So my account got compromised...
I logged in to Splinterlands this morning to find that all my DEC and almost all of my cards were gone. It wasn't much in the grand scheme of things - 500 DEC and about 25$ worth of cards, but it was a lot to me and even if you ignore the monetary value it's still an invasion of my privacy which has soured me on humanity a bit.
My faith in humanity was somewhat restored when I asked the nice people on the Splinterlands discord for help with this and got both sympathy and concrete help with what to do.
Tracking down the guilty party
Of the advice I got, the first one I acted upon was to track down who stole my assets using hiveblocks.com. When I looked up my accounts transaction history, I found I had apparently gifted a lot of cards to a user called @iiixiiixiii. Guess I found the guy.
I looked up his market history on Peakmonsters and wow - there was a lot of transactions. Some of the cards I recognized as cards I had lost, so some of them were probably mine.
His history of card sales went on for several pages and that was just for October 19th.
Consider this my official warning for this guy. He's up to no good and I recommend everyone to now deal with him if you should end up in contact with him somehow.
Next steps
I sent an email to the splinterlands support and opened a ticket to see if there was anything they could do to help. From what I've heard, there isn't much they can/will do about things like this, but I told them that @iiixiiixiii is the guilty one and maybe they can do something about it. I will give you an update in the future when I get a response from the support team.
If anyone from the devteam reads this post: Even if I can't get my assets back, this kind of theft can't be allowed to go on and I would at least like to see some kind of action to increase account security be taken so that this will be harder to pull off in the future.
Increasing account security
I don't know how this guy got my account details, but the most likely reason is that my email was hacked. To combat this, I changed my passwords and activated Two-factor authentication. I then changed all my hiveaccount keys and stored them in a more secure location than I had previously in case those had been compromised.
I use 2FA quite a lot and the fact that I hadn't activated it on my email is a mystery to me and a mistake I now seem to have payed for. I recommed all of you who read this post activate it everywhere you can. It really helps.
I don't know if I had accidentaly logged onto some shady site with my HIVE-account. I don't think I have, but I will be extra careful in the future of where I use the keys anyway.
Future
Unfortunately I can't really reinvest what I lost in this hack into the game at this time, so I will probably take a little break from Splinterlands until I can get back into it for real. I really like the game and I hope to see you all around in the future, hopefully with a much more secure account!
/Dirtyharry94
Electronic-terrorism, voice to skull and neuro monitoring on Hive and Steem. You can ignore this, but your going to wish you didnt soon. This is happening whether you believe it or not. https://ecency.com/fyrstikken/@fairandbalanced/i-am-the-only-motherfucker-on-the-internet-pointing-to-a-direct-source-for-voice-to-skull-electronic-terrorism
Interesting. That's why I use gmail account with 2FA on, I also try not to use common passwords on sites where money is involved.
Good luck, I hope you will get your stolen cards
Posted Using LeoFinance Beta
Yes, I try to make custom passwords for the "important" sites I use too. I think the most important thing to keep entirely separate is your email, because hackers could get access to a lot of things if they have your email. Especially if you used the same password for that as other things.
There were security measures implemented immediately after a previous attack of this nature, and these things are constantly being addressed, discussed and updated.
The most difficult part is trying to find out if this was the result of a phishing scam, hacking a vulnerability in the email system or something else entirely.
In general when we discover these things the account gets banned immediately.
For now, change your private keys, only log in using Hive Keychain (install it to your browser and insert your private keys into it) and keep posting content so that you at least have some income coming in.
Glad to hear things have been done!
Yes, I'm still not sure how I got compromised but I've changed as many passwords as I can, as well as added 2FA where I hadn't before.
Congratulations @dirtyharry94! You have completed the following achievement on the Hive blockchain and have been rewarded with new badge(s) :
Your next target is to reach 50 upvotes.
You can view your badges on your board and compare yourself to others in the Ranking
If you no longer want to receive notifications, reply to this comment with the word
STOPsorry that your account got compromised @dirtyharry94 . You can introduce yourself again in this new account. This is @macchiata from @OCD team. We saw that you already posted your first post here in Hive Blockchain! Congratulations and welcome! However, it would be awesome if you do an introduction post. As a sample of what an intro post is, you can refer to this intro post for reference:
Keeping Up With the Buzz - My Introduction to the Hive Community
There's no specific format on how you do your intro post, but there is some suggested content that we would love to see in your post. Information like who are you and where you're from, how did you discover Hive or who invited you, what types of content you want to see here and the types that you want to produce, and what are your expectations in this platform. There's no pressure on this. You can choose whatever information you would like to share.
You can tag me @macchiata on your intro if you decided to make one.
Hi!
Thank you, I think I might make one of those next time I sit down at the computer with some time on my hands. Thanks for the suggestion and I will make sure to tag you!