Author Topic: Account Hijacked  (Read 4732 times)

0 Members and 1 Guest are viewing this topic.

Offline tsuratsura-3557

Account Hijacked
« on: February 28, 2019, 04:16:13 am »
Dear Forum members,

I would like to report my account hijack that happened around Feb 7th.
As I did not check my account frequently, I just found out that my balance became almost 0 when I checked on Feb 15th.

I lost almost all cryptos that I owned and I would like to inform all Bitshares holders of this incident so that no more victims will be created.

I checked some google and found out that there was malicious Bitshares proposal around end of January in 2019.
I believe my account was hijacked by this malicious proposal and he/she stole all crypto.
I do not think I approved this proposal but I might have accidentally approved.

I have just attached cryptofresh https://cryptofresh.com/u/tsuratsura-3557 and this is the all I have.
I do hope Bitshares will prevent this kind of malicious proposal from attacking all members in the future.

Should you require anything further, please let me know.

Regards,

Toshi

Offline lin5464

  • Jr. Member
  • **
  • Posts: 40
    • View Profile
  • BitShares: lin5464
Re: Account Hijacked
« Reply #1 on: February 28, 2019, 06:23:39 am »

Offline tsuratsura-3557

Re: Account Hijacked
« Reply #2 on: February 28, 2019, 06:34:43 am »
Thanks for the information.  I just wanted to inform that

last three line transaction including this

Transfer tsuratsura-3557 send to openledger 11.539348 OPEN.BTC

were done by me.

Regards,

Offline tsuratsura-3557

Re: Account Hijacked
« Reply #3 on: February 28, 2019, 06:38:18 am »
Also, I just noticed that GANT777 stole all my BTS ?


Offline sschiessl

Re: Account Hijacked
« Reply #4 on: February 28, 2019, 08:26:20 am »
Sorry to hear about that. The new version of the UI includes protection to not accidently approve a proposal (it was already a two step process before, now it is three!).

The proposal itself can't do any harm to your account, so you must have (accidently) clicked on approving it, which then gave the attacker full access to your account.

Offline armin

  • Full Member
  • ***
  • Posts: 133
    • View Profile
Re: Account Hijacked
« Reply #5 on: February 28, 2019, 10:10:50 am »
remove the proposals from the UI, it's only causing trouble and the people who are using them currently should already know how to use the cli_wallet

Offline tsuratsura-3557

Re: Account Hijacked
« Reply #6 on: February 28, 2019, 11:08:47 am »
Thank you all and if almost all Bitshare users know how to handle and do not approve this kind of malicious proposal, I am relieved.
My loss was tremendous but I learned a lot. I do hope that this kind of thing won't happen again in Bitshares.

Very best regards,


Offline armin

  • Full Member
  • ***
  • Posts: 133
    • View Profile
Re: Account Hijacked
« Reply #7 on: February 28, 2019, 04:35:03 pm »
No actually this accident can happen to anyone, the proposal is right there on the UI to accept and an uninformed / fatigued user will make the same mistake

Offline tshen

Re: Account Hijacked
« Reply #8 on: February 28, 2019, 05:11:35 pm »
I think the UX could be improved. Maybe the proposal dialog should not just pop up. It could go to a specialized menu item that the user must intentionally go to that page and Accept after double confirmations.  In that page we could put some warning text clearly indicating that Accept could cause you to lose fund.
Tong Shen, Coordinator Assistant, Core Team | 沈瞳,BitShares Core 开发团队 协调员助理
Spark Blockchain | 星火区块链:北美领先的区块链咨询及孵化公司 https://sparkincu.com/
WeChat | 微信号: cnjsstong

Offline postup5

  • Newbie
  • *
  • Posts: 4
    • View Profile
  • BitShares: postup5
Re: Account Hijacked
« Reply #9 on: March 08, 2019, 04:43:24 pm »
This happened to me yesterday, Tuesday, March 7, 2019. I can still get into my account fortunately. The names that show up in my activity feed that various funds were sent to are as follows:
1. cryptobridge-upgrade
2. rz120
3. There was another name but so far it has been buried too far to find it.
They cancel all your orders and then go to work extracting funds. The first thing they bought was KRIPT. I found this article https://bitcoinexchangeguide.com/openledger-dex-domains-openledger-io-openledger-info-hijacked/. If you scroll down to the comments there is this link https://dex.openledger.io/access-issue-ol-reimbursement-program/ which has good information on what to do. I filled out a ticket and was immediately e-mailed: "We would like to tell you that we have received your request and a ticket has been created. We will check your message and You’ll hear from us a reply no later than in 72 hours." Here is more information if interested in this link https://steemit.com/bitshares/@kingscrown/watch-out-the-bitshares-scam-going-and-getting-more-sophisitacted.

