URGENT!!: STEEM.AMAL HAS BEEN COMPROMISED BY @ gandurasik011!!!

in hive-103393 •  6 months ago 

DEAR ALL WHO MAY CONCERN AND ESPECIALLY THE STEEMIT TEAM

The steem.amal account has been compromised by the @ gandurasik011, and he/she has stolen SBD 109.828 and STEEM 6.309, this data is checked on steemworld.org.

The detailed information as you can see in the picture below:

Screenshot_1 Steem.amal.png

The first information I got was today at 11.01 AM from @ anroja, he informed me that the account has been stolen and no keys could be used to access the account even though the MASTER KEY itself.

PLEASE BE ADVISED:

DO NOT SHARE ANY REWARD OF YOURS WITH THE @STEEM.AMAL ACCOUNT FOR TEMPORARY SINCE THE ACCOUNT IS UNDER-RECOVERY PROCESS. WE WILL LET YOU KNOW WHEN THE ACCOUNT TAKING BACK (WE HOPE IT CAN BE DONE SHORTLY).

INSTEAD, YOU CAN SHARE THE REWARD WITH @STEEMSEACURATOR FOR A WHILE AND THE FUND CAN BE USED FOR CHARITY PURPOSES AS WELL.

IN THIS CASE, I NEED HELP FROM THE STEEMIT TEAM TO FREEZE THE ACCOUNT WHILE THE RECOVERY PROCESS

THANK IN ADVANCE TO ALL PARTIES INVOLVE IN THE RECOVERY PROCESS

Thank and best regards

El-Nailul

Steem.amal initiator

cc:
@steemcurator01
@anroja
@steemchiller
@pennsif

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

Its a bad news so sorry to hear that. Hopefully everyone as a member steem sea community pay attention about this.

A massive thank you for sharing the valuable information to all of us, my brother

I am so sorry to heard about that
Keep struggling, brother !

I am glad the Steemit team is supporting you in this matter, always working and pending, wow it is to be alarmed but everything under control now and I am glad, greetings from El Tirano, Margarita Island.

#onepercent #venezuela

Terimakasih informasinya pak @el-nailul

I'm glad the account has been recovered. Alhamdulillah. Thanks, everyone.

Trims

👍👍👍👍

  ·  6 months ago Reveal Comment

Yupp, the even the Master Password has been compromised while we never used the master nor the owner to access the account since the account the last recovered a year ago

thank @quarantine for your concern

  ·  6 months ago Reveal Comment

This, I think, is the best explanation to what happened,, thanks.

The account was just recovered by the steemit team and support from @steemchiller (thank him very much for the endless support)

I need to recheck everything ups again

thank you for your concern @quarantine and my friend @aneukpineung78

How is life back there, I am in Banda Aceh, if you are in town, we may have some coffee during the break

Regards

Very fast Recovery.

Make sure you take out steemauto.app

This will happen again as Steem Support is unreliable and will find any oppurtunity to access any accounts he can get hold.

Make sure you take out steemauto.app

I don't understand how this can be linked to steemauto, can you explain please?

I am now living in Banten as I told you before. Life is like always, cannot complain, if you knew what I mean.
I don't see myself in Aceh in nearly time, but thanks for the offer for sure.

We used to use steemauto for our community curation and never had any issues. If I remember correctly steemauto never had access to any keys. Since that was our first concern too so it seems to me like this was a key management issue?🤷🏻‍♂️

  ·  6 months ago (edited)

Yes we did this and removed post auth.
But that’s why it doesn’t make sense that masterkey was stolen🤷🏻‍♂️? Anyway…idk

  ·  6 months ago Reveal Comment

Dear @tomoyan, @steem-supporter, @the-gorilla, and @quarantine

I don't understand at all how the master key could be compromised since the master and owner are never used at all times during transactions of the account and it is saved offline. As it was recorded the thief used the owner and changed it before he/she perform the transfer. if someone thing it is because of the auto vote service, steem.amal account never uses the auto vote service, so then it is not an issue at all.

it is still a big question for us, it is the second time happened to steem.amal account. The first one was someone changed the posting and active key but it can be controlled using the owner/master key. But, this time they took over all keys.

For ur information, I have had the experience to recover multiple stolen accounts (at least 4), and all of them never use master and owner keys when they click the phishing link or access their account. But still, all their key was compromised.

We may need to consider the new method or other possibilities the cracker/hacker used to access the account.

Do you have anything in mind?

With my best regards

I wondered the same thing which is why I can't understand the association with steem.auto.

I don't believe that you can change the Master Key with just the Owner Key (although I could be wrong) so it appears that you have had the Master Key stolen.

Which leads me to 3 possible scenarios:

  1. Your Master Key has been hacked - this feels unlikely given that the Key is so complex, unless of course somebody has "cracked" the entire system in which case we'll see a lot more of this.
  2. Somebody that you know has done it - this is an uncomfortable thought but check who else has access to your computer and where you have your Master Key stored.
  3. Your computer has been compromised - Check for SpyWare or similar installed on your machine. It could be that the hacker has had access to your account for a long time and been waiting for the best time to attack.

I'd also consider your reasons for keeping so much liquid SBD and STEEM. I'm sure you have them but consider splitting large amounts across multiple accounts - the remainder of the power was "saved" because of the 4 week powerdown period.

You have my sympathies, I can only imagine the pain that this has caused.

My preliminary investigation was the first PDF was saved in the email, and the email was not safe at all, the access key was only kept by 3 trustees persons. They were all panicking contacting me to do any possible thing to save the account.

My last computer has been clean out before I handed it over to my wife. My big regret was the SBD and Steem did not keep in the "Save balance" as they should be.

if the case is my computer, I don't have any key stored in this new computer or phone, because I never access the account using this new computer at all till yesterday.

So my best guess was they gain access to the email used to create the account and find the pdf file there, it is the easiest way to get access since the password of the email is not strong enough.

what all of us need to be concern about is finding the real cause of how someone else could get access to any account, to protect the entire steemit system and avoid miss understanding the user for the platform security issues.

I thought (if this is possible) for the steemit team could find a way to track down the thief and freeze the account so then they can not do any transactions.

can you do an IP address track of the thief account to find out from where he came from and let me know to my discord channel? @el-naillul3044

Thank you for your sympathies my friend, best regards

El-nailul

Unfortunately, I don't think Steemit will do anything. We've seen stolen money transferred through accounts before and I don't remember Steemit ever freezing an account in order to stop the funds being withdrawn.

The only suggestion I have is to look at the user of the account that has stolen your money and see which exchange the money is moved to. Once you've established that, you could phone the exchange and explain that one of their users has stolen your money (you can provide evidence of the transfer out of your account) and they might be able to freeze their account and retrieve the money for you. I've not heard any stories of this being successful either but it's worth a try - I fear that once it's gone, there I've seen little to no appetite from anybody to help get it back 😢

It's also my understanding that IP addresses are not recorded and if they were, I don't think anybody would ever admit to it. I think that your best hope is to first report the theft to the police and then to contact the exchange which the thief uses.

@el-nailul

@quarantine have done investigations for years on Hackers / Phishing.

Example Accounts

@wwefun @richardman

Have seen how it was done.

Using App can also be Storing your passwords.

You do not need to expose your passwords, there is way this ppl will steal it.

By lodging into their App.

Under Investigation Steem amal have use Steem Auto App.

If not Why would I said that.

I am busy , If you don't believe me then don't take my words.

Have A good day.