Attention! Questionnaire: Credentials Theft and Arbitrage Fraud Victims

image.png

The plan is to get to the bottom of two prominent external Hive-related cyber attacks in the near term: the credentials theft attack that drains wallets and the arbitrage fraud that tricks and steals funds. Thousands of people were affected by these combined. Since there's no point in making two posts to gather info, this one here will suffice. Those who already provided info via other means are welcome to re-share it.

Please answer the questions from the section that pertain to you. Others are asked to please avoid commenting.

Credentials Theft

Well over 5,000 Hive accounts had their funds stolen over the years and sent to 'collector' accounts which then sell on various exchanges. There are many such collector accounts, but the criminal is one and the same. The criminal moves from one account to another to avoid detection. It is believed that the criminal purchases databases of leaked social media and Google credentials and then data mines them for keys.

The keys we are talking about are Active keys or higher. Not your posting key. If you were the owner of multiple accounts that were all drained the same way, your input is particularly valuable.

  • When was your account compromised?
  • Do you have a link to the stolen funds transaction?
  • Were your keys changed?
  • Did you save your keys on paper, in a text document, or on the device in any way?
  • Do you use Hive Keychain or HiveSigner the most?
  • What type of device do you use for Hive?
  • Does your device have automatic backup features? Does it back up your work to the cloud?
  • Do you have your keys saved anywhere?
  • What social media programs do you have on the same device that holds your Active key?
  • Do you ever use Google Docs for storage?
  • Do you still have access to the same device you were using when you were hacked? Can you take screenshots of your installed apps list on it? (post screenshots)
  • Do you remember what you were doing around the time you were hacked?
  • Have you ever sent or received your keys in email or in a social media app?
  • Do you use any sort of a firewall or even adblock on your devices?
  • Do you copy/paste keys or do you type them in?
  • Did you change your keys after the incident?

Please answer the questionnaire to the best of your ability and recollection.

Arbitrage Fraud

Did you lose your funds to a scammer who told you that you can make money doing 'arbitrage'?

Many Russian-speakers have come to the official Hive social channels over the years looking for a resolution for what is known as an 'arbitrage' fraud or scam. The scam works like this: the victim is told that they can make money doing arbitrage between chains or currencies. They must send a small amount to a specified address and they will get more back. They do this a few times with small amounts. Then they are told to send a large amount and of course that is stolen. The criminal makes fake exchange accounts that look legitimate.

  • Can you tell me in your own words what happened?
  • Where did you first see this 'opportunity'?
  • Did someone talk to you or did you follow instructions on social media?
  • Can you tell me which social media profiles shared this?
  • Do you have any screenshots?
  • Did anyone chat with you on Telegram or Whatsapp? What did they say?
  • Did anyone call you? What did they say?
  • Did they ever ask you for your personal information?
  • Do you have the transactions and can you share them?
  • Did anyone ever ask you to download anything?
  • Did they ever email you anything?
  • Did you understand what Hive was when you first discovered this 'opportunity'?
  • How many transactions did you submit successfully before the funds were stolen?
  • What was the excuse used?
  • Did the criminals ever use any language except Russian?
  • Did the criminals ever reveal any contact information for themselves?
  • Is there anything important that do you think would help us with the investigation that you can share?
  • Have yourself or anyone in your family been contacted by these criminals after the funds were stolen?
  • Did you open a Ticket with your sending exchange?

Please answer the questionnaire to the best of your ability and recollection.

Sort:  

Well, I may or may not have something but not sure if it fits. my ladybug146 doesn't work, the funds are still there, I had the owner keys saved externally and only using my active key, never gave them to anyone. I tried changing it after other stuff on my computer got compromised but couldn't. My access to my account was taken around the same time my work had a payroll hack that they tried to sweep under the carpet where i suspect my info being sold on the black market and all my stuff got compromised along with it. Also got chased around the Rockies with a cyanide coffee that I had half drank and survived at around the same time along with a few other things.

Can you elaborate on what happened with the payroll hack please? You mean your company was hacked and then your account became affected? DM me if it's confidential.

I'm not fully sure besides all of our payroll app info that we used to access for e-stubs in 2021. Third party company not managed directly by my employer aka who's info got leaked. I don't know what type of company info they stored but certainly address, email, phone number, potential Social Insurance numbers, pay info, date of birth and obviously earnings/tax info, banking payroll deposit info, potentially work credentials and safety training information/certificates, photo of our driver license that type of sensitive info. I don't know much more about the hack officially as the company tried to hush it under the carpet and we are contractor employees aka temp that moves around not full time.

