You are viewing a single comment's thread from:

RE: Don't F*** with the Community - My research on the spam wave over the past few days

in #hive21 days ago

Out of curiosity - did you discover how did that happen? It's not easy to just guess or bruteforce the keys needed to perform the transfers. Did you do something stupid like posting the keys or sending master key somewhere 'trusted', or had other accident, idk, laptop/mobile stolen with keys on it, etc?

Sort:  

Well, I have the theory that I 'saved it' in my Google Account's Password Administrator and there was a security breach. Someone was able of getting the information and the rest is history.

Thank you. This actually makes it much more possible/probable course of events than someone cracking the keys.. ..on your, or anyone's account. I mean, I don't know how much you've lost, but if someone has the resources/etc to actually crack the keys, ehy go after people's wallets instead of the bigbot/pools/etc.. so some kind of a key leakage seems orders of magnitude more likely. I try to keep ears open and inquire to learn how I can leak my keys. So.. here was (probably) a security breach in a safe keystore. Ouch..

Funny thing from last week or two - someone threw out quite a lot of furniture, all not so neatly stacked under a tree near local waste containers. Pretty common thing lately, probably they had their room rebuilt or something - and there was this one desk lying flipped up side down. There was a long piece of paper, scoth-taped to its underside, now on top of it. I thought, wow, someone stuck a note there? What, "please take what you like" or something? -nobody- does that. I came closer and I saw:

"XMR WALLET
private key: blah blah blah blah...."

and there's goes a run of random 13 english words. Typical way of preserving a recovery seed. I later checked, it was actually valid, 0.0 balance, not a single transaction ever. Someone must have generated it, saved the key for later, then never used it. For fun, using their key, I ran a miner for a moment and left them ~$0.25, I wonder if they'll ever withdraw :) but just as likely I could have witnessed someone losing a whole bag of money just because their family wanted to make them a suprise over the weekend while they're away and the renovation team happily tossed their old desk.. (oO)

What would you have done if there were money on that wallet? Just curious.

And yes, I think that is what happened. I was very lazy to store the password in a safe place and I just saved it in my Google account. Now I've changed all my keys and secured them in a safe place outline. I've learned the lesson.

Btw, I don't even remember how many did I have before I got stolen, but I think I would have near 1500 HP now.

What would you have done if there were money on that wallet? Just curious.

At first, I've had a 'very smart' idea to generate a new address, send them there, then find&contact the owner somehow and pass them the new keys or just transfer to a new account/wallet.. but a quick sanity check proved that finding the owner might be next to impossible. I could put a note on the desk, but then any passer-by could try to claim to be them if I include too many details in the message. I could generate some tx to let them know, but I didn't find any message/text/note on transfers in XMR like here in Hive, bummer. I could somehow embed a message in the amounts (1337 and so on), but heh good luck for them figuring it out. And assumption they still can access that account is pretty weak. Best way to get to them is traceback via garbage locality.. Stick some posters to the doors in 100-150m area. People are lazy, they wouldn't carry furniture to a waste container further away.

Of course, if there was a figure high enough lying there, greed could kick in, finder's keeper's, and so on. I'm still a human not a saint :P But the primary plan was like I said before.

I'm actually very relieved that the account was absolutely fresh and empty. No balance to worry about, no recent sus tx to suspect theft. It's weird to find a private key, but even weirder that it had blank tx history. I actually fully re-synced the wallet two times, and also did that tiny mining mostly to see if the XMR wallet I used really worked and displayed the balance and past txs properly.