Thank you for your reply.
We sent the contents of personal authentication by private message.
Please confirm.
Thank you.
Dear @Osaking ,
I really appreciate your cooperation.
Since individual confirmation was obtained, we will refund the funds.
Take fund
http://chain.nem.ninja/#/transfer/5cee696960341b9053164d242a3b12c46febe375f9dab2678f655740ea8ce8df
Refund
http://chain.nem.ninja/#/transfer/27439e5e8a39d39ba25d2c66b1240dfb70fb9a578ed355d1d2e2734b02f61b77
Back up your wallet and private key securely.
Your funds were protected from Brack Hat Hacker.
Congratulations.
1 Like
Since the question has arrived at PM, I will post it.
There are two ways to change simple wallet password, transfer to new address and private key import.
Private key import has the advantage that the address does not change.
Since the original is a simple wallet, there is no problem with importing.
However, if you change the password, Remote Account address and Secondary Address will change. This is because the password is related to the child account generation method of the BIP32 account.
With Simple Wallet it is virtually impossible to analyze the secret key using the current computer. This is because the computer creates a secret key from a sufficiently long random number. However, this is a condition that the virus or hacker has not been illegally invaded.
Brainwallet will take out the funds without entering the other’s computer.
The brain wallet’s secret key is generated from the password.
Even with over 40 letters, human characters can predict to some extent.
Safety can be secured if there are 40 random characters, but nothing is kept in keeping with any precaution.
That is why I do not use it.
And it is Simple Wallet that you do not need to worry about this at all.
Simple ollet passwords are effective when a virus or hacker is infiltrated into the PC.
The secret key is encrypted with the password and it is in the PC.
If we think on the premise that it is hacked, we also need to strengthen simple wallet passwords.
This is the area where convenience and safety are balanced. It has to be decided by individual judgment.
However, there is currently software that saves passwords safely.
It is also possible to save NEM’s Wallet password in that.
In this case, even if setting a very strong password, input effort will not change.
The latest NanoWallet has a function to measure the strength of the password.
You can calculate a measure of strength using this.
Enter the password to be set for Passphrase.
Since graph and analysis time will come out below, we will check this strength with reliance on this.
First is the red part of the graph Score.
Please be sure to make it 4/4 here. There is a fear that it can be broken by dictionary attack.
Even with random values, 11 characters are required at minimum to be 4/4.
Next, pay attention to the value of “Estimated Guess Times”.
Here, the analysis time of the password is shown from the number of calculations performed per second.
· 10/second
· 10,000/second
· 1,000,000,000/second
My MacBook Pro 2013 Late (Intel core i7 2.6 GHz) is about 33/second.
From here it will be my imagination.
If you optimize the code using GPU, it seems to be about 1000 times faster. Assume a little more 100,000/second.
Parallelization is very effective for this code, so if you are rich in individuals, you may be able to go up to 10 times this level. 100,000,000/second
1,000,000,000/second will definitely need a big data center.
The following example is a random character string using all alphabetic capital letters/lowercase letters/numbers/symbols.
In case of manual input Please read after recognizing that the risk to be analyzed increases.
Example 1
Xp;f[8rFt>{sJ8& It takes more than a century at random 15 characters 10K / sec. It seems that this is the realistic lowest line.
Xp;f[8rFt>{sJ8&zMY random 18 characters has become considerably safe.
Xp;f[8rFt>{sJ8&zMYQ3 random 20 characters very safe now.
Example 2:
Let’s also assume a word password. However, for such passwords NanoWallt did not give very accurate calculation results.
Below, we will explain with the value calculated based on entropy.
imbecile clop nose ordinary cortical balboa (6 words) It varies depending on the word list to be used, but it is as strong as 15 random characters of example 1 in 6 ~ 7 words.
homolog polis serving vagrom unduly divagate stripy heath parody doorman (10 words) This is safer than the random 20 characters in Example 1.
By the way, word passwords used in hardware wallet are used in 12, 18, 24 words. (default value is 24 words.)
Both Example 1 and Example 2 are calculated on condition that there is perfect randomness.
If human hands are added here, the strength of the password will definitely drop.
In addition, this information is for reference only. Depending on the evolution of the computer, it will become a weak password immediately.
Please make a good password.
Thank you.
1 Like
Здравствуйте, у моего друга недавно был взломан мобильный кошелек и все средства были выведены. Скажите можно ли как то ему помочь вернуть свои монеты или уже нет? Спасибо, жду ответа.
This hacked account is an account I know well.
We do a lot of hacking, and funds are robbed by many people.
I am sending a mosaic called “dangerous.this_user_is_a_hacker” to the account I certified as a hacker.
You can refer to it from the following information.
http://chain.nem.ninja/#/account/NBT3QYGLML4FVYN23MMP3NYOMFKY5X74DBA5VATX/0
This hacker does not show how to dispatch so much money.
Because it is very difficult to identify.
If you want to collect the funds, you will always need to monitor this account and hold down where you brought it to the exchange.
Currently it has not reached it yet and it is the current situation that there are not enough people to monitor at all times.
Before hacking in the future, I am doing activities to help as many people as possible. However, it is very difficult to respond after hacking.
I am sorry that I can not be a help.
