You are viewing a single comment's thread from:

RE: URGENT!!: STEEM.AMAL HAS BEEN COMPROMISED BY @ gandurasik011!!!

in Steem SEA3 years ago

Under Investigation , You have give / used with Steem Amal
steemauto.app and this App is Not Safe.

This App is Compromise and The Owner is Steem Supporter
He is running witness and was using Everyone Keys to vote on all his account.

Please be sure to REMOVE steemauto.app on All your Accounts.

@quarantine

Sort:  
 3 years ago 

This, I think, is the best explanation to what happened,, thanks.

 3 years ago 

The account was just recovered by the steemit team and support from @steemchiller (thank him very much for the endless support)

I need to recheck everything ups again

thank you for your concern @quarantine and my friend @aneukpineung78

How is life back there, I am in Banda Aceh, if you are in town, we may have some coffee during the break

Regards

Very fast Recovery.

Make sure you take out steemauto.app

This will happen again as Steem Support is unreliable and will find any oppurtunity to access any accounts he can get hold.

Make sure you take out steemauto.app

I don't understand how this can be linked to steemauto, can you explain please?

 3 years ago 

I am now living in Banten as I told you before. Life is like always, cannot complain, if you knew what I mean.
I don't see myself in Aceh in nearly time, but thanks for the offer for sure.

We used to use steemauto for our community curation and never had any issues. If I remember correctly steemauto never had access to any keys. Since that was our first concern too so it seems to me like this was a key management issue?🤷🏻‍♂️

Yes we did this and removed post auth.
But that’s why it doesn’t make sense that masterkey was stolen🤷🏻‍♂️? Anyway…idk

i give you a big thumbs down .. can you explain how a posting auth can be related to a lost master password . do you even know how keys and auth works on steem .

 3 years ago 

Dear @tomoyan, @steem-supporter, @the-gorilla, and @quarantine

I don't understand at all how the master key could be compromised since the master and owner are never used at all times during transactions of the account and it is saved offline. As it was recorded the thief used the owner and changed it before he/she perform the transfer. if someone thing it is because of the auto vote service, steem.amal account never uses the auto vote service, so then it is not an issue at all.

it is still a big question for us, it is the second time happened to steem.amal account. The first one was someone changed the posting and active key but it can be controlled using the owner/master key. But, this time they took over all keys.

For ur information, I have had the experience to recover multiple stolen accounts (at least 4), and all of them never use master and owner keys when they click the phishing link or access their account. But still, all their key was compromised.

We may need to consider the new method or other possibilities the cracker/hacker used to access the account.

Do you have anything in mind?

With my best regards

I wondered the same thing which is why I can't understand the association with steem.auto.

I don't believe that you can change the Master Key with just the Owner Key (although I could be wrong) so it appears that you have had the Master Key stolen.

Which leads me to 3 possible scenarios:

  1. Your Master Key has been hacked - this feels unlikely given that the Key is so complex, unless of course somebody has "cracked" the entire system in which case we'll see a lot more of this.
  2. Somebody that you know has done it - this is an uncomfortable thought but check who else has access to your computer and where you have your Master Key stored.
  3. Your computer has been compromised - Check for SpyWare or similar installed on your machine. It could be that the hacker has had access to your account for a long time and been waiting for the best time to attack.

I'd also consider your reasons for keeping so much liquid SBD and STEEM. I'm sure you have them but consider splitting large amounts across multiple accounts - the remainder of the power was "saved" because of the 4 week powerdown period.

You have my sympathies, I can only imagine the pain that this has caused.

 3 years ago 

My preliminary investigation was the first PDF was saved in the email, and the email was not safe at all, the access key was only kept by 3 trustees persons. They were all panicking contacting me to do any possible thing to save the account.

My last computer has been clean out before I handed it over to my wife. My big regret was the SBD and Steem did not keep in the "Save balance" as they should be.

if the case is my computer, I don't have any key stored in this new computer or phone, because I never access the account using this new computer at all till yesterday.

So my best guess was they gain access to the email used to create the account and find the pdf file there, it is the easiest way to get access since the password of the email is not strong enough.

what all of us need to be concern about is finding the real cause of how someone else could get access to any account, to protect the entire steemit system and avoid miss understanding the user for the platform security issues.

I thought (if this is possible) for the steemit team could find a way to track down the thief and freeze the account so then they can not do any transactions.

can you do an IP address track of the thief account to find out from where he came from and let me know to my discord channel? @el-naillul3044

Thank you for your sympathies my friend, best regards

El-nailul

Unfortunately, I don't think Steemit will do anything. We've seen stolen money transferred through accounts before and I don't remember Steemit ever freezing an account in order to stop the funds being withdrawn.

The only suggestion I have is to look at the user of the account that has stolen your money and see which exchange the money is moved to. Once you've established that, you could phone the exchange and explain that one of their users has stolen your money (you can provide evidence of the transfer out of your account) and they might be able to freeze their account and retrieve the money for you. I've not heard any stories of this being successful either but it's worth a try - I fear that once it's gone, there I've seen little to no appetite from anybody to help get it back 😢

It's also my understanding that IP addresses are not recorded and if they were, I don't think anybody would ever admit to it. I think that your best hope is to first report the theft to the police and then to contact the exchange which the thief uses.

@el-nailul

@quarantine have done investigations for years on Hackers / Phishing.

Example Accounts

@wwefun @richardman

Have seen how it was done.

Using App can also be Storing your passwords.

You do not need to expose your passwords, there is way this ppl will steal it.

By lodging into their App.

Under Investigation Steem amal have use Steem Auto App.

If not Why would I said that.

I am busy , If you don't believe me then don't take my words.

Have A good day.

Coin Marketplace

STEEM 0.21
TRX 0.26
JST 0.038
BTC 95931.40
ETH 3358.80
USDT 1.00
SBD 3.04