Recently, everyone has probably noticed a sharp drop in the blurt price on the Probit exchange.
The situation is not accidental. There was a theft of funds from the account of the well-known curator @R2cornell, which were transferred by the thief to the account: @richardman.
The account was reported to Probit and blocked, but unfortunately the thief had already withdrawn the funds.
This is over 240,000 blurts that were sent from the @R2cornell account to the probit exchange.
Due to this situation, @R2cornell unfortunately decided to resign from the curatorial project and is withdrawing the rest of the funds from his accounts, which is why further declines occurred after the theft.
It is not known how exactly the active key was leaked from the colonel's account. Steps have been taken to determine whether this could have been a vulnerability in the devices or network, but this is unlikely.
Other possible scenarios include a keylogger or other software used to extort data on one of the colonel's personal devices, or human error in giving the key to an unauthorized person.
Whatever the true scenario, we encourage users to take security issues in blockchain networks very seriously.
The network environment is a place where security is a matter of a programmer versus hacker arms race.
Most often, data loss occurs when the user allows himself to be approached by a hacker in some way.
- Be sure to change your blurt keys if you haven't changed them yet after splitting from the Steem chain! If you have the same key here and here, no one can guarantee you that someone from the steem network will not use these keys here.
- Never open links or emails of unknown origin.
- Do not use suspicious applications.
- Take serious care of the security of your operating system (antivirus programs, firewalls, etc.)
- Do not store your keys on devices unless on encrypted disks or virtual drives. It's best to use brand new Ledgers to store keys.
- Protect physical prints of your keys. A safe may sound like a joke to some people, but if you have larger funds, it's no joke ;) It also happens that someone from our close circle, aware that we have large funds in cryptocurrency accounts, can take advantage of a moment of our inattention to take a photo of our keys and use anonymity. networks to steal our funds.
Best regards and stay safe.
Ostatnio zapewne każdy zauważył gwałtowne spadki ceny Blurta na giełdzie Probit.
Sytuacja nie jest przypadkowa. Doszło do kradzieży środków z konta znanego wszystkim kuratora @R2cornell które zostały przelane przez złodzieja na konto: @richardman.
Konto zostało zgłoszone do Probit i zablokowane jednak niestety złodziej zdążył już wycofać środki.
To ponad 200 tysięcy blurtów które zostały przesłane z konta @R2cornell na giełdę Probit.
@R2cornell z powodu tej sytuacji zdecydował się niestety zrezygnować z projektu kuratorskiego i wycofuje resztę środków ze swoich kont w związku z czym po kradzieży nastąpiły dalsze spadki.
Nie wiadomo jak dokładnie doszło do wycieku klucza aktywnego z konta pułkownika. Podjęte zostały kroki w celu ustalenia czy mogła to być jakaś luka w zabezpieczeniach frontendów lub sieci jest to mało prawdopodobne.
Inne możliwe scenariusze to keylogger lub też inne oprogramowanie słurzące do wyłudzania danych na którymś z osobistych urządzeń pułkownika, lub też błąd ludzki w udostępnieniu klucza osobie niepożądanej.
Jakikolwiek scenariusz jest prawdziwy, uczulamy użytkowników żeby do kwestii zabezpieczeń w sieciach blockchain podchodzili bardzo poważnie.
Środowisko sieci to miejsce w którym bezpieczeństwo jest kwestią wyścigu zbrojeń programista kontra haker.
Najczęściej z kolei i tak do utraty danych dochodzi w momęcie gdy użytkownik daje się w jakiś sposób podejść hakerowi.
- Koniecznie zmieńcie swoje klucze blurt jeśli jeszcze tego nei zmieniliście po rozdzieleniu z łańcucha Steem! Jeśli macie ten sam klucz tu i tu nikt nie możę wam zagwarantować że ktoś z sieci steem nie wykorzysta tych kluczy tutaj.
- Nigdy nie otwierajcie linków ani maili z nieznanego pochodzenia.
- Nie korzystajcie z podejrzanych z aplikacji.
- Dbajcie poważnie o zabezpieczenia swojego systemu operacyjnego ( programy antywirusowe firewalle etc)
- Nie przechowujcie swoich kluczy na urządzeniach chyba ze na zaszyfrowanych dyskach lub wirtualnych napędach. Do przechowywania kluczy najlepiej używajcie fabrycznie nowych Ledgerów.