(Машинный трансстарион)
Эта взломанная учетная запись - это учетная запись, которую я хорошо знаю.
Мы делаем много взлома, а средства ограбляют многие люди.
Я отправляю мозаику под названием «danger.this_user_is_a_hacker» на учетную запись, которую я сертифицировал как хакера.
Вы можете обратиться к нему из следующей информации.
http://chain.nem.ninja/#/account/NBT3QYGLML4FVYN23MMP3NYOMFKY5X74DBA5VATX/0
Этот хакер не показывает, как отправить столько денег.
Потому что его очень трудно идентифицировать.
Если вы хотите собрать средства, вам всегда нужно будет следить за этой учетной записью и удерживать ее там, где вы привели ее на биржу.
В настоящее время он еще не достиг этого, и в нынешней ситуации недостаточно людей для постоянного наблюдения.
Прежде чем взламывать в будущем, я делаю действия, чтобы помочь как можно большему количеству людей. Однако после взлома очень сложно ответить.
Мне жаль, что я не могу помочь.
Two “well known” hackers addresses are:
http://chain.nem.ninja/#/account/NBT3QYGLML4FVYN23MMP3NYOMFKY5X74DBA5VATX
and
http://chain.nem.ninja/#/account/NCWPLQCVARBYXXPCC3KDAZUQ4MNL2LNS7YIRM2XU
(both are working systematically, both are still active, it seems the later even robbed NDOPCL-UMPKYC-VAZ6C4-PXHEYU-LNKUUB-ZMOWVE-2O44 yesterday, - 29k XEM)
1 Like
Hacker tokens have been sent to these two addresses.
1 Like
Okay, so are we sure everyone who posted a mobile sceenshot created those wallets as brainwallets ? Because I doubt that if it not, then there is a seperate issue that needs adressing and now.
1 Like
Up to now we are offering a screen of mobile wallet to two people.
One person has confirmed brain wallet.
Another person knows that hackers are attacking against Brain Wallet usually, so I can almost assume that he are using Brain Wallet.
Therefore, the case of mobile wallet reported here is thought to have created brain wallet with NanoWallet and imported it into mobile wallet.
Thanks
@mizunashi decides what level of “confirmation” is sufficient. If it is “small” amount, just the fact that someone is both complaining and knows the password is enough. For larger balances, he may want him to step out of anonymity. Of course you can never be sure, if it is the real owner or an impostor. But if someone else wants to claim the same address later, at least there is real person to blame then. (Evereyone is welcome to suggest better solution 
)
1 Like
Report matter:
Today, I received the following payment in the deposit pool account.
I do not understand this deposit.
dim.coin 19,480
http://chain.nem.ninja/#/transfer/542730e68e387633857bb27d198b6ac00079a243e77fcd329f07ac6784858fb0
I asked the people of White hut hacker that they have not confirmed all of them, but they said that they did not make this remittance.
The sender’s address is below.
http://chain.nem.ninja/#/account/NDITFGFUTRO7P3UPZSWQBTC7OUIYJSG7SU6OXE6C/0
With this address, you can check the address of Black hat hacker at the address he are sending/receiving.
NCWPLQ-CVARBY-XXPCC3-KDAZUQ-4MNL2L-NS7YIR-M2XU
I do not know what kind of idea he is sending money.
First, we have issued a warning sentence to the remittance source.
1 Like
I will inform you that there was a refund of 1000 XEM from Black hat hacker.
Hacker is trying to get me down, but this 1000 XEM would like to use it for refund to the victim who this hacker robbed.
The funds were sent to my personal address.
http://chain.nem.ninja/#/transfer/22f9f76ac88382bdacec43b595de7cd986a415e9112045a92ad0f10d4bbc900b
The Russian language of the message is written like this.
Спасибо за помощь. Вот ваша доля, как мы договорились.
I remitted the transferred 1000 XEM to the refund pool address.
http://chain.nem.ninja/#/multisig/aa7eb2ccc7dcd06ac5145bf87fc6058e12aca3fba6d62c02d4cb049fed9c0b57
Thanks
1 Like
There are multiple possibilities:
a) he is feeling threatened and fights back - trying to create false “evidence” and implicate/frame others by sending them transactions, which pretend to be payment for some kind of services; pitty, what is on the blockchain can not be reversed - we have his first changelly withdraval no matter what he does now; welcome to the pseudonymity topic!
b) he is creating chaos just to waste our time, so we can not “steal” more of “his” money (from purely secured brainwallets)
c) he is having fun and is really enjoying it (this is most likely)
There is something obvious also: He is carefully monitoring this forum. (Hello M2XU, how are you? Are you sleeping well?)
I would consider those 1000 XEM he sent as a success. @mizunashi, please continue doing a great job!
1 Like
To: Black hat hacker.
Please send me all the better.
We will deal to the victims.
thanks
1 Like
We made a refund for the hacked account.
The URL of the topic for which refund was done is as follows.
This is paid from funds sent by hackers.
thanks
with so many issues, shouldnt the brain wallet be removed altogether?
also quick question, does a ‘purge’ completely remove risk of wallet being hacked?
1 Like
I want to eliminate it.
However, in order to realize that, we must obtain consent from the community.
Originally, this function was prepared at the request of the community.
thanks