Offline Digital Lucifer

  • Global Moderator
  • Sr. Member
  • *****
  • Posts: 323
  • 13 years of being Slackware abUser
    • View Profile
    • BitShares 3.0
  • BitShares: dls.cipher
  • GitHub: dls-cipher
Re: Account Hijacked
« Reply #10 on: March 16, 2019, 01:41:14 pm »
No actually this accident can happen to anyone, the proposal is right there on the UI to accept and an uninformed / fatigued user will make the same mistake

Accident of blind sign on a paper in a bank regarding your account and its balance ?
Milos (DL) Preocanin
Owner and manager of bitshares.org through Consensus
Move Institute - RN: 2098555000
Murska Sobota, Slovenia, SI.

Offline tsuratsura-3557

Re: Account Hijacked
« Reply #11 on: March 18, 2019, 12:18:59 pm »
Thanks for good information. I will look into them.

Regards,

This happened to me yesterday, Tuesday, March 7, 2019. I can still get into my account fortunately. The names that show up in my activity feed that various funds were sent to are as follows:
1. cryptobridge-upgrade
2. rz120
3. There was another name but so far it has been buried too far to find it.
They cancel all your orders and then go to work extracting funds. The first thing they bought was KRIPT. I found this article https://bitcoinexchangeguide.com/openledger-dex-domains-openledger-io-openledger-info-hijacked/. If you scroll down to the comments there is this link https://dex.openledger.io/access-issue-ol-reimbursement-program/ which has good information on what to do. I filled out a ticket and was immediately e-mailed: "We would like to tell you that we have received your request and a ticket has been created. We will check your message and You’ll hear from us a reply no later than in 72 hours." Here is more information if interested in this link https://steemit.com/bitshares/@kingscrown/watch-out-the-bitshares-scam-going-and-getting-more-sophisitacted.

Offline Thul3

  • Sr. Member
  • ****
  • Posts: 359
    • View Profile
Re: Account Hijacked
« Reply #12 on: March 18, 2019, 12:45:02 pm »
I had the same proposal from openledger-something .I was thinking a bit if to accept or not because a day ealier i contacted openledger support about a manuel withdrawl but decided at the end since i can't see (at least i don't know where) what the proposal contains i won't accept it.

Offline postup5

  • Newbie
  • *
  • Posts: 4
    • View Profile
  • BitShares: postup5
Re: Account Hijacked
« Reply #13 on: March 21, 2019, 11:34:17 pm »
I did hear back after a few days regarding my ticket. Seems there is nothing they can do. Here is a link to my bitshares explorer account page:http://bts.ai/u/postup5
Looks like openledger-security has control and has all but drained it. It is unacceptable that nothing has been said or done to protect others from this exploit. I won't be using bitshares anymore.

Offline iamredbar

Re: Account Hijacked
« Reply #14 on: March 22, 2019, 01:09:16 am »
I did hear back after a few days regarding my ticket. Seems there is nothing they can do. Here is a link to my bitshares explorer account page:http://bts.ai/u/postup5
Looks like openledger-security has control and has all but drained it. It is unacceptable that nothing has been said or done to protect others from this exploit. I won't be using bitshares anymore.

This is not an exploit. You need to be aware of what you are agreeing to when approving a proposal.
BitShares Testnet Witness

Offline postup5

  • Newbie
  • *
  • Posts: 4
    • View Profile
  • BitShares: postup5
Re: Account Hijacked
« Reply #15 on: March 22, 2019, 02:41:48 pm »
Exploit : to make use of meanly or unfairly for one's own advantage.

Offline pc

  • Hero Member
  • *****
  • Posts: 1521
    • View Profile
    • Bitcoin - Perspektive oder Risiko?
  • BitShares: cyrano
Re: Account Hijacked
« Reply #16 on: March 23, 2019, 08:01:35 am »
It is unacceptable that nothing has been said or done to protect others from this exploit. I won't be using bitshares anymore.

A *lot* has been said *and* done. But of course it's easier to blame the tools than to admit your own fault.

