Nanowallet hacked?

Hi!
My name is Azat, yesterday, the security of my nanowallet acccount have been broken and all my funds got stolen. There was a delegetated harvesting running on it.
The transaction has not been signed during conducting. The screenshot is attached.

You did not attach a screen shot.

If you had a brainwallet with a weak password, then your account was brute forced. Brainwallets can be accessed by anyone anywhere if they have guessed the right password.

I would like to hold down the remittance destination address, so please tell me the address of the remittance destination or your address.

https://twitter.com/cryptonumizmat/status/909757515843489792

NCHYKCJNF7XQMQDT53GVVF5Z2YA3ZOBHEXFUAXE3 this is the address of the robber of the recipient

this is the address of the robber of the recipient

If you are using Brain Wallet, hackers may be able to get a secret key without touching your wallet.
That is when the password is not long enough.
If you use brain wallet, you need a password of 40 characters or more.

And the hacked funds are also in the destination.
Apparently it looks like a personal address.

http://chain.nem.ninja/#/account/NCHYKCJNF7XQMQDT53GVVF5Z2YA3ZOBHEXFUAXE3/0

We have not sent it to the exchange or cashier yet.

Since I am a Japanese, in such cases it is common to have the police report and investigate them.
I am sorry I can not give you good advice.

Why can not you investigate this case?
I had a secure password
Money is at the robber
Can not you give me my money back?
I kept him because in Japan they protect the rights of crypto-investors

Hello @azzzzone here some info about what I can investigate on your problem:

How long was your password ?

Unfortunately, if it’s a brain wallet, there is good chances that the wallet has been hacked by bruteforce… It is recommended to use passwords of 40 characters for brain wallet… And yet, I wouldn’t advise to use brain wallets as they are simply not secure (your password is your private key…)

Also I would suggest you keep an eye on this URL: http://hugealice.nem.ninja:7890/account/transfers/outgoing?address=NCHYKCJNF7XQMQDT53GVVF5Z2YA3ZOBHEXFUAXE3

Whenever you will see anything else than {"data":[]} on that URL, it means the funds are being moved.

I would then suggest to ask the community to help you find out which exchange is being used at that time and ultimately contact the exchange. Sadly, this lets you only a very small margin of action :frowning: I could suggest using bots listening on websockets for that account so that you are notified when a transactionis occuring… but it still gives you a very small time period and if the support of the exchange will actually close the account and send back your funds is another problem :confused:

Thing to be noted tho, anyone doing support or trying to help your here, will not be able to send back the funds as this is blockchain technology: the ledger is distributed and no one but the owner of the private key or any cosignatories can send funds with an account.

wish you the best…

1 Like

If smart wallets are so vulnerable
Why are they used in the company?
What kind of bots can you offer?
I still have a chance to get my money back through the exchange

No matter how strong a password you use, hackers can send funds if the secret key is hacked.
This can be said to all terminals that have connected to the Internet.

And we do not have control over that fund.
It is a fatal problem as a cryptographic currency if nem have it.

Although there are explanations in the above, it is the exchanges that have authority to seize the stolen funds.

Please quickly confirm hacker withdrawal and contact the exchange.
Since this is a stolen case, you should also contact a state agency with power.

I only coded a payment processing and multisig cosignatory bot, not a notification bot, so with my bot you would only see a notification on the terminal when there is a transaction… https://github.com/evias/nem-nodejs-bot

There is another bot from what I know, try asking in the telegram chat and search for NemNotifications bot… I think you might need to set it up yourself though because it has been down for a couple of months now i think :confused:

How can I determine which stock exchange will withdraw funds?
I understand that I will see the address of the exchange
But I do not understand how to define a stock exchange

image (2)

2 Likes

added
YOBIT : NBRT3Y-QTVHLT-YBDUXH-2HHURI-5KCYDW-RWJ63Y-WIGG
CRYPTOPIA : NBQ73B-YLVGMO-7L2WFG-2VVOJH-OBWWJK-W7D3V7-UE4E

1 Like

Thank you!
I hope together we can get my money back
And if we return them, I want to give you gifts

Hi @azzzzone.

Create new secure wallet and send me the address (please don’t use brainwallet; or, if you must, use more than 6 characters this time - preferably 40). I’ll send you your XEM back.

(@everyoneelse: I hope you can see the questions popping out: Is he really owner, or someone else, who also guessed the same password? Was my decision/action right? What should I do next time?)

Comments and opinions welcome.

Kamil

4 Likes

Jesus freaking christ. This brainwallet thing was the worst idea in history. And not requiring a strong password was the 2nd worst.

To be fair, this is not an investion of nem. Brainwallets are used in many cryptos and this is simply something where the obligation to use a safe password is on the users end. You have to be kidding me if you think 6 characters are a secure password.

Hi
NCB3T4-2RRI6J-HVPK5X-AWUUSU-GE7YVP-F3VZJG-L7JO
This is the address of my wallet
There I made a very complicated password
Thank you for your honesty.
You’re right

@Kamil great job :slight_smile:
Maybe the community should run some bruteforce program to eliminate weak brain wallets before they are hacked by thiefs? @Kamil are you guess password (6 letters is not so hard)?

1 Like

Ok, it seems we have a happyend here.

I can not stress this enough: If you have a brainwallet with weak password, it is not a question “if” your funds will be stolen. It is only matter of “when”.

In my opinion, the sooner all those wallets are stolen, the better. For sake of the whole crypto-world.

1 Like