Hi Everyone a terrible news, just now I got to know about it. My account got hacked and the person stole funds from my account. I was away for some time, busy, and not checking my wallet.
This is a proof, that even techie myself can get hacked, because the keys were compromised from start, and the hacker just waited for the account to have some funds.
I got some notification about an HBD transfer, not the one where the hacker transferred funds. Then I checked my account and got to know that 2 days before, some HIVE/HBD was transferred. And my HBD savings were almost empty.
Then I quicky opened my wallet and changed my password. I thought there is no need to change pass and its secure because I was not aware of where from the account was created (I almost created this account long back just some day and used later)
I don't remember the source but the recovery account is steempress-io (I will change later) so I think its same related to steem, as a lot of accounts were hacked before as well.
So, in total the account sepa666 stole 69.32 HIVE and 4.793 HBD from my account. There was even one Savings withdrawal directly to his account for 47.810 HBD which I cancelled today, just in time.
It's almost twice the amount that was stolen, so I was at least able to save 60% funds.
So, Please check and change your password, if you also think your account was created similarly. I had my keys saved only in keychain and no where else, not even in my browser. So don't know how the account got hacked. Luckily the keys were not changed, and I was able to change my password.
So, I can say, the hack can be done because of the stored keys from the time of account creation. As my account was small that time, the hack only happened at this time.
He is sending all the funds to another chain account bdhivesteem
Everyone please be careful and change your keys regularly and keep them safe.
Thanks.
it looks like hundreds of accounts were hacked there
Yeah, I checked. Many were old steemit forked accounts whereas I created a new account on hive. Then only things can happen is they keeping passwords from the account creation service, and this means hacks can be on non steem accounts as well.
...it smells like a rug pull by
peoplescammers who built back doors, and are now engaging them...Good luck, matey.
I think a problem is also the number of apps built on Hive, and the collecting of keys they make sometimes. It increases the risk in the long period. Then other "professional" informatic scam ways, but this type is over my knowledge.
Yeah this makes sense. We can not make sure if keys are safe anymore.
https://blurt.blog/blurt/@mrstorm/s64441
The issues of account hacking is getting out of hands o. I think the best is that everyone should change their key/password to be on a safer side
yepp, specially old accounts more than 2 years.
Ok thank, I created my steemit account around 2017 my hive account was created from the forked of hive out of steemit. Despite the fact that the amount i have is less than $5 I believe that everyone need to take precautions too.
Yes, just change it.
I saw one account last active 6 years ago and had 20 HP.
The attacker even powered down that amount and withdrawn.
That was heartless. Stealing people hard work for many years.
@Sepa666 ,. i warned you all already a few months ago ,. in a post on hive and blurt ,. but , according to you all , it was me , my own fault for not keeping up my defense and change my keys , or even having my keys being used in some shady app ,. witch i am certain i did not . Found out , this sepa666 is well connected to the blocktrader account on Hive , no one bothered back then , no one even cared . So what if sepa666 gets in all the wallets of more then 3 years inactive accounts and empties them. No one cared , no one looked into it , no one bothered to have a closer look .
Yeah and now ,. change your keys ,. change your keys !!! is all you guys can suggest to this robbery . While i tell you , it is of zero use ,. changed all my keys in windows multiple times to no avail , they got a backdoor and will get what ever they plan to get . Unless you change from windows to linux and then change your fucking keys . And never use any bogus keychain app again .
Lost my Hive , lost all my splinterlands cards , lost all i had on hive-engine to . Still running Blurt on an other laptop running linux with different keys is what kept the blurt wallet somehow save for me .
Made me loose all trust in all Dpos social media blockchain tech ,. FUCK THE COIN !!
And i do not hesitate to tell my story about this fucking crap elsewhere and offline . For you my dear @tekraze are a moron thinking these blockchains are a save and good thing to invest your hard earned sound money in .
LOLLOLL ,.. i give it only 4 months ,. and then ,. blurt is nothing but history ,. gone , died , eliminated from the global net .
Goodbye ,. have a nice fucking day . Fucking morons !!!
....anything a man can construct, they can deconstruct.....even the scared altar of 'muh blockchain!' ...lolol
It makes you wonder if the rug pull is now underway.... doesn't it ?
