Author Topic: Recent hacking by doris-payne  (Read 4702 times)

0 Members and 1 Guest are viewing this topic.

Offline goldeagle

  • Newbie
  • *
  • Posts: 14
    • View Profile
Recent hacking by doris-payne
« on: April 26, 2017, 08:03:41 am »
Hi All, Not being a techie I would like to ask a question.
As you will be aware doris-payne is hacking many accounts. He/she is some how accessing accounts without any bin file or password. My account was hacked even though I keep nothing pertaining to my account on my mac. Everything is stored on a usb, and all browsing data is deleted.
Is it necessary for our bitshare account details (user name, transfer amounts) to be made public in http://cryptofresh.com?
Bitshares are aware of the problem but to date nothing has been done to prevent hacking of accounts. The problem seemed to start after the recent changes to logging in to bitshares accounts.
Does any one know what is being done to prevent further hacking of bitshares accounts?
Thank you
Regards
Rick

Offline pc

  • Hero Member
  • *****
  • Posts: 1530
    • View Profile
    • Bitcoin - Perspektive oder Risiko?
  • BitShares: cyrano
Re: Recent hacking by doris-payne
« Reply #1 on: April 26, 2017, 04:10:46 pm »
cryptofresh.com is only publishing blockchain data that is public anyway. It is a *helpful* service and certainly not the cause of these hacks!

AFAICS (on cryptofresh) only a handful of accounts seem to be affected, and most of them look like compumatrix users (account name is prefixed with "cni-"). It is possible that the hack was executed through an XSS attack on the compumatrix trading interface, or whatever frontend they have over there - I don't know.

(It is of course also possible that such an attack was executed on openledger.info, but I think we would see a lot more affected accounts then.)
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de

Offline renkcub

  • Full Member
  • ***
  • Posts: 143
    • View Profile
Re: Recent hacking by doris-payne
« Reply #2 on: April 26, 2017, 06:33:23 pm »
How many have been hacked?

How do we secure ourselves?

Offline desi

  • Newbie
  • *
  • Posts: 15
    • View Profile
Re: Recent hacking by doris-payne
« Reply #3 on: April 26, 2017, 07:53:56 pm »
So fare i know at least 8 accounts where hacked so fare. This account of doris -payne was created only at the  2017-04-18 .  >:( >:( >:(

Offline goldeagle

  • Newbie
  • *
  • Posts: 14
    • View Profile
Re: Recent hacking by doris-payne
« Reply #4 on: April 27, 2017, 06:13:01 am »
Hi Guys, thanks for your replies.
To date, I know of ten accounts that were hacked. doris-payne, for some unknown reason also sent funds to a few other accounts. A Robin Hood action.
Yes, it does seem that only cni- accounts were hacked.
They have proven a point, that it is possible to hack accounts without the passwords or bin files that are supposedly needed to access our bitshares. A very clever person that could better use their talents elsewhere.
Thanks again
Regards
Rick

Offline alt

  • Hero Member
  • *****
  • Posts: 2811
    • View Profile
  • BitShares: baozi
Re: Recent hacking by doris-payne
« Reply #5 on: April 27, 2017, 08:32:28 am »
I'm afraid it's not hacked accident.
for the transaction at block 15973155
http://cryptofresh.com/b/15973155
lil-bi.t-of-techs-us sent 80,238 BTCPLUS to doris-payne
the signature is "1f4393f0ca49098a42cdd046bfd213081e005c83f290046d267f19740dc0956d8c40670c299d6488c5421c0605386e8804b79498159bfa826599cd4c05b05d2a17"
it's not signed by key "BTS5XmF1sN8MJAqJfcTqKJJTmZsDnUVXLnYtFVeA9rAsj1XYd3WYP" which belong to lil-bi.t-of-techs-us
it's signed by key "BTS5VRaCZGCVQrPWsFAutV5fDVu8cGePg2cRowvHNdGQywhaQTyM5" which belong to compumatrix1
and you all set account compumatrix1 as your active auth account.

Offline fav

  • Administrator
  • Hero Member
  • *****
  • Posts: 4278
  • No Pain, No Gain
    • View Profile
    • Follow Me!
  • BitShares: fav
Re: Recent hacking by doris-payne
« Reply #6 on: April 27, 2017, 10:49:09 am »
How many have been hacked?

How do we secure ourselves?

use the desktop wallet.

Offline renkcub

  • Full Member
  • ***
  • Posts: 143
    • View Profile
Re: Recent hacking by doris-payne
« Reply #7 on: April 27, 2017, 01:56:07 pm »
Trying desktop wallet and can't make sense of it. Guide anywhere?

Offline nmywn

  • Sr. Member
  • ****
  • Posts: 266
    • View Profile
Re: Recent hacking by doris-payne
« Reply #8 on: April 27, 2017, 03:48:05 pm »

Offline svk

Re: Recent hacking by doris-payne
« Reply #9 on: April 27, 2017, 03:50:40 pm »
TLDR of alt's comment: Remove compumatrix1 from your account auths if you have it..
Worker: dev.bitsharesblocks

Offline fav

  • Administrator
  • Hero Member
  • *****
  • Posts: 4278
  • No Pain, No Gain
    • View Profile
    • Follow Me!
  • BitShares: fav
Re: Recent hacking by doris-payne
« Reply #10 on: April 27, 2017, 04:30:13 pm »
compumatrix1 blacklisted doris-payne

Offline Stan

  • Hero Member
  • *****
  • Posts: 2906
  • You need to think BIGGER, Pinky...
    • View Profile
    • Cryptonomex
  • BitShares: Stan
Re: Recent hacking by doris-payne
« Reply #11 on: April 27, 2017, 08:45:56 pm »
experts, is there a way for a compromised lifetime member to change their signing keys..or anyone else to change them?

From xeroc:  He needs the owner key .. if he has that .. he can import it into the wallet and change the active and owner key .. paperwallet.bitshares.eu may be helpful
Anything said on these forums does not constitute an intent to create a legal obligation or contract of any kind.   These are merely my opinions which I reserve the right to change at any time.

Offline fav

  • Administrator
  • Hero Member
  • *****
  • Posts: 4278
  • No Pain, No Gain
    • View Profile
    • Follow Me!
  • BitShares: fav
Re: Recent hacking by doris-payne
« Reply #12 on: April 28, 2017, 05:08:49 am »
how do you register via compumatrix? do they offer their own wallet (would explain everything), or do they forward to openledger?

Offline btswolf

Re: Recent hacking by doris-payne
« Reply #13 on: April 28, 2017, 10:35:29 am »
how do you register via compumatrix? do they offer their own wallet (would explain everything), or do they forward to openledger?
yes, https://     compumatrix.co

Offline fav

  • Administrator
  • Hero Member
  • *****
  • Posts: 4278
  • No Pain, No Gain
    • View Profile
    • Follow Me!
  • BitShares: fav
Re: Recent hacking by doris-payne
« Reply #14 on: April 28, 2017, 10:38:05 am »
how do you register via compumatrix? do they offer their own wallet (would explain everything), or do they forward to openledger?
yes, https://     compumatrix.co

then it's pretty clear. they have basically access to every account created through their interface.

I hope [member=23432]ccedk[/member] blacklists them from their faucet ASAP.