I tried asking them what happened but they are pretty tight lip about it and offered credit protection for x amount of time but didn't tell the employees that their info was breach until that protection was no longer available. And yes my account and my entire life became affected. Several murder attempts since, people I don't know taking photos on my doorstep, poisoned drinks and other on several occasions at public events. Illegal surveillance, stalking.

From the pay app interface, there was messages coming in stating that my pay app had an e- paystub ready and when checking, it was asking for a 3000$ in bitcoin or they would send the popo to come get me at my house, obviously I just ignored it since these are pretty frequent and there was nowhere where I could report it where the info was valued, I still can't get heard and still have to hand in the same personal info to the same company who mismanaged it in the first place. At the time my hive account was worth 10 to 15 k because the price was on a up-trend so it would have been worth while at the time.

I tried to opt out of that e-stub pay app but the company will withhold the paycheck until you hand in all the required info. Not a small company either. Affiliated with PCL labor outfit that does construction across Canada. The hack may have been more localized to the daughter company attached to. The pay directive , I'm not sure if the main employer requests it or the daughter company affiliated in refinery services. I think it may have been just the refinery services division. The company is in question is under a different name.

too good to be true always is a red flag

I wouldn't advise anyone to save his or her wallet keys on mail, Some mail severs do compromise

@bpcvoter3, sorry! You need more $IDD to use this command.

The minimum requirement is 50.0 IDD balance.

More $IDD is available from Hive-Engine or Tribaldex

I store my keys in 3 USB drives for backup. No cloud backups.

Congratulations @guiltyparties! Your post has been a top performer on the Hive blockchain and you have been rewarded with this rare badge

<table><tr><td><img src="https://images.hive.blog/60x60/https://hivebuzz.me/badges/toppayoutday.png" /><td>Post with the highest payout of the day. <p dir="auto"><sub><em>You can view your badges on <a href="https://hivebuzz.me/@guiltyparties" target="_blank" rel="noreferrer noopener" title="This link will take you away from hive.blog" class="external_link">your board and compare yourself to others in the <a href="https://hivebuzz.me/ranking" target="_blank" rel="noreferrer noopener" title="This link will take you away from hive.blog" class="external_link">Ranking<br /> <sub><em>If you no longer want to receive notifications, reply to this comment with the word <code>STOP <p dir="auto"><strong>Check out our last posts: <table><tr><td><a href="/hive-106258/@hivebuzz/hivefest-2024-badge"><img src="https://images.hive.blog/64x128/https://files.peakd.com/file/peakd-hive/hivebuzz/48VEtcvs7eskeM4UMnbMF7M6zWzjp7R3P5s1cmYTXV6ZFuVmrWL16CfUuVt1JcmRox.png" /><td><a href="/hive-106258/@hivebuzz/hivefest-2024-badge">The countdown to HiveFest⁹ is one week away - Join us and get your exclusive badge!<tr><td><a href="/hive-122221/@hivebuzz/pum-202408-delegations"><img src="https://images.hive.blog/64x128/https://i.imgur.com/fg8QnBc.png" /><td><a href="/hive-122221/@hivebuzz/pum-202408-delegations">Our Hive Power Delegations to the August PUM Winners<tr><td><a href="/hive-122221/@hivebuzz/pud-202409-feedback"><img src="https://images.hive.blog/64x128/https://i.imgur.com/zHjYI1k.jpg" /><td><a href="/hive-122221/@hivebuzz/pud-202409-feedback">Feedback from the September Hive Power Up Day

Thats crazy !DOOK


You just got DOOKed!
@fonestreet thinks your content is the shit.
They have 5/200 DOOK left to drop today.
dook_logo
Learn all about this shit in the toilet paper! 💩

It has nothing to do with your post and I apologize for that, but I want to know if you can help me with the inclusion of an investor in hive and I would like to know if you can write me by DM, again I apologize for writing you here

Loading...

Something else I came across that might be of interest unknow if it relates to me or not personally but you mentioned Russian speaking being a theme. I came across this on youtube, might be worthy to look for more info on that DOJ file/case developing.

Loading...
Loading...