Lesson Learned: Further Investigation of Walictd Account Stolen Case

in hive-153970 •  4 months ago 

image.png
Image source

Please do not mention or tag the suspicious account name to avoid their attention to this post. I made this post to promote awareness of account security and unnecessary loss/theft issues by increasing our vigilance. I expect the recovery process of Walictd's account will be completed soon

The incident that happened to the Walictd account reminds me of the case that happened to @rayfa a few months ago, half of her account's wealth was taken away by the person who took over the account. Today I want to show all my friends how many accounts have been taken. After waiting for a while, the transfer transaction was finally carried out by the thief.

Unlike before, they would send it to an account that was deliberately created to hold the funds, but this time they sent it directly to the exchange wallet. It can be seen from the memo used to send the stolen fund from Walictd.

image.png

The memo transfer recorded in Walictd's account is to Binance Exchange Wallet

From that memo, I tried to check it down and found out that so many accounts have been hijacked since 2024-07-16, 11:51, as this link: https://steemworld.org/transfer-search?login=walictd

image.pngimage.png
image.pngimage.png
image.pngimage.png

As you can see the account has been hijacked a lot, and these red marks of these accounts are suspected Indonesian user

I explored this memo further by assuming that the account where the first transfer transaction occurs is the account that needs to be checked thoroughly. The results of checking the account were surprising, as can be seen below.

image.png

Another memo ID to Binance appears on the transaction transfer search

Using this 100036993 memo ID, I re-preform the transfer search with this incredible result as everyone can see here: https://steemworld.org/transfer-search?login=gamzvidea, and this account most likely is one of the "victims" as well. Hundreds of accounts have been compromised and collected. Doesn't this attract your attention to keep your account more secure??. You better do!

image.pngimage.png
image.pngimage.png
image.pngimage.png
image.pngimage.png

From the list of transactions, I found out that @rayfa's name popped up two times, I remember her account because I was the one who initiated the recovery process back then. What else??

Then I went back to paying attention to the most striking account transactions, then something surprising I discovered as seen in the following screenshot:

image.png

Until today this account still collects the funds from various accounts and sends them to the same Binance memo ID which is 100036993

Are these two Binance Memo IDs connected somehow? it does matter to conduct more investigation. But anyway, the two wallets with ID Memo are where the funds go to. Does it have a connection or not that need to be investigated further by someone who has good tracking skills perhaps @the-gorilla interested in seeing it? Even though I know this, there is nothing I can do other than be more careful in the future.

What really caught my attention was that the hijacked accounts were mostly from Indonesia, although they were also from other countries, the striking similarity between these accounts was the dormant accounts that had not been active for a long time. There were only one or two active accounts, but they haven't changed keys for a long time and it's also possible that they've clicked some phishing link/website without realizing it.

An important thing that we can conclude from this lesson learned is: OUR OWN NEGLIGENCE CAUSES UNNECESSARY LOSS. Meanwhile, Steemit itself has a very high level of security and is reliable.

There are several things we must understand about this platform, whether you are a beginner or you are a user who has been active on this platform for a long time, let see it:

  1. Steemit cannot recover if you lose your keys, due to your own negligence. And this is written in each of your wallets.
  2. Recovery of an account that is hacked by someone will take a relatively long time, it can even take up to 14 days calculated from the first day you initiate account recovery. This is like what happened to the @rayfa account which I recovered several months ago.
  3. Recovery can only be done within 30 days from the first time your account was hacked. After these 30 days have passed, it will be impossible for you to recover. Therefore, check your account activity regularly (I will give you tips for checking your account activity later).
  4. Account recovery will only be approved by the Steemit team if you use the original email used when creating your account. If you use a different e-mail during recovery, it is very likely that the recovery process will not be approved.
  5. Remember that the email you use to create an account is very important to maintain. If your e-mail is hacked then all your accounts associated with that e-mail will no longer be safe, it's just a matter of time.
  6. If your account recovery is not @steem or @steemcurator01, then you must get approval from them when recovering the account. If your recovery account does not have the two official names, then the recovery process can only be carried out by the person whose name is listed as the recovery account. Here I show an example.
  7. Don't ignore your account for too long without checking it, if you really think your account and wealth are important.
  8. Learn about account security and the function of each key you have, because the level of influence of each key is different.
  9. Study the tools that are available on the Steemit platform or those created to make it easier for users, for example in the following link https://steemworld.org/ from @steemchiller. The existing tools are complete, all you have to do is know the function of each existing tool.
  10. Always be alert and only use your keys where they are supposed to be.

Below I show you how to view your account activity in detail and several other tools that are important for you to know;

As I said in point number 3, here you can check your account details using steemwolrd.org:

image.png

Go to steemworld.com then click account detail, you will see your account info, and from there you can see your account update information including the keys changing information

From this, you can see whether your account has been changed or not, and if you see some updated information but you did not do it yourself, then you need to be careful and take necessary action accordingly.

As I mentioned in point number 6, about the account recovery you can see it in the same section as well:

image.png

The recovery account of el-nailul is @steemit because I created my account directly from steemit.com in 2018 and I haven't changed it since then. So only the steemit team can recover my account if any issue happens

image.png

The recovery account of @smilesouthafrica is @worldsmile because worldsmile created this account through steemworld.org and claim it. By then recovery process can only be performed by worlsmile and steemit can not do anything about the recovery process

image.png

The recovery account that is newly created is Steemcurator01, because the SC01 is the one who claimed that account and only SC01 who can recover these accounts

Finally, I would like to encourage you to learn more about the tools provided at https://steemworld.org/ because these tools are useful for you if you understand how to use them.

image.png

These are some tools that are useful for you when you understand how to use them, it can be seen when you open steemworld.org.