...People with zero ethics, wanting to scam - decide to build something, and then use it to scam people - shock ! horror! lolol
@tekraze has supermuted us both ,.. Keeping all the sheeple in the comments from seeing our reply's ,.. Coincident ??? ,.. for my info i gave is putting shame on him ?
And then , from his reply to opidia he is a believer in hivewatchers to .
While all attacks on me started right after telling hivewatchers about some Ai content pushing prick , questioning if this now was allowed for the content was promoting the WEF .
Also ,. see how the circle yerkers scream for more centralized control in their replies .
So ,. the whole thing to me seems like they are just putting up a show .
A show to centralize the great blockchain power even more .
;-)
but not blurtlatlam....when weak ego meets truth and they don't mesh, truth loses (temporarily, of course).
Childish immaturity, with weak ego's, who prey to the god of $ - and are very scared...(and more stupid that I first thought)..
really bad news, I feel sorry for you
This guy hacked many accounts before as well, thing is that the people on hive do not have any solution for these types of hacks.
I think these social blockchain needs a solution where a group of people can take action on a combined agreement.
Something like that includes top investor, developers, etc.
Don't know when will this stop.
Take care Bhai, i will change my keys tomorrow
Yeah they just said it's me who got the account hacked. Lol. Can't say anything more.
Mmmm... you are making me thinking. I am sorry for your lose. Yesterday, my ecency account showed me a +12 HBD in the virtual balance, like a transfer from savings. I don't know if it was an error or not, but I immediately change all the keys and revoke authorizations from many ones. These frauds are terrible, we are losing R2cornell for the same reason.
Yes, I also was sad to see when my savings was showing 0. Then I checke there was an active withdrawal, that I cancelled and my savings were back.
It's really bad and causing multiple users.
I am just wondering what is happening.
I imagine, it's always a bad bad news :(
It's definitely concerning for me... Two people already in a short time getting hacked.
Cornell on Blurt and now you on Hive. This seems abnormal... How many hacks happen in any given quarter on these platforms? Seems odd.
These hacks are regular. It's just that no one knows until some active accounts are hacked.
This shows that the idea that passwords on the blockchan, being automatically and randomly generated, are secure is a true metropolitan legend.
What surprises me is that they can steal money from Blurt Power or Hive Poiwer because in reality the tokens deposited in that account have to be claimed and wait 7 days for them to be credited.
If, as you say, you have been robbed from this account, now no one is safe and the blockchain will end up crashing permanently.
I was robbed at HIVE but they were available tones present in the HIVE and HBD wallet.
Bdhivesteem account is a hacker account, a friend sent 3600 hive there by accident.. well..never came back.
Thewolf should have made a post on this but he didnt.
Hivewatchers said, it belong to Binance.
Hi @tekraze, great news! Your content was selected by curators @nalexadre, @ten-years-before to receive a special curation from BeBlurt 🎉 Don't hesitate to upvote this comment as the curators will receive 80% of the rewards for their involvement.
You can support us by voting for our witness, our decentralized funding proposal, or through delegation. You're also welcome to join our Discord server 👉 https://discord.beblurt.com
Any new information on the topic? If there is any hole in blockchains, then this should be the key issue... The question is which hive applications story the keys. Does HE or SE do this/have they done this in the past?
It's probably the account creation tool only that either saves key, or maybe someone got access to that and saved keys.
As my email is enabled with 2fa, so very low chances of email compromised.
I can only say one thing, just timely change password.
Nothing can be trusted.
That's true. we should create some tool that would use additional f2a security for access to the account. e.g. the user who runs them will have his keys encrypted with an additional key which can only be unlocked with the code from f2a. It would also be necessary to create something that would allow for safer and easier password changes. As @mrstorm also wrote, when changing keys, it may also happen that the account will be lost due to failure to save the keys.
Yes, thats another issue if you fail to save the keys. So better to have a good internet when you doing recovery.
But I don't think, adding 2FA is easier, it will instead let the key to pass through another service.
The keys are safe with current flow, we just need to make sure to use account creation services we trust, or at least keep changing password.
Thanks
that is, I was thinking more about securing the withdrawal of funds from the wallet and viewing the keys in the additional f2a wallet. Of course, someone can still use scripts, but this somewhat narrows the number of potential fraudsters and thieves.