Currently we have several accounts which have revealed their active keys by some unknown means. The accounts are issuing transactions of monetary transfer and power down. Transactions are aimed at selling via Huobi with memo 370411.
This is unlikely to be a new method of key theft due to the age of these accounts and their activity patterns. Regardless, seeing the attacker resurface at this time and now active is a serious matter.
[This is a live post and will be updated as more information is discovered]
Attention:
@nomadicsoul
@zulfi125
@tycoonheaven
@creativityport
@eng.ramy
@berkekucukk
@adamsmith1
@sminj400
@kkvkkv2040
@stemtube
@oussama2017
@promobyte
@ethan-felzke
@werovin
@sminj300
@harshprakash
@gigen07
@innocent97
If your name is on this list and you're still around:
- check your transactions and withdrawals
- change your keys and securely save them offline
- run a virus checker on your computer
- make sure your recovery account is set to someone you trust (not 'steem')
If you've already changed your keys please let me know below. Come talk to me on Discord at GuiltyParties [.com]#5071 (or you can find me on the main Hive Discord) when you see this message.
Think back to pre-Hive:
Anyone who remembers any 'dapps' or 'projects' that had a frontend between 2018 and 2020 with a website that accepted Active Keys without the use of SteemConnect (this would have been before HiveKeychain was the accepted norm), please respond in comments. This includes any mobile apps that existed during that time. Looking for any information, even if you forgot the name but remember what it looked like.
What we know so far:
- This is not a new incident
- We're uncovering large groups of accounts compromised outside of non-traditional phishing (not the usual phishing through links in comments)
- Thieves are not changing keys
- Possible algorithm that reacts to price fluctuations and sends a message to the thief to collect (manually)
If you never changed your keys:
- Change them asap
- Make sure your recovery account isn't 'steem'
Resources:
- Hive Recovery - A service built by @arcange that lets you set a specific account as your trustee and then initiate a verified recovery process if needed
- Hive Recovery Tools - A set of three tools built by @reazuliqbal which let you process recovery requests start to finish (for cases where the account owner and their trustee are both involved)
Special thanks to @oxidil who was one of the victims of this and spent hours trying to investigate the matter. Posting rewards from this post are directed to him. Also a thank you to @foxon for assisting with this matter.
Second List
The following list are accounts belonging to the hacker @darkwarrior33 or his victims. If your account is on this list please get in touch with me immediately. If you recovered your account let me know.
@abdomaroc2016
@abdullah2017
@abdullahtahir
@abhin
@abrarulislam
@acosmist
@adees
@adelusin
@adiza
@adnansial1
@africanyouths
@ahteshamshk
@ajortizs
@alexaaams
@alexduk
@alexissch
@ali.moznebi
@ali2056
@allthatmoney
@amazonn
@ambercookie
@amerlin
@amitbepari
@anasta12
@aniita
@aniket1997
@anmolrajput
@anshu1234
@anthony119
@antony3636
@antonyjoseph
@anuragtripathi
@anzuwanda
@arcaios26
@archaimusic
@archita
@aremuadekunle
@arianyeliza
@arindomdey
@arnoldsynchron
@arshi
@artuphay
@asadujjaman
@ashraful890
@asifasim
@asta007
@astafar
@aungminhein
@awesomeabasiono
@azzacinema
@azzedine221
@b4bull
@babyg14nt
@baechoice
@balis
@bany1886
@bashar95
@batmansfoes
@bdjihad
@bentil
@beritasatu
@beyaz77
@beyondmovie
@bishalmanandhar
@bividelosangeles
@bkehinde
@blackcritcal
@blackvshadow
@blend
@blickyer
@bloggerz
@bobbydraxler
@bothomire
@branstark
@brucebrownftw
@bslash
@btcoin
@buki121
@bunnyvest
@calebchang
@calebkelly
