Nanowallet hacked?

I am not sure if I should elaborate on this topic publicly. Would be basically how-to guide.

2 Likes

Maybe you are right. Anyway great job.

1 Like

this is amazing Kamil.

I understand the implication when sending back coins. What is this, a bot running stealing those funds? I would love to be able to identify such cases where it’s your bot who stole the funds, is it possible ? (address, signer pub key, whatever)

@Kamil if you found another case you can try send to hacked account transaction with message (encrypted?) containing instruction to retrieve coins. For example “Hello your coins was transfer by white hat hacker. If you want retrieve money please write new thread on forum https://forum.nem.io/c/tech-support”. It will be nice if victim provide some evidence that this is his account (maybe exchange transfer screenshots or so on). Maybe someone else has better idea.
In my opinion tip for @Kamil will be nice in this situation :wink:

2 Likes

and include something about a donation because that is very good of you.

4 Likes

I considered that (message/encrypted message) … but then decided not to use it. Because if someone else guesses the password, then he sees the message too and can claim the funds. There is no easy way how to distinguish real owner from impostor. Now if someone else guesses the password, all he sees is an account with empty balance, which is not interresting for the bad guy. Real owner knows that it is a “theft” and has motivation to get his funds back.

2 Likes

No bot. Just checking generated addresses for non-zero balance or public key present. I found dozens of addresses like this, mostly with small amounts. The danger here is that they will be used in future for some serious funds. It would make sense to spam those with warnings now, since the damage would be minimal. I am willing to give those addresses to a volunteer who would spam them (I am not sure, if it is the right approach though, because the message is like a red flag for a future attacker). Now I have no time for this, I have a real life, too, you know :wink:

So far I “secured” 3. One was already refunded, other two with smaller amounts are waiting. Pitty, I joined too late for this guy @findcoin (check his address now - the attacker even send him back his password and private key).

As of now, this is manual process and I don’t have time nor want to automate that.

Also, my 40-lines of code are not optimalized and running on single core. Very slow process. The bad guys are far more effective, Again, if you reccomend me a trustworthy volunteer, I’ll share my approach and we can split the work.

I think that such things are very good things.
There is only one problem, Japan’s law that I live in.
Personally, as a white hat hacker, I feel like saving my personal money in the future.
And I can do Full Time Commit. I think that I can respond quickly.

Thanks

1 Like

I would say @mizunashi is very well placed to do this! And I’m sure he will fit for this :slight_smile:

1 Like

Help me please too. My nano wallet (brain) hack. Please help me return my nem. Thanks

Please provide some details: your NEM address and/or transaction hash.

NBUZHA-QIJSHM-I2ZDQX-FNP7DD-Y3ZNL3-YD4UTL-4USB

7de7e987f92d7d11495d3f4fa3cdae43f465a512623e73ac1ca3e9784f833acc

-58.483 NEM

Sorry, I can not help you with this one.

Interesting fact: this account: http://chain.nem.ninja/#/search/nbt3qy-glml4f-vyn23m-mp3nyo-mfky5x-74dba5-vatx (recepient of the transaction) is the only cosignatory to several other accounts, all of them with weak brainwallet password. Did he rob them all too?

Now we know for sure there are several people searching for weak brainwallet accounts. Maybe would be worth if the comunity helps “follow the money” - i.e. the recent @findcoin’s robber (http://chain.nem.ninja/#/search/NDFUCB-7A2FZB-VMGPTG-PETYHH-TYUBXX-BCOQP2-WSIV) leads to Chagnelly(?) after several transactions …

I examined this NBT3QY-GLML4F-VYN23M-MP3NYO-MFKY5X-74DBA5-VATX when there was a previous hacking report.
This hacker is trying to be a signer of a hacked account after hacking various accounts.
This time it seems that it is not doing it.

how did he not do it?

explain how

Basically, I accumulate funds in this account.
It is about 200,000 XEM accumulated. There is only 700 XEM withdrawal to other accounts.

Withdraw to NBQEYU-UCLQ5N-LTMZAW-G3VVYW-VRT6KD-D2SXHE-JLD5

http://chain.nem.ninja/#/transfer/6f4a28cacaf9a984b2fba3473d62138e88ce0f523e2ae9caff767cb096b7fce5
http://chain.nem.ninja/#/transfer/e45aa6fb263fda7cdc67f44e6b91f279be4587d7746f4d2c073ec308e50954a5

Among 700 XEM, 499 XEM is remitted to Changelly.
http://chain.nem.ninja/#/transfer/b4825580bf18076f23bcea265f6a62f14afc6cf55341a9e474d983340b54a828

If you do a survey, there is no way to ask Changelly about this transaction.
(However, there are possibilities of fake as remittance is small.)

The criminal is remitting 5xem to me. Completely it has been played to the criminal.
http://chain.nem.ninja/#/transfer/d188126bc3028e3b36dd5ee8fe20b0ea1edd2faec4220f6e02691d7da117ce3b

what should I do?

I can only ask you about Changelly.
Please let me know that the stolen XEM was remitted to Changelly.
That transaction will be here.
http://chain.nem.ninja/#/transfer/b4825580bf18076f23bcea265f6a62f14afc6cf55341a9e474d983340b54a828
I think that Changelly knows best about what we can get with this information, so please ask for directions.

Changelly Email address: support@changelly.com