Been robbed
-
@Burstde you do realise that passphrase is only thing needed to get access to all you have since it is stored on blockchain?
-
Well Then A mandatory rollback of block until Lexicon's funds are restored
-
@Lexicon I know lex really but from what I have been reading there are quite a few computers running pools and paying out assets, with that amount of info being transferred everyday someone can get a way in. I do a lot of security work for people most times it is something simple. For example the first thing that has to be locked down is the modem every modem made is listed on line with very generic passwords like my Arris the original password was password so i went into it and changed it then I looked at the computer yes every computer has a password to enter into windows/mac/linux but unless you are able to go into the bios and set a master password it doesn't matter especially with what we do the computer is on open and vulnerable. Either someone is targeting individuals or the are going after the distributing computers. on any given day we have over 100 visitors to this site not including the 3000 plus peeps that are registard how are we to know who is or is not trying to try something. I read posts all day I see who is a reg. and then there arfe a lot I dont see ever. we already have a security issue when it comes to someone dumping assets on us we have not bought. Heck go look at pics of some of theses mining operations there are hackers out there that specialize in knowing exactly what kind of computer and hardware that makes it way easy to start basic recon as to the best way to get in. I want this part on record I in know way am saying it is ANYONE'S fault i am saying is that there is a lot of info out there that people can get real easy.
Croydan
-
@Burstde its not how blockchain works - once its on the chain it is law
-
Unfortunately this happens in many places people do not like to work and prefer to take advantage of the work of others.
I have lost bitcoins when I hacked mtgox, I lost again with imputs.io since I had 3 faucets using their service and at the last buy a script to mount a game giving away bitcoins and also I hacked it, it is Bad of not know how to program, buy something thinking that is good but in the end sucks
-
@Burstde OMG I will stop the surfbar then
-
I say contact all the exchanges and give him or her no place to sell them!
-
How would that work? the thief can xfer the burst to a different account in a second.
I personally think if there is too much value in a single address/wallet/account then that is a big target. I xfer my mining Busrt to other accounts, as I see the mining account as a weak point, since the passphrase is "given" away. Still not saying how it was done, but if you park your beat up car next to a new Lexus, if one is stolen, guess which one will be there when you get back?
-
you could follow the transfer till there is a mistake. It better than letting them get away with it. I like the two authentication approch
yahoo does it why not burst. Make it send an sms to your cell phone.
-
@Lexicon Your account seams to be not the only one robbed, the target account BURST-9HTR-WSSF-XY9H-7HUNW got money from several accounts.
If brute-force is unpossible (222 chars) passwords must have been grabbed somewhere else ... ask yourself ... did you ever use your pass on online wallets without https, solo mine through a pool url, download burst software from somewhere else than the org. source or expose your password in another way through the internet? Guess your pc was not infiltrated due the other effected accounts ...
-
@Lexicon That sucks man! So sorry for your losses.
Is it possible that I take a look at your PC to know how your passphrase was stolen?
-
A couple things I'd like to add here...
-
I dislike 2FA and a strong password is really still the best thing you can do - 2FA is in a sense too good and can lock even the owner out of accounts. Get everything off the cloud and log in with a strong password every time (granted you're not infected with a keylogger)
-
Don't hold any of your bags on a wallet that is attached to mining or ever has been. The fact that a passphrase must be given out to assign rewards is the problem here.
-
The surfbar can be used safely in several different ways: in a virtual machine environment, on a computer that isn't linked to your wallet, etc...
Be safe!
Edit: another thought - as @luxe said, these online wallets without https are suspect!
-
-
said in Been robbed:
BURST-GAJL-VWKN-2XPB-H39R9
What is strange is the 15 zero transactions before the theft means it was a bot to phish your passphrase. If I'm right then you must of just used your passphrase at the time of those 15 zero transactions. Let me know if i was right
-
@Burstde I saw those zero transactions too! Fishy fishy
Edit: zero transactions were asset transfers, noted. Thanks @Energy
-
who is this guy he doesn't look like a miner. He made one transaction before this theft? Can anyone vouche for them?
BURST-RL8F-QNEW-28UN-7W6FF
-
-
@luxe the only online wallet ive used is the burst-team one and the local wallet and the burst-team one was allways https.
i have antilogger installed so i doubt that i was keylogged.i
@Burstde even if we did rollback the blockchain the guy still has access to my account and can transfer them. this would also require all nodes to rollback or a new release
-
@luxe said in Been robbed:
@Lexicon Your account seams to be not the only one robbed, the target account BURST-9HTR-WSSF-XY9H-7HUNW got money from several accounts.
If brute-force is unpossible (222 chars) passwords must have been grabbed somewhere else ... ask yourself ... did you ever use your pass on online wallets without https, solo mine through a pool url, download burst software from somewhere else than the org. source or expose your password in another way through the internet? Guess your pc was not infiltrated due the other effected accounts ...@luxe from what I understand, the passphrase never gets sent over the internet, it gets encrypted client side.
@lexicon please run a rootkit detector on any PCs you have logged in from
-
@Focus To the best of my knowledge you're correct and the passphrase itself is not sent, but if the communication can be captured, a replay attack may be possible, using a different transaction body with same hashed passphrase. That's why I'll never do anything on straight http wallets.
-
@haitch said in Been robbed:
@Focus To the best of my knowledge you're correct and the passphrase itself is not sent, but if the communication can be captured, a replay attack may be possible, using a different transaction body with same hashed passphrase. That's why I'll never do anything on straight http wallets.
So would this wallet be vulnerable to attack and anyone who has used it, be screwed?