- Chrońcie fizyczne wydruki swoich kluczy. Sejf dla niektórych może brzmieć jak żart ale jeśli dysponujesz większymi środkami to nie żart ;) Bywa i tak, że ktoś z naszego bliskiego otoczenia świadom tego że posiadamy duże środki na kontach kryptowalutowych, potrafi wykorzystać chwilę naszej nieuwagi aby zrobić zdjęcie naszych kluczy i wykorzystując anonimowość sieci wykraść nasze środki.
Pozdrawiam serdecznie i trzymajcie się bezpiecznie
Some of what I have read on what happened to me with the theft of Blurt from my @r2cornell account seems be trying to place blame on me. So be it.
Prior to this happening I was undelegating BP for some of my accounts and then sending the Blurt to my main accounts to power-up. My plan is that there would no longer be any delegating and each of my accounts being used for curating would have its own BP. The main aim was to have the 3 main curation accounts to have 1 million BP each and no delegations. @scilwa has not been used for curating for awhile so the power down at the time was to be moved to the other accounts.
I have no idea how the theft occurred. I think I read someone that insinuated it being an "inside job"... WTF! I thought my reputation was better than that.
I have been very careful not to place blame for what has happened on Blurt. The blame is on the damn thief, and no reflection on Blurt. I would appreciate the same courtesy.
I was very angry and yes after the theft I started powering down everything. I since slowed that process down. You will find a little of my planning in a post I just recently uploaded.
https://blurt.blog/r2cornell/@dsc-r2cornell/discontinuation-of-the-r2cornell-curation-project
I do not think I blamed anything on Blurt in this publication.
I would also like to point out that the price of Blurt has been dropping long before the theft took place. I know because I paid a lot for some of my Blurt. The price kept dropping. No one's fault as far as I can see. Just what was going on in the market. If the price has been dropping for sometime now, that means that there were other sellers all along. So please do not blame me for pushing the price down. I recently bought some Blurt on Probit because the price was too low, from other sellers.
I had my computer tech look things over on my computer. My main computer is server grade with security software to match. To be safe we changed security software. My tech in the 15 years he has been keeping my system and network up and running cannot figure out how my system could be hacked.
I feel like I am having to defend myself for some of what has been said about me...or in the least insinuating. I am now feeling I should not have discontinued the power-downs.
BTW prior to the theft my curators were still working, and I had no plans on making any other changes other than moving Blurt around. I paid a fee for those moves.
sorry if you feel attacked. The whole situation results from the fact that you decided to withdraw the project right after the hack seemed a bit suspicious. This decision, whether you added any words or not, looks like a tacit statement that you think Blickchain Blurt is to blame and that you don't feel your funds are safe here.
You have been in the crypto environment for a long time and you have probably also noticed that some people in the world of finance and cryptocurrencies cannot be trusted because they say one thing and do another, or in the interest of one project they can ruin another.
No one is saying this is the case here, but you can't blame people for checking your transactions and wondering how true your words are, especially in the face of a decision that suggests there is something wrong with our blockchain.
@mariuszkarowski also has a large investment here and such an event also affects his wallet. And that's why I'm just wondering what the actual situation is.
Of course, it was not only your withdrawal that influenced the price drop. Most likely, the signal for some was a sudden whistling caused by the thief withdrawing his funds. But you must admit that recently, especially on the Hive engine, the situation looks like the screenshot below:
It's also very good that you're joining this discussion because, to be honest, there was no major comment from you in this situation, and if you think that the security breach could have actually occurred on Blurt's part and you have some theory as to how it happened, your cooperation would be appreciated. pages to help figure out how this happened.
Since I consider myself an honorable person, I personally believe that in such a situation, if it turned out to be the fault of Blockchain security, the community and the team should be willing to help refund at least part of the losses incurred as a sign of solidarity.
Especially since many authors here on Blurt owe you a lot because you supported them with your votes almost from the beginning.
For me personally, Blurt is a platform to which I decided to devote more heart than to its predecessors, because for me it is a better version of both predecessors, and it makes me sad to see one of the curators make such a decision.
So I hope that after this comment you will understand the reaction of some people.
Post in our community!
Blurt (Curation account): https://blurt.blog/@habloespanolweb3
Read Cash (community): https://read.cash/c/hablo-espanol-6f6a
Telegram: https://t.me/habloespanol_web3
Twitter: https://twitter.com/habloespanolweb
I am very sad to see this. But how can this happen? Because in this way data can be stolen from someone's account. thanks for shairng
that is a good question.
