added
YOBIT : NBRT3Y-QTVHLT-YBDUXH-2HHURI-5KCYDW-RWJ63Y-WIGG
CRYPTOPIA : NBQ73B-YLVGMO-7L2WFG-2VVOJH-OBWWJK-W7D3V7-UE4E
1 Like
Thank you!
I hope together we can get my money back
And if we return them, I want to give you gifts
Hi @azzzzone.
Create new secure wallet and send me the address (please don’t use brainwallet; or, if you must, use more than 6 characters this time - preferably 40). I’ll send you your XEM back.
(@everyoneelse: I hope you can see the questions popping out: Is he really owner, or someone else, who also guessed the same password? Was my decision/action right? What should I do next time?)
Comments and opinions welcome.
Kamil
4 Likes
Jesus freaking christ. This brainwallet thing was the worst idea in history. And not requiring a strong password was the 2nd worst.
To be fair, this is not an investion of nem. Brainwallets are used in many cryptos and this is simply something where the obligation to use a safe password is on the users end. You have to be kidding me if you think 6 characters are a secure password.
Hi
NCB3T4-2RRI6J-HVPK5X-AWUUSU-GE7YVP-F3VZJG-L7JO
This is the address of my wallet
There I made a very complicated password
Thank you for your honesty.
You’re right
@Kamil great job 
Maybe the community should run some bruteforce program to eliminate weak brain wallets before they are hacked by thiefs? @Kamil are you guess password (6 letters is not so hard)?
1 Like
Ok, it seems we have a happyend here.
I can not stress this enough: If you have a brainwallet with weak password, it is not a question “if” your funds will be stolen. It is only matter of “when”.
In my opinion, the sooner all those wallets are stolen, the better. For sake of the whole crypto-world.
1 Like
I am not sure if I should elaborate on this topic publicly. Would be basically how-to guide.
2 Likes
Maybe you are right. Anyway great job.
1 Like
this is amazing Kamil.
I understand the implication when sending back coins. What is this, a bot running stealing those funds? I would love to be able to identify such cases where it’s your bot who stole the funds, is it possible ? (address, signer pub key, whatever)
@Kamil if you found another case you can try send to hacked account transaction with message (encrypted?) containing instruction to retrieve coins. For example “Hello your coins was transfer by white hat hacker. If you want retrieve money please write new thread on forum https://forum.nem.io/c/tech-support”. It will be nice if victim provide some evidence that this is his account (maybe exchange transfer screenshots or so on). Maybe someone else has better idea.
In my opinion tip for @Kamil will be nice in this situation 
2 Likes
and include something about a donation because that is very good of you.
4 Likes
I considered that (message/encrypted message) … but then decided not to use it. Because if someone else guesses the password, then he sees the message too and can claim the funds. There is no easy way how to distinguish real owner from impostor. Now if someone else guesses the password, all he sees is an account with empty balance, which is not interresting for the bad guy. Real owner knows that it is a “theft” and has motivation to get his funds back.
2 Likes
No bot. Just checking generated addresses for non-zero balance or public key present. I found dozens of addresses like this, mostly with small amounts. The danger here is that they will be used in future for some serious funds. It would make sense to spam those with warnings now, since the damage would be minimal. I am willing to give those addresses to a volunteer who would spam them (I am not sure, if it is the right approach though, because the message is like a red flag for a future attacker). Now I have no time for this, I have a real life, too, you know
So far I “secured” 3. One was already refunded, other two with smaller amounts are waiting. Pitty, I joined too late for this guy @findcoin (check his address now - the attacker even send him back his password and private key).
As of now, this is manual process and I don’t have time nor want to automate that.
Also, my 40-lines of code are not optimalized and running on single core. Very slow process. The bad guys are far more effective, Again, if you reccomend me a trustworthy volunteer, I’ll share my approach and we can split the work.
I think that such things are very good things.
There is only one problem, Japan’s law that I live in.
Personally, as a white hat hacker, I feel like saving my personal money in the future.
And I can do Full Time Commit. I think that I can respond quickly.
Thanks
1 Like
Help me please too. My nano wallet (brain) hack. Please help me return my nem. Thanks
Please provide some details: your NEM address and/or transaction hash.
NBUZHA-QIJSHM-I2ZDQX-FNP7DD-Y3ZNL3-YD4UTL-4USB
7de7e987f92d7d11495d3f4fa3cdae43f465a512623e73ac1ca3e9784f833acc
-58.483 NEM
Sorry, I can not help you with this one.
Interesting fact: this account: http://chain.nem.ninja/#/search/nbt3qy-glml4f-vyn23m-mp3nyo-mfky5x-74dba5-vatx (recepient of the transaction) is the only cosignatory to several other accounts, all of them with weak brainwallet password. Did he rob them all too?
Now we know for sure there are several people searching for weak brainwallet accounts. Maybe would be worth if the comunity helps “follow the money” - i.e. the recent @findcoin’s robber (http://chain.nem.ninja/#/search/NDFUCB-7A2FZB-VMGPTG-PETYHH-TYUBXX-BCOQP2-WSIV) leads to Chagnelly(?) after several transactions …