If someone walked up to you and said "Hello, my name is Mr. Policeman. Please give me your money and the keys to your house, I will protect them for you.", would you do it? (The sad truth is that even in the real world people fall for this. They don't stop using money though.)
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de

Offline postup5

  • Newbie
  • *
  • Posts: 4
    • View Profile
  • BitShares: postup5
Re: Account Hijacked
« Reply #17 on: March 23, 2019, 01:19:12 pm »
I'm getting the word out to others by sharing my experience so others can see. Please provide links to what has been said and done for the sake of information.

Offline iamredbar

Re: Account Hijacked
« Reply #18 on: March 23, 2019, 02:01:36 pm »
Exploit : to make use of meanly or unfairly for one's own advantage.

Just a differing in definition.

BitShares Testnet Witness

Offline pc

  • Hero Member
  • *****
  • Posts: 1521
    • View Profile
    • Bitcoin - Perspektive oder Risiko?
  • BitShares: cyrano
Re: Account Hijacked
« Reply #19 on: March 25, 2019, 01:47:21 pm »
Please provide links to what has been said and done for the sake of information.

There are several posts in this forum where it is discussed. This thread here is almost 4 weeks old, for example.
There are several articles on steem that talk about this, for example https://steemit.com/community/@erodedthoughts/bitshares-scam-proposed-permission-update
It was/is discussed in various telegram groups.
It was/is discussed on discord.

The UI has made approving proposals a 3-step-process, see post from Stefan above. Unfortunatly, people have been taught for years that whenever their computer pops up a box they MUST NOT READ IT and the MUST CLICK ON OK.
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de

Offline litepresence

Re: Account Hijacked
« Reply #20 on: March 28, 2019, 02:17:45 pm »
I am documenting this issue here:

https://github.com/bitshares/bsips/issues/154

BSIP: Proposals Scam Prevention #154

Offline vod

  • Newbie
  • *
  • Posts: 4
    • View Profile
Re: Account Hijacked
« Reply #21 on: April 22, 2019, 03:13:05 am »
I also received a proposal from unknown source just recently and now McAfee warns that wallet.bitshares.org is risky - PUPs - this warning started on 4/18/19.   Any comments?

Offline sschiessl

Re: Account Hijacked
« Reply #22 on: April 22, 2019, 08:32:07 am »
 I saw that too...  Did McAfee show any details as to why the warning?

Offline vod

  • Newbie
  • *
  • Posts: 4
    • View Profile
Re: Account Hijacked
« Reply #23 on: April 22, 2019, 05:43:01 pm »
McAfee's risk category - PUPs - Acronym for potentially unwanted program. PUP or PUPs is a term used to describe unwanted programs such as Trojans, spyware and adware, along with other malware which may compromise your privacy.
I would like to know if BitShares are doing something to resolve it.

Offline wdfh

  • Jr. Member
  • **
  • Posts: 26
    • View Profile
Re: Account Hijacked
« Reply #24 on: July 01, 2019, 05:26:47 am »
No actually this accident can happen to anyone, the proposal is right there on the UI to accept and an uninformed / fatigued user will make the same mistake

It happened to me on Saturday... I have been using crypto since 2012 and have had a BTS account for many years. I was on OL and had just sent myself a small transfer to a phone wallet, but it was taking longer than usual. So, I checked back to my OL account and saw this new tab "proposal" with pending, I thought oh that's OL checking to make sure I want to send my funds, I even saw Openledger in the name, turns out it was openledger-delagate and a scammer. I checked back an hour later and my account balance was zero... I had been drained of 1.7 BTC converted to 300,000 BTS.

If anyone wants to take a look they can see my account name at kurtduncan

I have asked Openledger if they can refund in a goodwill gesture, but have not heard anything back.

This sort of thing should be switched off by default. I now have no crypto  :-[

Offline tsuratsura-3557

Re: Account Hijacked
« Reply #25 on: July 12, 2019, 03:04:13 am »
I am sorry to hear that you lost all cryptos.
Same with me too. Back then, total value was around $300,000.
Very disappointing.

All the best

Offline chigbolu

  • Newbie
  • *
  • Posts: 19
    • View Profile
  • BitShares: vnc-7
Re: Account Hijacked
« Reply #26 on: November 08, 2019, 07:35:12 am »
I am sorry to hear that you lost all cryptos.
Same with me too. Back then, total value was around $300,000. How did manage to cope after this loss?
Very disappointing.

All the best