BEWARE of Splinterlands phishing links on Google Search Engine
.@jiann19 is one of the accounts I am managing that was hacked by @merciuz7, and merciuz7 was an account that belongs to the '@darkwarrior33' hacker and has been on the list since February.
How it happened
A few days ago while checking the accounts, I noticed that @jiann19 transferred all the liquid Hive to @merciuz7, I directly asked the true owner of the account who is my friend Jojie if he have consent on this transaction and found out that he has no idea that this thing happened.
https://hiveblocks.com/tx/8d6d7711b04279986dd1d40970bbf3bd87d8c724
So it kicks my stimulus to check what happened here because this concerns me. I run through the https://hiveblocks.com/@jiann19 to investigate what happened and just found out that @jiann19 password was changed
https://hiveblocks.com/@jiann19/~owners
Thanks to @foxon for always being helpful for teaching me where can I see the Owner Key history
on hiveblocks.com.
@jiann19's password was changed twice on April 7 and April 10 by the hacker.
My friend Jojie doesn't have an idea of how the hacker stole his keys but I have done my research and found out that @merciuz7 is active on @splinterlands. I am not 100% certain but when I seek a reliable source he told me this
The mercuiz7 account belongs to the 'darkwarrior33' hacker and has been on our list since February. This type of hacker gathered account information between 2018 and 2020 so to figure out what happened one has to think back.
I have tried searching the keyword Splinterlands
on google, and found this as my result
The first three from the top that showed up on google search engine were not an official @splinterlands website, the two were splinterlandss.com and splinterlands.org that were made neatly and looks like the original game itself. I am guessing that some of the victims of the hacker were from this phishing website that is trying to steal your account password by inputting your username and password.
Account Recovery process
Thankfully with God's help and mercy, we have managed to recover the account from the hacker by using the Hive's built-in recovery method which was a brainchild of @dan.
I have used https://reazuliqbal.com/HiveAccountRecovery/ to recover the account created by @reazuliqbal. Thank you for making this website look simple and easy to use for the average users like myself.
After trembling for an hour we have managed to recover it successfully
https://hiveblocks.com/tx/2602c23ebd8b69a5d760dd39916cc9844fec8c10
What can we learn from here?
Honestly, I have learned a lot from the situation, I will try to enumerate it here
- Regularly checking our accounts is a must
In case you noticed some suspicious movement from your account, try to discover it immediately. Hackers will always try to extract all liquid assets when they get access to you, in my case, the hacker has stolen 35 hive and splinterlands cards, I guess I am still fortunate that it did have access on my Hive because most are powered up.
Bookmarking the Owner Key history
of your account is I think not a bad idea to immediately see if someone has changed your password.
- Setting up your Recovery account
If your account was created back in the Steem days (before the Hive fork), and the password and recovery account wasn't updated yet, it is a better idea to update it by changing your password and recovery account to set it to someone you can trust that can help you in the times of trouble.
Some accounts are set their recovery account on @steem which is a bad idea in my opinion as we are not already part of the steem inc. We can check our recovery account on https://www.hiveblocks.com
- Avoid clicking suspicious link
This problem is all over the internet, not only on Hive. I see a similar problem on Facebook which is trying to get your password and use it for their evil intention. The Email of some reputable financial entities is also being used to get your personal information. Please try to be vigilant, especially when dealing with a new website you haven't encountered before.
- Google allows scams in their ads
I am afraid that many people can get scammed if this continues, I hope @aggroed can address this, I have also talked to @guiltyparties regarding this issue. Crypto is still in the infant stage and some still haven't seen a password as long as we have on Hive and Bitcoin.
https://peakd.com/@merciuz7/wallet
The Lesson
In the meantime, the best advice I can point here is to be careful especially when login in, try to question everything first, and always double-check the URL address. Take care guys, cheers
This is a serious issue. The fact that the top Google search are scams. Wonder if there's a way to rectify this.
Thanks for sharing
Yeah, I am wondering it too. Most people are still naive about the bloclchain technology, if we fail to fix this, I am expecting more can be fall on this scam. Smh...
The number one item which you could add in your post is to only use the lowest key possible to log in: even if it's a bad actor they cannot access your wallet to get any of your crypto, the problem is that these accounts are not hacked if you give someone access to the account by compromising the Master Password, which is the only way they can change the keys. Not rocket science but pure logic in 99.999% of the cases.
Is it possible to "hack" a 50 character password? Yes, not likely, but not impossible. Most HIVE users would not have the funds in their account that someone would even bother to try for, they would go for the major money if they have a possibility of getting it.
That Master Password and the Owner Key should NEVER be used for anything except to recover your account by changing your keys if you accidently compromised your posting key or active key.
Yeah, absolutely. Thanks for pointing out that Master Password shouldn't be use all the time especially when login in
O my, this is scary and thank you for bringing this to light. Alot of lessons learnt. Hopefully this is rectified.
Tbh there should be a third party permission like an otp code or something, even after the active key, there should be another gate before final transaction. Could be via email or mobile number, this way hackers don't get fast access this way. Digital assets needs more security, not enough as of yet IMO.
If it requires that, it's not really a wallet - about the best thing to do is keep your important assets locked up tight 😥
Hive Power up is I think the one of the safest way to protect yourself
Combined with watching the account and never using the master key, it's an excellent defense :) But you still need to be alert, and never click anything different.
Yes HP is great too.
Yes true. But😢
Yeah, we knows if we can have this kind of security in the future.
https://twitter.com/hiro_hive/status/1514463813407490048
The rewards earned on this comment will go directly to the person sharing the post on Twitter as long as they are registered with @poshtoken. Sign up at https://hiveposh.com.
Oef i normally do not really care about my internet security. But now i have crypto and sirrious money is involved mightbe i should care more.
Posted using Splintertalk
Maybe getting paranoid sometimes can be helpful though, if we didn't check this out our account will be gone forever after 30 days. You are right we should be more careful
We have had multiple friends of ours hit over this scam.
And we definitely need some more tools to break up these scam artist rings.
And a lot of people who are really small and don't know no better need to be educated as to actual airdrops as opposed to all of the scam airdrops that are really fishing expeditions.
it is an unpleasant scenario if this happen to anyone
This is the reason why you put everything in savings as well as powering up.
Try not to leave liquid balance accessible to get hit.
And don't fall for fishing scams that are too good to be true.
Thanks a lot for this wonderful information. For someone like us coming up, it's really a good info.
my pleasure