Xem got stolen from private key wallet

Tech Support
#41

If you happen to land on a malicious website with your wallet loaded and not yet purged.

My understanding is that they already have stolen many wlt-files that way. brute forcing is just a matter of time unless a password as good as the private key is being used. my weak password took them 5 days.

#42

So the lesson learned isā€¦
Never browse another site while having an unpurged NanoWallet open.

In my case an expensive lesson, but hopefully other people will benefit from that.

#43

I might be missing something butā€¦

Local storage is domain specific. Iā€™d argue that itā€™s not as easy to exploit in the wild when you donā€™t have everything running locally.
If you have nanowallet open and go to https://someothersite.com, the js on that website will not be able to access localstorage of nanowallet because it is on a different domain.
So XSS being involved makes a lot more sense, though Iā€™m not sure how they would have pulled that off. To me this looks like they were targeting nanowallet specifically since itā€™s unlikely that some generic XSS that happens to be reading local storage happens to be operated by people who know what they got their hands on. If it is targeted it is likely a site that nanowallet users are likely to visit with nanowallet open though I in no way want to accuse anyone (if we have all the possible websites itā€™ll be relatively trivial to figure out which one it was).

All in all everyone can put their panties back on. Local storage is not in and of itself insecure plus a strong password seemingly would have mitigated this attack entirely.

#44

Thatā€™s what I think as wellā€¦ I still have to reconstruct the possible sites that I have visited. I might find something. But if I were the attacker, I would probably start out with domain names similar to the official Nem sites. That way the chances are high that, by a mistype in the address bar, the victim visits that site with an open wlt-file in their local storage.

I will still try to evaluate the NanoWallet code and look for that XSS vulnerability. Maybe an unsafe evaluated JSON.

#45

Iā€™d run an ico and give 10% bonus to all XEM investors and tell them to only use nanowallet :slight_smile:
Iā€™m not making a serious allegation here, Iā€™m just joking. I doubt itā€™s dimcoin.

1 Like
#46

My wallet pass should slow them down a bit, at least 10000 years:D

#47

It must be at least as secure as the private key, to not pose an additional security threat to your wallet.

#48

Hmm but the new 1.4.0 standalone version shouldnā€™t have that ā€˜vulnerabilityā€™?

1 Like
Scammers stole my XEM
#49

I asked QM to look into this. He told me that the wallet was created with a brainphrase ā€œ12345qā€ which a bot can scan for and then clean the account.

So the wallet wasnā€™t compromised, nor the server, no the computer. The account was made with a brainphrase that is very easy for a hacker to brute force.

Remember, you brainphrase = your private key. Please use very long pass phrases when making a pass phrase wallet.

image.png911Ɨ425 252 KB

also, we all feel for your loss. we hope that somebody else can learn from this thread and be safer.

7 Likes
#50

Hi,

There is no known vulnerability in Nano Wallet and I donā€™t think it is possible to access the local storage content remotely.

The wallet created in this case was a brain wallet with a weak password, that is the problem.

There is people that scan for weak brain wallet and you got unlucky :confused:

4 Likes
#51

Thanks for the clarification.

#52

The loss of XEM has been determined to be user error, I am going to close this topic. It is solved.

2 Likes
#53
#54

ReOpen for Refund

#55

Make the topic temporarily OPEN.

@nempathic

I succeeded in obtaining 1000 XEM from a hacker who stole your money.
We process refunds preferentially from people who have stolen from the same hacker.

You have been selected for that time.
If you wish to refund 1000 XEM, please write here.

When I can confirm the writing, I will send PM for personal authentication.

In addition, please prepare new account with simple wallet as preparation in advance.

Thank you.

#56

Oh wow!
I canā€™t say how surprised I am. Iā€™m very grateful for this.
I am using a new wallet, which has been created with the Simple Wallet function. I already used it before to save some Xem from my hacked wallet before the attacker got the chance to transfer it as well. Those Xem came from a scheduled Buy from LiteBit.eu, delayed due to giropay option, that was my luck.

This new wallet address is:
NBGHKJ-WWEL76-BO3NXO-F5ALYX-22YBZP-PO4MCV-IXV6

Please state any requirements for authentication via PM as you mentioned. Thank you again!!

1 Like
#57

Considering that account of your forum is being hijacked, I will PM the item of personal authentication from now.
Please wait for a while.

#58

@nempathic
Since approval was obtained, refund work will be started.
When xem arrives, please write.

#59

Hacking hash
http://chain.nem.ninja/#/transfer/8f962c0a72839e2371ccfa37ceef3e1b13cbd8f3f3556bfa99539a47b934579f

Refund hash (part of damage amount)
http://chain.nem.ninja/#/transfer/a797a0d82b0c7c048425e360b626b5e957d16b5d57963c936864f34de2c257e8

Thanks

#60

Thank you so much! The refund arrived.
Iā€™m very grateful. It is good to know that there are still a lot of good people at work, despite some truly dishonest thieves who can only steal hard earned money from others.

1 Like