Lost XEM tokens yesterday

Hi,

My tokens were sent from my wallet NDFUCB-7A2FZB-VMGPTG-PETYHH-TYUBXX-BCOQP2-WSIV to NCWPLQ-CVARBY-XXPCC3-KDAZUQ-4MNL2L-NS7YIR-M2XU without my knowledge.

I found this wallet on the forum, which confirms that this is not the first case of fraud. Scammers stole my XEM

I have full access to the wallet, I own it. What can I do to cancel the transaction and return the money back to the wallet?

How can I contact the support directly or should I use a forum for this?

Guys, this is a big amount

1 Like

Yes it is. I am very sorry that it was stolen from you. There is no way to reverse a transaction.
http://chain.nem.ninja/#/transfer/0efcd05451686b1dbd09308d58839bd20b991c3f586d72f7f1c2cb4ecd0aaad6

Most likely you were using a brainwallet, and a weak password, like noted here: Scammers stole my XEM

Creating a simple wallet is a more secure option, as your account can’t be brute forced.

Again, I am very sorry for the loss.

What you mean you are very sorry? Why do you refuse to do anything if a part of the blame for this loss is your responsibility too? What do you mean, I had to create a wallet with security options, and why could I even create the wallet without these options? Why, by default your wallet does not install them and does not report that with almost 100% probability the wallet will be hacked in the nearest future?

This is not the first case of hacking on your forum, such requests appear with a frequency of several days!!! If you look at the transactions that come to the wallet of the hacker – he hacks an account every day!!! I lost not 1 thousand, not 5 or even 10 thousand, I trusted you 30 thousand dollars, and you forgot about security and that is in 2017??? And released a software that can be brut forced!!! Delay of 15 seconds after 5 attempts of unsuccessful entry of the password, and no one even tried to do something! But you are delivering software that can be compromised and do not include default protection options!!!

Now it looks like you are in a collusion and the whole project is designed for just money laundering! You have all opportunities to punish the hacker, to correct the situation with the search of passwords and return this transaction. I have all the evidences that I did not do that transaction and you know it very well too. This wallet was accused of fraud more than once on your forum!!!

Help me to return my money, punish the hacker on public, and prove that you are a serious project and fight against theft. Show that you are protecting your users, rather than throw them out! This issue is very easy to be resolved!

I do not understand the background, but please let me check only one.
Do you ignore this warning when creating a wallet?

it’s crucial to select a SAFE passphrase with at least 40 characters.

I am sorry to hear this, but it looks like you are missing some basic information about public distributed ledger technology.
TRANSACTIONS ARE IRREVERSABLE.
There is only one person that can do anything about your situation now, and it is the guy who stole your xem…

The owner and ONLY the owner of private key has all the power over everything in corresponding address.

mizunashi, maybe in nanowallet should be integrated confirmation before create brain wallet with weak password? As I understand you can’t enforce strong passwords in brain wallet because should be possible import old passwords? Confirmation shoule tell user about posibility to brute force account with weak password.

findcoin NEM is one of most secure blockchains with multisig accounts, coming trezor integration and so on. Unfortunately user should use this security options and look at warnings (password in brain wallet must be very strong).
Also confirmed transaction can’t be reversed in all blockchains. Not only NEM but also bitcoin, ethereum, litecoin and so on.

I’m sorry you lost your XEMs.

Enforcement of stronger passwords coming soon https://github.com/NemProject/NanoWallet/issues/251
Shame it’s too late for some people but at least it’s coming.

1 Like

I’m sorry, English depends on translation software.
I will answer in the range to understand.

Changes to forcibly eliminate weak passwords on the program side have been decided.
It will not be accepted in the next release.

Also, I think that it is necessary for people who are currently using it to be reconfirmed privately.

If you are using a brain wallet, short password.
Make a new address with Simple Wallet, or make an address with Brain Wallet using a passphrase of 40 letters or more.

After that we need to transfer the assets to the new wallet and discard the old wallet.

I am an ordinary person about NEM, so I am waiting for future response and announcement.

Exactly. We are already taking action.

Friends, I think it will be fair to expect compensation. My password was not 20 characters, but >8. If the program is not protected from password brute-force, it will be hacked sooner or later. Put 20 characters of your password, it’s still hacked, it’s a matter of time!

While the program will not be protected from a brute-force - all wallets can be compromised! The hacker is looking for a large amount transaction and starts searching for a password, in my case it took 4 days! If they want to crack more complex passwords, they will just spend more time and effort for this.

