Burst thief taking from my wallet!



  • So i've had about 5000 burst stolen from wallet. I see them just sitting in there wallet, is there anything or anyone that can help me or is it a lost cause..? thanks


  • admin

    @cretin Lost cause I'm afraid - once your passphrase is compromised there's nothing you can do except create a new account with a secure passphrase, transfer any burst/assets not stolen over there, then replot.



  • Make sure you use a good passphrase. Generate one from the wallet. And never log into an online public wallet.



  • @cretin Hi I see that you have been hit by two of the Automate Bot Attacks, which although to different Addresses I am sure are the same person, as several people like you have been hit by both.

    0_1503988959063_cretincretincretin.jpg

    It's a pity that after the first theft of 3,144 Burst that you did not realise what had happened and move your Burst to a new account? The second theft of 1,599 Burst was nearly a Month later.

    I hope you have now replotted your drives and are Mining from a new Address?

    I would be interested to know what the Passphrase was, have sent you a Chat, to help to understand how the Passphrases are being found?

    Rich



  • @RichBC , we would all like to know, care to share?



  • so sad its stealing



  • @ZapbuzZ , I agree, but I see another side to it. survival of the fittest. I think these passwords are hacked by brute forcing weak passwords. The strong (brute forcers) are taking from the weak (weak passwords). The weak will either wake up and create strong passwords or die (lose all their coin). In the end, you have a stronger overall cryptouniverse.



  • @rds said in Burst thief taking from my wallet!:

    @ZapbuzZ , I agree, but I see another side to it. survival of the fittest. I think these passwords are hacked by brute forcing weak passwords. The strong (brute forcers) are taking from the weak (weak passwords). The weak will either wake up and create strong passwords or die (lose all their coin). In the end, you have a stronger overall cryptouniverse.

    yeah i remember the early days of bitcoin same thing really.



  • @rds said in Burst thief taking from my wallet!:

    @RichBC , we would all like to know, care to share?

    Not much to share at the moment, other than what I have posted on
    https://forums.getburst.net/t/wallet-theft-by-h-burst-5bgx-c7ea-a6et-baqcd/58?u=richbc

    My finding / advice continues to be.

    So far I have not found a single instance of where a Wallet has been stolen that has used the Standard 12 Word Passphrase.

    They have all been either short passwords, short phrases, phrases from known texts, Burst Addresses used as a Passphrase, the Passphrase has been exposed in some way, often in the Description Field.

    So my advice for new users would be to accept the 12 Word Passphrase.

    Be careful not to expose it or any clues to it in any description Field.
    If you have a Wallet where you have put a clue in a Description field it is no use just deleting it, you need to transfer Burst to a new Wallet, as the earlier information is there on the Blockchain for all to see.

    Keep an eye on you Wallet, there are many people whose Passphrase has been compromised where Burst is taken every Day without them noticing.

    If you really feel that the 12 Word Passphrase is not secure enough for you, don't get clever and start from scratch, just add additional words / numbers / other characters to it.

    Need more data so It would be great if anyone who have had their Wallet stolen would share the details including the Passphrase. If you don't want to put it in public then PM me.

    Rich


  • admin

    I would suggest that the new UI simply doesn't let you succeed with a passphrase shorter than 30 to 40 characters instead of a red warning...

    @LithStud, what do you think?



  • It could be a key logger but I don't think so because I've only been robbed of burst. When the online wallets were going down I must have used a fake website that stole my passphrase, although any wallet I logged into worked. After this happened I saw I still had assets, I wanted to cash out and send it to my new wallet. They beat me to it though and took my burst before I could send them. It's a sad story but a good one to learn from. I've been replotting my drives, the biggest chore.



  • @daWallet ,

    When I want to check the status of my local wallets, peers, current block, etc. I open a browser and type 127.0.0.1:8105 or whatever port the wallet is on. Then I just push and hold any key for a second to fill the box and hit enter. Always it says I have created a new wallet and there is a warning about the passphrase. Please don't take away the ability to create your own passphrase. The warning is enough.



  • I've used Burst Nation, burst team online wallets and the local ones. If my account is hacked, it isn't an easy one and i think we will all know the online wallet that logged it right? lol



  • @RichBC ,

    Interesting read. I will offer that to add to the insurance of a secure wallet you should create the wallet, then fund it with a miniscule amount. If after a few days-week the coin is intact, there is a high probability that these bots or key loggers or sniffers don't have access to your account. Then put in a decent amount, maybe $10-20 worth. Wait again for the robbers who don't want to grab just one or two burst but wait for a significant amount. If the coin remains you should be good to go.



  • @ZapbuzZ mine wasnt east to guess, who do you think logged it?



  • @cretin said in Burst thief taking from my wallet!:

    They beat me to it though and took my burst before I could send them

    But there were 23 Days between the first and second thefts?



  • i will say who i would think did it when they finally have the nerve to milk me; at such a time it will be reported.



  • @cretin said in Burst thief taking from my wallet!:

    mine wasnt east to guess, who do you think logged it?

    You are not reading my post. If the Passphrase was anything other than a completely random sequence of Characters or Words at least 30 Characters in length then it can be found by one of the many Brute force Attacks.

    Rich



  • @ZapbuzZ ,

    If someone wanted to take the time to make a dozen accounts put 100 burst in each. Associate each account only to 1 online wallet then wait to see which one gets siphoned off.



  • @RichBC said in Burst thief taking from my wallet!:

    @cretin said in Burst thief taking from my wallet!:

    mine wasnt east to guess, who do you think logged it?

    You are not reading my post. If the Passphrase was anything other than a completely random sequence of Characters or Words at least 30 Characters in length then it can be found by one of the many Brute force Attacks.

    Rich

    you are right rich my pass is well over 30 random characters so it is an impossible guess without a log 🙂