If your account is on any of the lists pasted by me in the comments of this post, it is either confirmed as compromised or there is a high chance that it is compromised.
If you recovered your account since the incident, please go through the 'Compromised accounts' section list below and let me know in comments when done.
If you need help, reach out on Hivewatchers Discord at https://discord.gg/CZwBzvEvsc You can find me easily at the top of the list in green.
The compiled list has over 5k accounts and is growing. Individuals in Group 1 have a good chance of recovery and are the latest victims. Accounts in Group 2 are a botnet with a few possible individuals mixed in. Accounts in Group 3 are older accounts who gave their keys out or were phished. Those keys are now stolen again. I will add groups as needed.
Main group aka Group 0 can be found here: https://github.com/gryter/darkwarrior33/blob/main/accountlist.txt
Compromised accounts:
- Use another computer to change your Hive keys, Google password, and passwords to your important accounts like banking
- Run antivirus on current computer that was used when you got hacked
- If you can't change your Hive keys please check who your recovery account/trustee is
- Contact your recovery account/trustee to begin the recovery procedure
- Once you have keys to the account and can log in, check your withdraw routes
- If you see "1" instead of "0" in your withdraw route line, use Ecency wallet to remove it (it means any power down will go into the hacker's account)
Sometimes the hackers will sit on a compromised account for months at a time doing nothing, even up to several years. Some accounts were compromised in 2018 and only activated now.
Definitions:
Recovery account/trustee account: The account that either created your account or the account that was set as such. Find it by going to https://hiveblocks.com/@youraccountgoeshere and searching for 'Recovery account'.
Withdraw route: The default is "0". This means that there are no extra accounts that your power down will go to; it will always go to your own account. If you see "1", that means that there is another account to which your power down will automatically go to. Find it by going to https://hiveblocks.com/@youraccountgoeshere and searching for 'Withdraw routes'.
General best practice:
- Keep your keys stored offline. Don't store them anywhere in the cloud like Google.
- Make sure the account that is your recovery account/trustee account is someone active and whom you know can help you recover your account if needed.
- Never give your keys to anyone.
If you have ever given your keys to any curation/rewards service and have not changed them since:
- You must change your keys if you have ever taken your key and either gave it to someone or put it into a website that stores it.
- Always grant authority via Hivesigner. Hivesigner is safe to use (although people may still misuse your account by voting or posting with it).
- But if you have taken your key or password and shared it, change your keys immediately.
Does your recovery account say 'Steem'?
See below and change your recovery account immediately.
Do you need a new recovery account?
Visit https://hive.blog/@hive.recovery/posts and follow instructions there. Instructions are provided in English, Spanish and French. This is a secure service provided by @arcange for your convenience.
Discord hackers:
- There is a wave of Discord hackers either offering jobs, posing as news reporters or even pretending to be from security companies. The companies are not real and these people are not reporters.
- The way it works is they invite you to a Discord that has a verification. When you click on the verification it will take you to a website which will steal your session token, which will compromise your Discord account irrespective of whether you have 2-factor authentication on or not.
- Never store your keys in Discord. If you use it to share keys with anyone for any reason, immediately delete any message with them.
- See example of a recent attempt below:
Please DO NOT reply to this post for any reason aside from what is stated above.
https://leofinance.io/threads/josephdon211/re-josephdon211-cjfyalua
https://leofinance.io/threads/pearlie123/re-pearlie123-2r9rqarpb
The rewards earned on this comment will go directly to the people ( josephdon211, pearlie123 ) sharing the post on LeoThreads,LikeTu,dBuzz.
To add.
This group of accounts has been part of a larger group (other main accounts are "hunterbutt", "darkwarrior33" & "sepa777".
The total amount of compromised accounts is 3470 so far.
Yes, I put the darkwarrior33 database on Github. https://github.com/gryter/darkwarrior33/blob/main/accountlist.txt
The Hive.Pizza team manually curated this post.
Please vote for pizza.witness!
Dang, a lot of compromised accounts. Be safe guys!
Hello, my account made an unauthorized transfer to another account named @auzifalevi then from that user it transferred to another account named @hamna. I lost 379 Hive. Is there any chance that I can still recovered it?
No chance.
Sorry to hear this, one of my friend @eldaniel0131 got compromised as well.
The scam started when he tried to login on a fake @splinterlands phishing website that he search on google search.
Sad that you lost money on this but the best advice I can give I guess is to change all your passwords immediately
I'm already done to all of the needed measures to secure my account. Its a harsh lesson to me, i guess.
Thanks for warning!
Thank you very much for the warning, my account was hacked a while ago and I changed the passwords, the only thing I hadn't done was check my wallet where I actually had an account of some undesirable registered. Thank you very much for the warning and for your great work.
I've taken you off the list as recovered control. You don't have any withdraw routes. You need to go through your email/cloud storage wherever you had those keys and double check every account that also had its passwords there please.
I went through this process when I saw that I was mentioned in this post, everything seems to be in order from what I could see. Thank you very much again.
Thank you for this important post. How has this happened?
Thank God I'm safe
Excelente trabajo, hay que mantener mucho cuidado con cada cuenta.
Seems I'm safe
I shared this on Twitter, I am well familiar of the feeling of getting hacked because I was a victim last September 2022.
Hopefully we can minimized this damage by spreading this information
Congratulations @guiltyparties! Your post has been a top performer on the Hive blockchain and you have been rewarded with this rare badge
You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOPCheck out our last posts:
Thanks for doing this. Reblogged.
Thank you for the alert! It's essential to take such matters seriously and ensure the security of our accounts. I'll make sure to check the lists in the comments to confirm and take necessary actions if needed. Safety and protection of our accounts are of utmost importance. Let's stay vigilant and support each other in maintaining a secure online environment. 🛡️😊
Congratulations @guiltyparties!
You raised your level and are now an Orca!
Check out our last posts:
Your level lowered and you are now a Dolphin!
Check out our last posts:
Congratulations @guiltyparties!
You raised your level and are now an Orca!
Check out our last posts:
Your level lowered and you are now a Dolphin!
Check out our last posts:
You're doing the lords work here
My name is not there...