thought. I doubt it is the blockchain itself. We've had many third parties running front ends and other services who I believe it possible either installed a capture system at login, or were hacked and someone else did.
Please read some of my other comments, but will reiterate here again.
Other than the blurthispano account, the other accounts all appear to be dormant accounts, never used since the fork of Blurt. That suggests perhaps they all might belong to one person, or that person somehow has compromised their keys at Steem where they originated at the fork.
However, the blurthispano hack had to have originated here, as that account is a Blurt only account. So either they were hacked directly, or they used a third party service that was either hacked or set up to collect such information for hacking. Let me illuminate why the blurthispano account should ease our mind that Blurt itself is not hacked.
You can see here
https://blurt.blog/@blurthispano
That they have 192480 Blurt staked. If the hacker had their master key they would have simply changed the keys and powered that down instead of settling for the small amount (in comparison) of liquid the account had. This is suggestive they were limited to the active key in their capture/compromise of that accounts keys.
Needless to say, I do urge those who have been here awhile to change their keys so that however that compromise tool place, one need not worry. As I mentioned above, I don't see Blurt itself as the weak link here. It was either a direct hack on whomever is running that particular account, or more likely one of the now defunct third party apps we had here like one of the front ends that have closed.
Indeed the first attack made was on my account, for which we made a first alert in the discord to the founders and witness. We proceeded to change the passwords immediately, I have been monitoring the activity in my wallet in case we manage to detect any other suspicious activity. What is certain is that the attacker collected these keys through some service, because this account does not exist neither in steem nor in blurt.
Exactly, that stood out to me from the beginning. I'm glad you were able to salvage the account. It would have been tragic if the hacker had changed the passwords before they stole from you.
Te invitamos a votar por @blurthispano como Witness
Congratulations, your post has been curated by @dsc-r2cornell. You can use the tag #R2cornell. Also, find us on Discord
Felicitaciones, su publicación ha sido votada por @ dsc-r2cornell. Puedes usar el tag #R2cornell. También, nos puedes encontrar en Discord
Do you think this might be what happened to my fund transfer? Long shot? I still have not received the transfer and it's been 4 days now. Thankyou by the way for your very kind loan until I'm up and running xxx
No, this is not what happened to your money. Yehey who runs blurtlink is holding it and not giving it back as of yet no matter how much proof he is provided. I wrote a post on it
https://blurt.blog/blurt/@practicalthought/not-a-good-look
I've named you beneficiary to try help offsetting some of your loss if the public pressure I'm now trying to mount on him to return it doesn't work.
Please don't hold this against Blurt. While he is a witness, he is not Blurt and his conduct should reflect solely on him and not the chain.
Please, no more talk of loans. It wasn't sent as a loan. I appreciate how much care you take in researching and presentation. Your presence here, while not for a good chunk of people, is at the same time a draw for those not threatened at the thought of examining science that is contrary to the funded science that often has no basis in science and instead is merely propaganda.
I believe that you are one of many pieces that will see the value of Blurt rise, as the value, contrary to what the whales at Hive think, starts with the community itself. There is an audience for your presentations, and the platforms allowing any form of presentation and debate dwindle by the week.
So please, no more talk of loans. A loan is something a person seeks and agrees to. You did neither, nor was it sent with such intent. If you must, consider this as my investing in Blurt itself, as your presence here enriches the platform and serves as a draw for others who are finding it difficult now to find such alternative presentations rooted in fact.
You're amazing xxx