Understand, in 2017, the program should be protected from brute-force passwords! It’s a developer’s fault, not my fault. Such cases harm the reputation of NEM, because a significant amount of money was stolen through their fault. The company must have mechanisms to influence violators and protect its users who have entrusted money to NEM!

Wow. Very sorry. I have also lost a masternode from PIVX aprox 18.000 usd also from their wallet also nobody doing nothing also to a hacker that were robbing others everyday. So i am really curious how NEM community will deal with your situation. Good luck!

It’s fair to ask for it but I wouldn’t get my hopes up. You can certainly not expect it. The warning says at least 40 characters so >8 isn’t gonna do you a whole lot of good. Nothing was compromised, no failure in the software caused this.

It’s not the program. You don’t understand how brainwallets work. If 2 people use the same password, they get access to the same account. That’s because the private-key is derived from the password, which is how brainwallets generally work and which is why it is so important to use strong passwords. All the “hacker” has to do is create wallets all day and wait until someone comes along and uses one of those weak passwords. That’s what’s happening. Nobody is looking for tx and then starts bruting passwords.

It’s your fault for not using a strong password. This has nothing to do with nem or the developers. It’s how brainwallets work.
I agree absolutely that he warning could be bigger and that strong passwords should be enforced, which is exactly what will happen with the next version. However it won’t make the wallet more secure. It’ll just prevent people from making mistakes. They are still the peoples mistakes though.

Now what people can do is contact the exchanges the bad actor is using to cash out those XEM. They have the identity they can track him down or even return the funds if you can convince them.

Everything you described is very funny.

When there is such a problem that there are no logins in the system, and users using a password can go into someone else’s account - this is a huge security hole. You recommend a password of 20-40 characters, but this does not exclude the possibility of logging into my account. Do you understand this? This is a HUGE hole in safety. Even assuming that I use a password of 20 characters - there is a chance that it will match up with another user and the more such users will be - the higher the chance. Do you understand this? This not normal. It is not safe! You recommend longer passwords to reduce the chance of getting into someone else’s account, but you do not exclude it!

But in the case, it was completely different. Indeed, my password does not contain 40 characters, but It is not an easy password! You understand, he steal the money of users who trusted their NEM! This is not the situation when I used a common password and the person accidentally got into my account and stole my money. This hacker is constantly engaged in stealing money. Because there is a security problem in the NEM system.

This is not an accident, it is a purposeful use of the vulnerability of the wallet. This is a purposeful theft of funds from the wallet. The hacker saw 30 thousand dollars in the account and started hacking my account. A longer password would simply increase the amount of time it takes to crack and that’s it. The problem is not solved the way you described it!

This man steals money is not the first time!!

http://chain.nem.ninja/#/search/NCWPLQ-CVARBY-XXPCC3-KDAZUQ-4MNL2L-NS7YIR-M2XU

Do you see this? He is constantly hacked other accounts, he constantly transfers other people’s money to wallet. The problem can not be solved simply by using long passwords, the wallet should be protected from brute force. Do you understand this?

NEM’s management must have tools that can affect fraud within the system. This spoils the reputation NEM in the whole crypto community! Stolen 30 thousand dollars. I did not have a simple password. Money send to hacker who does this not the first time.

Why do they close their eyes to this? Tomorrow you can be in my place!

It’s how brain wallet works doesn’t matter if it’s Nem or Eth or bitcoin, not Nem specific.

It Nem can fix your problem and reverse a transaction, its price would go to zero today. It wouldn’t be a decentralized block chain then.

It’s absolutely amazing how people start using technology they have no idea about and then start blaming the tech for their own mistakes. Granted, things aren’t always intuitive, this is all still beta software, but people need to realize they entering a highly technological space that isn’t always ready for regular Joe yet.

I bought a car, drove 100mph on the freeway and then put it in reverse. Now that outta be the manufacturers fault. Clearly I should be able to mishandle their product any way I like and get away with it.

2 Likes

Realy? Do you think the norm is that there are people in the system who hack into accounts with impunity? The wallet misses “simple passwords” (in his opinion), hackers steal money constantly.

As sad as it is, yes, this is and has been the norm for years in the crypto space. When decentralization takes over there is no authority to rectify these things.

Hi,
My condolences…
You can not get your money back. To contact the support you should use a forum. They will reply that your password was not strong enough.