BEWARE of Splinterlands phishing links on Google Search Engine

image.png

.@jiann19 is one of the accounts I am managing that was hacked by @merciuz7, and merciuz7 was an account that belongs to the '@darkwarrior33' hacker and has been on the list since February.

How it happened

A few days ago while checking the accounts, I noticed that @jiann19 transferred all the liquid Hive to @merciuz7, I directly asked the true owner of the account who is my friend Jojie if he have consent on this transaction and found out that he has no idea that this thing happened.

image.png

https://hiveblocks.com/tx/8d6d7711b04279986dd1d40970bbf3bd87d8c724

So it kicks my stimulus to check what happened here because this concerns me. I run through the https://hiveblocks.com/@jiann19 to investigate what happened and just found out that @jiann19 password was changed

image.png

https://hiveblocks.com/@jiann19/~owners

Thanks to @foxon for always being helpful for teaching me where can I see the Owner Key history on hiveblocks.com.

@jiann19's password was changed twice on April 7 and April 10 by the hacker.

My friend Jojie doesn't have an idea of how the hacker stole his keys but I have done my research and found out that @merciuz7 is active on @splinterlands. I am not 100% certain but when I seek a reliable source he told me this

The mercuiz7 account belongs to the 'darkwarrior33' hacker and has been on our list since February. This type of hacker gathered account information between 2018 and 2020 so to figure out what happened one has to think back.

I have tried searching the keyword Splinterlands on google, and found this as my result

image.png

The first three from the top that showed up on google search engine were not an official @splinterlands website, the two were splinterlandss.com and splinterlands.org that were made neatly and looks like the original game itself. I am guessing that some of the victims of the hacker were from this phishing website that is trying to steal your account password by inputting your username and password.

Account Recovery process

Thankfully with God's help and mercy, we have managed to recover the account from the hacker by using the Hive's built-in recovery method which was a brainchild of @dan.

I have used https://reazuliqbal.com/HiveAccountRecovery/ to recover the account created by @reazuliqbal. Thank you for making this website look simple and easy to use for the average users like myself.

image.png

After trembling for an hour we have managed to recover it successfully

image.png

https://hiveblocks.com/tx/2602c23ebd8b69a5d760dd39916cc9844fec8c10

What can we learn from here?

Honestly, I have learned a lot from the situation, I will try to enumerate it here

  • Regularly checking our accounts is a must

In case you noticed some suspicious movement from your account, try to discover it immediately. Hackers will always try to extract all liquid assets when they get access to you, in my case, the hacker has stolen 35 hive and splinterlands cards, I guess I am still fortunate that it did have access on my Hive because most are powered up.

Bookmarking the Owner Key history of your account is I think not a bad idea to immediately see if someone has changed your password.

  • Setting up your Recovery account

If your account was created back in the Steem days (before the Hive fork), and the password and recovery account wasn't updated yet, it is a better idea to update it by changing your password and recovery account to set it to someone you can trust that can help you in the times of trouble.

Some accounts are set their recovery account on @steem which is a bad idea in my opinion as we are not already part of the steem inc. We can check our recovery account on https://www.hiveblocks.com

image.png

  • Avoid clicking suspicious link

This problem is all over the internet, not only on Hive. I see a similar problem on Facebook which is trying to get your password and use it for their evil intention. The Email of some reputable financial entities is also being used to get your personal information. Please try to be vigilant, especially when dealing with a new website you haven't encountered before.

  • Google allows scams in their ads

I am afraid that many people can get scammed if this continues, I hope @aggroed can address this, I have also talked to @guiltyparties regarding this issue. Crypto is still in the infant stage and some still haven't seen a password as long as we have on Hive and Bitcoin.

image.png

https://peakd.com/@merciuz7/wallet

The Lesson

In the meantime, the best advice I can point here is to be careful especially when login in, try to question everything first, and always double-check the URL address. Take care guys, cheers



19 comments
avatar
(Edited)

This is a serious issue. The fact that the top Google search are scams. Wonder if there's a way to rectify this.

Thanks for sharing

0
0
0.000
avatar

Yeah, I am wondering it too. Most people are still naive about the bloclchain technology, if we fail to fix this, I am expecting more can be fall on this scam. Smh...

0
0
0.000
avatar
(Edited)

The number one item which you could add in your post is to only use the lowest key possible to log in: even if it's a bad actor they cannot access your wallet to get any of your crypto, the problem is that these accounts are not hacked if you give someone access to the account by compromising the Master Password, which is the only way they can change the keys. Not rocket science but pure logic in 99.999% of the cases.
Is it possible to "hack" a 50 character password? Yes, not likely, but not impossible. Most HIVE users would not have the funds in their account that someone would even bother to try for, they would go for the major money if they have a possibility of getting it.
That Master Password and the Owner Key should NEVER be used for anything except to recover your account by changing your keys if you accidently compromised your posting key or active key.

0
0
0.000
avatar

The number one item which you could add in your post is to only use the lowest key possible to log in:

Yeah, absolutely. Thanks for pointing out that Master Password shouldn't be use all the time especially when login in

0
0
0.000
avatar

O my, this is scary and thank you for bringing this to light. Alot of lessons learnt. Hopefully this is rectified.
Tbh there should be a third party permission like an otp code or something, even after the active key, there should be another gate before final transaction. Could be via email or mobile number, this way hackers don't get fast access this way. Digital assets needs more security, not enough as of yet IMO.

0
0
0.000
avatar

If it requires that, it's not really a wallet - about the best thing to do is keep your important assets locked up tight 😥

0
0
0.000
avatar

Hive Power up is I think the one of the safest way to protect yourself

0
0
0.000
avatar

Combined with watching the account and never using the master key, it's an excellent defense :) But you still need to be alert, and never click anything different.

0
0
0.000
avatar

Yeah, we knows if we can have this kind of security in the future.

0
0
0.000
avatar

Oef i normally do not really care about my internet security. But now i have crypto and sirrious money is involved mightbe i should care more.

Posted using Splintertalk

0
0
0.000
avatar

Maybe getting paranoid sometimes can be helpful though, if we didn't check this out our account will be gone forever after 30 days. You are right we should be more careful

0
0
0.000
avatar

We have had multiple friends of ours hit over this scam.

And we definitely need some more tools to break up these scam artist rings.

And a lot of people who are really small and don't know no better need to be educated as to actual airdrops as opposed to all of the scam airdrops that are really fishing expeditions.

0
0
0.000
avatar

it is an unpleasant scenario if this happen to anyone

0
0
0.000
avatar

This is the reason why you put everything in savings as well as powering up.

Try not to leave liquid balance accessible to get hit.

And don't fall for fishing scams that are too good to be true.

0
0
0.000
avatar

Thanks a lot for this wonderful information. For someone like us coming up, it's really a good info.

0
0
0.000