@cammelya
@camomile
@capturechapters
@cebuhive
@cecchetti
@ceejayy
@closdechoi
@commierad
@coolcaptures
@crownit
@cubetv
@curtneyg
@dallasgoldbug
@dan000206
@danitra
@dank-crypomemes
@danksir
@darkwarrior33
@darpmalone
@dauntlessheart
@davidebari
@debraj48
@demostene
@detoye
@dinesdiabolik
@djonib333
@drawsforfun
@dreambigbeats
@drisers
@dskphotostudio
@dudus80
@duongtam
@eetyyudeme
@em3966
@emmzykid
@emonandels
@empereur
@enciknas
@enegela
@engzp
@enjoyaceh
@ennopl
@epicdice
@eriksongutierrez
@erjay94
@ervin1810
@evilbd
@expertroyal
@exploreworld
@fadil465
@fafddon
@faglerabbi
@faisal707
@faisallone
@fajargj
@familytree
@fani.jaat
@fannygamer
@farhansadik2
@feedfancier
@felipearcanu
@ferrey
@fichte03
@financialhunt
@foreshadow
@gabriela2017
@gadol
@galerykoe
@gbengajoe
@ghugly
@gianniflash
@gourust
@graface
@groupfails
@grow23
@gtomasif
@hack-master
@hamany
@hancheolmin
@handofmidas
@harsharedy
@haryormidei
@hashirse
@heirofsigma
@hiamgosu1994
@hichamoun
@himanshugamedev
@himelhasan
@housam
@how2steemit
@htl
@htlt215
@husni12
@iam.sayanta
@iamtaheed
@ibeekay
@ibrahim-ats
@ichbinbesser
@icomatch
@idang9
@idrisbhat
@ilogics
@ilovemyindia
@impala-arts
@industrialvarez
@interfectus
@ipmus
@isnandar
@israel2929
@jackly
@jadecarl123
@james.photos
@jassensolo
@jclohanx
@jdrincs
@jeanferrer
@jesiledv
@jessonjr
@joe-limon
@johns
@jose1986
@joshelgar
@joshuaemorut
@jozinko
@jquispe03
@jrafaelrivero
@jubayer-15
@judeokhuelegbe
@jumazaibu
@junad
@junaidi
@junef
@kattenn
@keensleigh
@knaiz
@knowtheunknown
@knoxy
@koddmc
@kojotyler23
@krazypoet
@ksrinu445
@ledjo1991
@lemwgong
@lemwong
@leonardtd
@leyefash
@lifemoments
@littleblackstar
@lonelyaya
@lordgangler
@love-has-won
@lunarstica
@lurianny
@m1g66
@mac-queen
@magictaco007
@maik
@manolium
@marketexpert
@marksadow
@martylin
@marufhs371
@marzzep
@masudjahidur
@maulana-saputra
@maytinh
@mdrasel442
@meaprilia
@melaniepoffer
@melihaktas
@meliodas26542337
@mercuchito
@meyerb
@michaelemmanuel
@mikaylia
@misterakpan
@misterdianabasi
@misterking
@mithuncode
@mji
@mmaruf
@mmetal
@moelflow
@mohsen-helmy
@moneemsarkar
@morule
@mostafa219
@motai
@muammarnst
@nadillasyafira
@nadiryildirim
@nafdegreat
@naseer
@natalimcr27
@naumanramzan
@nedjo
@neeme
@nehemiah9
@nighttiger
@nikodem239
@nilanti
@nnanna
@noehuertas
@noemitorres
@noobyforex
@noustropos
@nueleffiong
@okonkwochike
@olatech
@orhansarikaya
@otsouvalas
@oussama2017
@oyinbra
@pantarzan
@papaudeme
@papiga
@paras
@parkar1
@paulomits
@pennystockhelp
@peppex96
@peterbeggars
@peterveton
@pewe
@philleas
@phuresh
@pillz99
@plvqy
@pocketcreations
@polaris98
@prashant1
@prashanthreddy
@prashantmantri
@professor.gaming
@profetajose
@proluv
@promisearts
@prosperity95
@pryncejhay
@psalmmiecrown
@puja78526
@pulpiri
@radojka
@ragtorzz
@rakibul-islam
@ramboaceh3
@rasadbsl999
@rasurinii
@rayhanul
@rchhipa637
@rdchaudhari
@rebelrose
@rechall
@rechpol
@redgriffin
@reeni
@reetabrata
@renearias
@retroid
@rexxar
@rheeza
@riaansteynberg
@ribeiroto
@richana
@richiekirui
@rickyaaron
@rinki
@robinmeza460
@rocky8796
@rsrasel26
@sabinwrites
@sajal
@sambardhakal
@sammymendoza
@sanjeev13
@sankofa
@sanluiez
@sanuvpacifist
@sara2
@satrio
@sayuthi
@shaglama
@shahz
@shamrozgill
@shaqart
@sharky675
@shayar3
@shazzad2
@shegmatech
@shlizzy
@shollex
@siddharthapal
@sihirbaz
@skiverew
@smartshw
@smocaine
@somog007
@soumen
@spacytracy
@speedtuning
@st4rk1ll3r
@stargazing
@starscream97
@steem-blog247
@steem-pays
@steem001
@steemersayu907
@steeming-ali
@steemit-ibadan
@steemus-bot
@steemwarrior
@stevethenaive
@streetstylebubu
@sukhwinder
@sureshgajera
@szjoe22
@szymciojazda
@tadour007
@tanpham
@tarmotammik
@tassosstavrou
@techprinted
@teenno
@thelocalman
@thepicarla
@thesnaps
@thewanderwoman
@tiskofun
@tistariqul
@tizi
@tmkoz
@tofm2
@tornado1014
@tosine
@travel-ok
