Introducing EOS911 Emergency - Prove ownership of a hacked EOS account on the genesis snapshot
June 14th, 2018 - Update on EOS911 EMERGENCY
"I believe that good people don't have to resort to bad things, just because bad people exist and I'm not going to rest until we figure out and solve those problems." - Dan Larimer
EOS42 would like to thank to those who dedicated their time into this community initiative: EOS RIO, Blockmatrix, EOSSW/eden, HKEOS, EOS Tribe and EOSDac, and Sandwich for engaging with the victims in the EOS911 telegram group, EOSYS, EOSNodeOne for helping with communication in the Korean community, EOS Cannon and IMEOS for helping with communication in the Chinese community. And Sam S. from ECAF for addressing questions about the arbitration process.
Tutorial on how to interact with the recovery page by Charles H.(EOS42)
Related resources:
An open letter to all victims of phishing attacks:
For those who can prove the ownership of their ETH key and wish to have their EOS account to be frozen, please proceed to https://recovery.eos911.io to authorize EOS Block Producers to freeze the EOS account that is linked to your ETH key. For you to claim back the funds you have to submit your case (we're trying to figure out whether or not we can file all these disputes on behalf of the users) to ECAF (EOS Core Arbitration Forum) so that a ruling can be made.
If you’re reading this, there is a high possibility that you’re one of the victims. Phishing have been rampant during EOS token registration phase. These cases belong to the category of social engineering attack. This is also one of the most common attack vectors present in the blockchain space. For a phishing attack to happen, it needs a altered consensus among the parties, which means: for you to get phished, you must have agreed on an altered version of truth. They’re difficult to prevent because they exploit the human brain, examples include but not limited to: fake airdrop, asking for your private key, or in our case - fake key generator.
It’s important to know that firewalls and anti-virus software are not useful for this kind of attack. It’s only through education and empowerment of individual responsibilities we can prevent this from happening. We hope that you’ve learnt your lesson and not to fall for such trap again, we also hope that you can share your story with your friends and family, as we’re trying to help you today, you may be the one who will be helping victims of phishing attacks in the future.
Today’s blockchain space is still a wild west, and full of black swans. It’s for this reason EOS.io was born, with a grand vision to protect life, liberty, property and justice for all by utilizing blockchain technology, and this will be a never ending goal. Today, the community took on the challenge in combating with phishing attacks, just like how we will be peacefully combating with challenges we may encounter in the future.
EOS is envisioned to be a governed blockchain, a blockchain for humans. May we all have a world where life, liberty, property and justice of all are protected.
Things to consider:
Before you consider yourself as a victim please verify your EOS private key with different offline tools provided by the community just to make sure.
Victims will have 24 hours to signal the EOS Block Producers to freeze the EOS account that is linked to that ETH key via an Ethereum smart contract . Deadline is June 15 20:00 UTC
Please fill the google form if you made your claim via https://recovery.eos911.io and want to be contacted in the future. https://docs.google.com/forms/d/11N23ybhKrshuAcoUsOucfRG90F_-Snq4_5uXcc3mp70/edit
The site is hosted on Github pages and is complete open source (https://github.com/eos911/eos911.github.io).
For those of you who lost/forgot your private key, if you believe that your private key was never compromised, you don’t need to freeze your account. Nobody will be able to move your funds and you can always submit your case via ECAF and wait for a ruling.
What to expect?
The goal now is to freeze these funds so the attackers can't move them, the arbitration process is subject to change as we're still in a very early stage of EOS, those affected please stay updated with us.
- Even though mainnet is live, tokens are still staked for 3 more days.
The action of injecting a 0 balance transaction with a newly generated EOS keypair into the smart contract of https://recovery.eos911.io means the owner of that Ethereum address is signaling the Block Producers to freeze whatever EOS account that is previously related to that ETH public key.
After June 15, 20:00 UTC. A snapshot of the contract will be taken with all the accounts that are in dispute.
Those accounts will be frozen until an arbitration ruling is made by the ECAF (EOS Core Arbitration Forum)
Your funds will be returned to the EOS Public key that you put on https://recovery.eos911.io after your case is processed.
Social
Website
Telegram
Youtube
Bihu
EOS42 is an EOS Block Producer Candidate based in London, UK
This is an important message. Also a great display of the governance capabilities of the EOS network.
So just to be clear, nothing ever happened with this right? The ECAF decided they couldn't freeze any funds, allowed the scammers to make off with the money and over 1 million EOS was stolen due to a botched registration process.
Is this really the final outcome? My account was among the first 7 to be locked. I created the reddit post that led to the creation of the 911 telegram group. I still haven't seen any progress.
Re-steeming this important message. Thank you @eos42!
I have confirmed the process that has been outlined for myself. I have successfully generated offline a new EOS keypair, and then using my nano ledger through MEW was able to associate my NEW EOS public key with my original Ledger Nano MEW Address containing my ERC-20 EOS tokens following the instructions given by EOS42 et al.
Now, the idea is, within the next 24 hours, my EOS public key account will be frozen as I understand it. This is really great news! This effectively means we have solved the problem. All we have to do now is await further communication and instruction from ECAF, to regain liquid control over our EOS.
Resteemed, thanks for doing this work.
Hey @eos42, thank you for taking the initiative to help people in the community.
I was a victim on the phishing attempt when block.one was hacked. I was emailing with the block.one developer team and one of their accounts responded back to me with a phishing site.
Since I trusted the block.one account and was having trouble finding the most legitimate way to register my EOS ERC20 tokens, there was no way for me to know it wasn't a scam.
This EOS community thread is about my case - https://www.reddit.com/r/eos/comments/8mfja0/please_help_scammed_by_developersblockone_email/
What can I do since I lost my tokens before the snapshot was taken? Who should I contact?
The stolen funds were not registered, so as far as the community is concerned these are totally burned tokens that rightfully belong to me.
If I need to prove that the original account belongs to me, please let me know and I can provide all the necessary information.
hello, what was that phishing link and how can I check if I am also a victim?? I used the tool provided on github to generate my key.
This is one the project that the community will highly support. Having our 911 service is a great initiative and most of the people will vote for a worker proposer that will fund and maintain the service. I support the project.