Hacked & Survived - Be Prepared

Greetings to all,

As it is my first time publishing within this community, I decied it would be important to share the experience that just happened to me, for future references and for people whom it might happen to :

I got hacked (sepa666).

A few days ago, I logged on in the morning, as I often do, and as I used HiveKeychain to connect, I received a strange notification telling me my keys were not valid anymore - at least on the keychain (so far).

Welp, I thought it was strange and wonder what it could be, but so far, no worries in mind.

Then as I landed on my wallet page, I realized that 1) all my hives were gone, 2) a power-down had been initiated and 3) my savings was being emptied to another account.

Here it is, I'm screwed, thought I.

I quickly did some research, and looked for my Trustee/recovery account, which in my case was a friend and not an automated service. He directed me towards @hivewatchers and their Discord, who also directed me towards @arcange and their Discord.

From there, I was directed towards 2 services :

  • The hive account recovery service from @reazuliqbal, in order to recover my account, change password and generate new keys
  • Hivetask in order to change the vesting route - to whom the power down would be sending the power, which had been changed by the hacker to was-my-nippies

Now, I have recovered my account, stopped the power down and the saving's transfer, but I've lost a fair amount of hive/liquid hive to that hacker.

Hive Account Recovery by @reazuliqbal :

1.png

  • Start the process by clicking on Recover Account, which will lead you to the following page

2.png

  • Type in the account you wish to recover, generate a new password (save it somewhere safe before clicking on Get Owner Key, and then sending the New Public Owner Key to your Trustee)
  • Now, your Recovery Account / Trustee will have to go to the same site and click Request Recovery, which will lead them to the following page :

4.png

  • They will then add your account name (that you wish to recover), the New Public Owner Key that you have sent them (and not the PASSWORD that you have kept safe somewhere), and their own account name (Trustee Account). They do not need to enter their active private key, Hive Keychain will take care of that step.

  • Once they have send the recovery request, you, as the account you want to recover, will have 24 hours to proceed to step 3 of the first page (the Recover Account page) and accept the recovery request :

3.png

  • Enter your account name again, the PASSWORD that you have kept safe somewhere, and then your previous PASSWORD that you (also) have kept safe and sound somewhere ; in the case your account has been hacked and your keys changed, your previous password (recent) will still be considered a "valid recent password" for the following 30 days, if I'm remembering correctly

  • Once this is done, click recover account, and bim bam boom Bob's your uncle, and the new Password you have generated in step 1 is now your new master password. If you want to change your keys, and you need to see them, you can see the rest of your keys with a tool such as this key generator, by simply entering your master PASSWORD and checking the rest of the keys associated with it - save them somewhere safe.

Now, let's talk about vesting routes

It's possible that if you've been hacked, the hacker has changed the vesting route to another account to take possession of the power down. I saw that while looking in my "recent transactions" from my wallet, but had no idea what it meant.
Here's a good article about what they are and how to change them, that was given to me by @mein-senf-dazu who has been a big help in the process. I won't describe and write down the process, as this article does it very clearly and simply.

A few tips and tricks I've learned from the experience :

  • Do not store your keys on a text file on your computer or on your phone if you aren't confident in your security integrity, a rootkit or a malware downloaded from the web would give that access to anyone quite easily
  • Chose your Trustee account wisely, in the case of that event, or opt for one of the different services proposed by hivetask and hivechain app - remember, it takes 30 days to change your recovery account
  • Don't freak out, you've got time to stop the power down and to cancel a saving's transfer, so get working as soon as you notice something is off
  • Change and update your keys regularly (or at least from time to time), and keep backups of your old keys on a separate drive/device, in case you need to perform a recovery, then DELETE them from existence
  • Join @hivewatchers and @arcange 's Discords, as they are very helpful in such cases
  • If you feel like the integrity of your computer, of your gmail, of your firefox account, or phone, or whatsoever that has access to your hive KeyChain or some sort of credentials, is comprised, then perform a change of keys as soon as possible
0.01400123 BEE
3 comments
(edited)

Excellent!
We are very happy that you have recovered your account :-)

@arcange @reazuliqbal

0 BEE

Hi, i was searching about hive security and came across with your post. So sorry that this happened and i would like to understand more about what happened.

Do you think you exposed your keys in phishing website or you got hacked?

You had your keys on mobile and pc as text?

Asking cause looks like this guy is searching targets across hive.

Quick investigation found this:
Maybe you can try to see who this memo belongs to.

Sent to bdhivesteem-54.070 HIVE
Aug 29, 2023
100036993
Withdraw from vesting54.070 HIVE
Aug 27, 2023
Sent to deepcrypto8-54.038 HIVE
Aug 22, 2023
100276706
Withdraw from vesting54.038 HIVE
Aug 20, 2023
Sent to deepcrypto8-54.007 HIVE
Aug 15, 2023
100276706
Withdraw from vesting54.007 HIVE
Aug 13, 2023
Sent to sepa666-53.982 HIVE
Aug 9, 2023

0E-8 BEE

Also, do you have the vesting routes article to share?!

0E-8 BEE

I put a link to it in my post ! :-)

0.00001822 BEE

Glad to read you were able to recover your account @julesquirin

0E-8 BEE