Author Topic: account trans.bot hacked today  (Read 3572 times)

0 Members and 1 Guest are viewing this topic.

Offline renkcub

  • Full Member
  • ***
  • Posts: 143
    • View Profile
I am using wallet model. Is there any chance my account is hacked like this?

We don't know how exactly this account was hacked. But shortly speaking, yes, your account can be hacked many different ways.

Account model requires somehow access to your key (OR your PC.. like via remote desktop hack) and password.

Wallet only requires password.


Offline yvv

  • Hero Member
  • *****
  • Posts: 1186
    • View Profile
I am using wallet model. Is there any chance my account is hacked like this?

We don't know how exactly this account was hacked. But shortly speaking, yes, your account can be hacked many different ways.

Offline trustpay

  • Newbie
  • *
  • Posts: 14
    • View Profile
I am using wallet model. Is there any chance my account is hacked like this?

Offline fav

  • Hero Member
  • *****
  • Posts: 4278
  • No Pain, No Gain
    • View Profile
    • Follow Me!
  • BitShares: fav
my guess:

it's a bot, so he used the private key online/in compromised software.

there's no point for an intruder to risk sending funds to a 2nd account if they got complete owner access. you'd just change the keys and sell from the main account.

Offline renkcub

  • Full Member
  • ***
  • Posts: 143
    • View Profile
I am very sorry to hear this. This is the #1 problem with crypto IMO. I too got wrecked (lost btc) in 2014 due to horrible 2FA / security from Google (Gmail) and Blockchain.info. Bitshares doesn't have the best security options... let's foster this discussion.

Thanks for all you've done for Bitshares. You are talented and will get through this and earn again. It sucks right now.

Offline fav

  • Hero Member
  • *****
  • Posts: 4278
  • No Pain, No Gain
    • View Profile
    • Follow Me!
  • BitShares: fav
how did they get access to your account?

do you use wallet model? do you store it in your mail or something?

Offline mf-tzo

  • Hero Member
  • *****
  • Posts: 1725
    • View Profile
That really sucks. But there must be a way to protect ourselves from this kind of attacks.since it is easy to prove that trans.bot is indeed your account can't witness block the hackers account, or do a softfork or something?

Offline yvv

  • Hero Member
  • *****
  • Posts: 1186
    • View Profile
Sorry for your loss. Any idea about how this went wrong?

Offline bitcrab

  • Committee member
  • Hero Member
  • *
  • Posts: 1928
    • View Profile
  • BitShares: bitcrab
  • GitHub: bitcrab



today my daily trading account trans.bot was hacked and I lost about:

22.4 BTC
119.5 ETH
4.19M BTS
264k bitCNY




I paid heavily to my carelessness, I should not put so much assets on a daily trading account, but recently I was busy and forgot the necessity to use multi-sig account to keep big amount of assets, then the assets in trans.bot accumulated more and more before I was aware of that.

there was a debt position of more than 20M BTS there, fortunately the hacker haven't lower the collateral ration and stole other several millions BTS.

I use this account in my laptop, win10, and I also receive mails, chat in QQ, browse webs, watch videos in the same laptop.

I use this account both in light wallet and the web wallet https://bitshares.org/wallet/#/.

sometimes I connect Internet via public wifi.

yes I do not have a good habits, hope my loss can warm more users.

however I still think that we need to do some update to the wallet for higher fund security, for example, YOYOW have done some change to key management, the owner key is not saved locally but other medias, and with owner key one can update the active key to a new one by one click,  hope this can help to make the wallet more safe.


今天我的日常交易用账户trans.bot被黑了,损失大约如下:

22.4 BTC
119.5 ETH
4.19M BTS
264k bitCNY

我为自己的不谨慎付出了惨重代价,trans.bot是我日常交易用账户,本不该存放如此之多的资产,可因为最近比较忙,偷懒不用多签账户,不知不觉使得日常交易用账户里的资产越积越多。

账户里还有2000多万BTS的抵押债仓,也许我应该庆幸黑客还没有去调整抵押率再搞走几百万BTS...

使用windows系统,而且是在同时接受邮件,QQ聊天,浏览各种网站,看视频的笔记本上使用,还轻钱包和网页钱包https://bitshares.org/wallet/#/ 都有使用,还没少使用公共wifi。。。总之,首先应该责备的的确是我自己。

然而,我们的确还应该从软件上提高钱包的抗风险能力,比如, YOYOW钱包就做了很有意义的改动,主控私钥不存在本地电脑中,而是另外存储,可随时一键更新交易私钥。这些创新也很值得更新到BTS 钱包中去。


 



Email:bitcrab@qq.com