Thank you for reading this post and that's my explanation, I hope it is useful for other users to maintain their account security properly.

Best Regards

El-Nailul

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  

I had a good look at this over the weekend with steemchiller and whilst we have some ideas, there’s nothing conclusive.

My recommendation would be to report it to the authorities so that Binance can identify the account holder and get then arrested. Most countries will have some IT fraud law and their identity should be easy for Binance to identify. There’s usually significant prison time for this type of crime.

Yes, it is better to pay attention to it. we cannot make any conclusion since there is no valid evidence about the root cause of the case. As you have talked to steemchiller, perhaps you can find a way to expose the culprit behind these things. I once experienced in Binance that when I transferred coins to a suspicious address, they blocked it directly and canceled the transaction with a warning. Perhaps, they will do the same when it is reported to Binance.

We only have our suspicions, linked to previous events so it would be wrong to accuse anybody. One thing is for certain::

If users enter their Active (or any other key) into a system (for whatever reason), they should then change their keys

Any voting authority will remain but if somebody is trying to collect keys, then they will have the wrong ones

Keys are essentially a password to your bank account. It’s important that this is understood and treated in the same way.

It’s best for the victim to report it to the police and Binance.

You are right; changing the key after logging into a system is a "must-do". I will bring that into one of our meet-up topics in Indonesia later.

Reporting to the police will end up nowhere here in my country

Thanks for sharing such awesome content
@el-nailul!
It has been featured in
THIS BLOG SPOTLIGHT POST!

You will receive 10% of the rewards
earned on that curation post.

We have also given you an upvote and a resteem!

steemitbloggers gif 1.gif
An initiative by @jaynie

Please feel free to show your support to this initiative as well as to the authors featured within!

HAVE AN AMAZING DAY!

Thank you, friend!
I'm @steem.history, who is steem witness.
Thank you for witnessvoting for me.
image.png
please click it!
image.png
(Go to https://steemit.com/~witnesses and type fbslo at the bottom of the page)

The weight is reduced because of the lack of Voting Power. If you vote for me as a witness, you can get my little vote.

Upvoted. Thank You for sending some of your rewards to @null. It will make Steem stronger.

Wow! This is so sad!!
Okay, I have a questions, how often should a user change his keys?

PS: Great detective work! ☕

Perhaps it's not about changing your key but about how, where you save it and how easily you click on the wrong button, how many other tools are used where keys are asked (only posting keys can't do much harm). I have strong doubts change of key will avoid this unless the keys were stolen before the hard fork. That can be figured out.
If all those abandoned hacked accounts started before the hard fork...
If not the question is... how can an owner and master key be changed with only a posting key? Or is it in all those cases the active key? If that's the case what do these accounts have in common? Using the same keychain, an old fanbase, did they use another Steemit tool to post on Steemit, were these accounts active during the same period (active as in stealing keys).

Or are these two operations? 1. emptying wallets of abandoned accounts with the keys stolen during the hard fork and 2. keys stolen during... of more recent accounts.

Umh.. nothing surprises me anymore in life.
I've seen people doing strange and wonderful things.

We had a PI tell the viewers on some program the other morning about hijacking people that the best solution is never to have your banking applications on your mobile phone.
Best of all, I got an email from my banking institution the other day telling me that they will no longer support our business account if we don't have the banking application on our mobile phones for authentication. Hhhh??

The question remains: what should we do? Will we ever know? I doubt it.

Two phones...

One for banking and government stuff the other for the rest.
We are forced by banks and the government, the hea4th insurance and the doctor to use apps. All those apps preferably by using the pin code of your banking app! 😐

The government and the rest are the most and easiest sites to hijack.

Also good different bsnkaccounts

We just cannot beat technology. (•ิ‿•ิ)

None of these can be proven with solid avoidance so far because none of those stolen keys remember what they ever did in the past. The easiest way to know about it is by checking the authorization we have granted. You can use the tools in steemworld to check it and revoke unnecessary authorization in one go.

image.png

with this account is says nothing it's nearly imposdible to sign in no idea why..

If you log into some website, using any key, it is better to change the password for our good @patjewell, if you never login into a third-party application it is better to check it regularly to ensure safety (I will do it once in 3 months), I assumed that Android phone is less secure than PC or laptop especially who use Linux for their OS will have better security protection.

Thanks for the feedback friend.☕

In the end... there is always good and bad in everything.

It is best if wallets are checked at least twice a week or better after posting.

Binance is forbidden in the Netherlands so no one will help you, no need to go to the police if it comes to scam/fraud. Prison for scam? It's more a word than reality. Scammers aren't theorists unless they hack the old system of the government, the national bank (digital currency on the way), or the pms no one wants.

With me it was gregoryoo24 and contestbuddy the other names you will find as well

I find it strange (back then as well) that the owner/master key can be changed even if it's never given. Email leak, Steemit leak, the last attack of those who left and caused the hard fork? The blockchain can be hacked, accounts can be deleted and content removed, and access to the own account can be denied if needed. The average user wouldn't even notice it or think it's due to bad wifi.

I still remember all the dirty comments addressed to me after the hard fork and I'm sure I'm not the only one. Enough hate to make some wait for a chance. I find it hard to believe every user of all these accounts hit the wrong button and if most are (partly) abandoned accounts it doesn't make sense and also not many will complain.

It doesn't sound good and it doesn't make one feel save enough to invest. We better work on that.

For me, it is better to secure our own account rather than wait for someone to solve this issue, including finding the safest way to store the key somewhere.

Print it or you can learn it by head 🤔