@trongnghiasky
@tsaopas
@tuoficinavirtual
@tyler-too
@ubokobong
@ueue
@umair72023
@uneeverso
@valentinoboss18
@vforvillamizar
@vikas-rai
@villenagv
@visar197
@vleon
@vsy115
@warriorwu
@wazyquinin
@wellenwert
@wielkapanda
@willyfreddi97
@wissalhassan
@xeroxnet69
@yamp.eyes
@yanyankaryana
@yogesh
@yohan5334100
@yousuf001
@yurisincero
@zafiro.rosa
@zahrullb
@zainenn
My name is not on the list. A good reminder of some changes I need to make. Thank you!
Oh my! Hacks? I hope not. Security is the highest priority especially in times like now with Hive being so lucrative. I bet there will be more scammers on their way.
My account was hacked (probably phished) two months ago and I changed my keys already. I saw my Hives sent to someone that time. But do I get hacked again? To make sure I changed my keys again after reading your post. Thank you for notifying me by the way.
No, you're good if you changed the keys. I gave you a vote on the comment to negate the Spaminator flag and I took you off the list.
There was one that wanted active keys that was pushed by jeff berwick, but I forget its name.
It was very early on, Sep of '16.
I think it was the first to offer autovotes to everybody.
I don't think that's it but I'll keep it in mind. I don't remember it at all.
Streamian, or some such.
It was the alternative before hive.vote got going.
That sounds familiar. I didn't know it was Berwick's.
I don't think it was his, he was party to it, though.
I gave them my key to fba, thought better of it, and changed them.
I asked one of them about it and got the reply 'we are gonna do more than just vote'.
That might be findable in fba's comments.
I want to say it was some of the utopian crowd, but that could just be prejudice.
Ohh thank God I am not here this list...
Any tutorial on how people can change their active and/or posting key?
That should be done in either Peakd or Hive Blog wallet. You do end up regenerating all your keys.
My name is not on the list though I need to step up my game on security aspect.
Thanks for the reminder.
How they do it? They are really insane .
Right now it seems they made a fake app in 2018-2020 and tricked people to give up their keys with promises of earnings. I'm still trying to find out exactly what app that was.
Very strange, this kind of beast should be avoided.
What do you know about dlease.io? Is this legit?
Yeah, Dlease is legit and we know who the developers are.
Ok thanks .
Can you refer me to a post on how to set a recovery account??.. I'm not on that list but I'll love to know
Yes, take a look at https://peakd.com/hive/@arcange/introducing-hive-account-recovery which is a good service for recovery
Thanks a lot
I got value.
My account was hacked about 3 months ago I never knew how and I talked to you in discord at the time and changed my keys. this hacker @ darkwarrior33 stole over 800$ from me. between hive , splinterlands , DEC and SPS packages can it happen again ? :O
Recently I was attacked by @darkwarrior33. Currently I'm securing my account stuff and also praying to gods to defend me from this evil hacker, seriously.
If you goto "https://hiveblockexplorer.com/@aristak", you will see this evidence:
You will need to re-set your vesting route from him. Also please change your keys. Don't store the new keys online if you had done so. Google storage for example is not the right place for your Hive keys.
Thank you for the advice 😌.
Hello @guiltyparties , I'm on the list and I've changed my Password but I just posted a video after around 5-6 months but I got a downvote from @spaminator. I hope you can help in that too. Thanks in advance.
P.S. I couldn't find your discord server and that being the reason me writing here
My account is not on this list, but on the spaminator list 🤣