A quick addition: richardman is one of many accounts belonging to a long-time scammer on Steem & Hive who usually uses fishing campaigns. When it's too good to be true, it's bound to be a scam! When there's a claim asking for your keys, it's obviously a scam...
So yes, having different keys for each blockchain is important! As a reminder, you can change your Blurt keys via BlurtWallet: https://blurtwallet.com/change_password
And when using a third-party application, dApp, bots or an open-source library, always check how the keys are managed (encryption).
I see - Like getting paid to produce written AI content ? Or being paid to belong to a group, irrlevant of content quality ?
Who's the scammER, and who's the scamEE? )...it's very difficult to tell in DPoS structures, isnt it? lol
Hi @khrom, great news! Your content was selected by curators @nalexadre, @ten-years-before to receive a special curation from BeBlurt 🎉 Don't hesitate to upvote this comment as the curators will receive 80% of the rewards for their involvement.
You can support us by voting for our witness, our decentralized funding proposal, or through delegation. You're also welcome to join our Discord server 👉 https://discord.beblurt.com
I am skeptical, but I don't believe this! I mean what if, R2cornell got tired of Blurt and left. Oh if he really was robbed I'm so sorry. But there is something behind it. You don't know who to trust anymore. I wish you much success wherever you go! It's a lot of work to maintain a community !! ❤️🔥🥰
yes i agree especially after this what @mariuszkarowski wrote here above.
There are accounts on Blurt and Hive that are products of Steemit migrations.
The best way, as they say, is to change all the keys. Let each one be an independent account. This helps to increase security.
Changing passwords from time to time is also a measure that we must adopt. We need to keep our accounts safe. It is our effort, investment of time, and even money.
It is unfortunate what happens with R2cornell, it is a project that supports users on all 3 platforms. It is one of the few projects that have been able to do so.
Thank you for sharing this information:
I would say just to complement the following:
-Change your passwords periodically, sometimes users go years without changing their passwords.
Is it possible to set up a recovery account on blurt?
and how can it be done?
yes, it is possible to set a person in the wallet settings who will allow us to recover passwords in case of emergency. This can also be your second account.
https://recovery.blurtwallet.com/
I've said it once. I said it twice. Ive said it 27373 times. I'll say it once more. And many at the top have looked at this as something bad.
BUT
you need to distribute your currency to different accounts so it is harder to be "hacked" and stolen. Big accounts are just targets. Distribute your wealth into many multiple accounts and waallaa. Hightened account security. So simple.
I would really really appreciate it , if you could say it, 273734 times.
Thank you very much for understanding...
...or does this counts as 273734 times?
In which case, can you make 273735 times..
This is a very serious case in blockchain, and requires attention from witnesses for the survival of the ecosystem from hackers ✌️
@saboin @outofthematrix @fervi @double-u @megadrive @tekraze @zahidsun @sagarkhotari88 @nelaxadre @imransodagar @randula @world-travel-pro @blurtconnect-ng
yes, we will certainly continue to check this situation, although see what @mariuszkarowski found under this post, perhaps this whole situation was not a real hack at all, but a planned withdrawal action.
It's hard to say clearly. Blurt is based on well-proven and tested for years inherited from Steem, none of them sends keys anywhere or stores them. it only mediates in decrypting them from the blockchain when the owner's key is used, and everything happens on the computer owner's device.
The possibilities of stealing these keys through some loophole are, according to my knowledge, almost zero, unless the device we are using is compromised.
After he discovered the hack he wrote: I am revoking all delegations
This screenshot shows that this is not true. I haven't checked all his accounts, but on @scilwa you can see that:
r2cornell withdrew the delegations before the hack occurred
He then sent 200K BLURT from scilwa to r2cornell (2023/11/28 - before the hack)
Also before the hack he start powering down rest of his funds:
scilwa start power down 250215.676 BP 2023/12/01
now some questions;
why did the hacker only steal 241481 BLURT? There were at least 200K BLURT more in the account (transfer from scilwa)
why the hacker transferred 1 BLURT to his account (richardman) and waited 12 minutes before transferring the rest of the stolen amount?
(r2cornell transfer 241481.417 BLURT to richardman 2023/12/01 08:44:0335,091,808 | 459d845
r2cornell transfer 1,000 BLURT to richardman 2023/12/01 08:32:3935,091,585 | 4bb536b)
I'm not saying @r2cornell is @richardman and this hack is an "inside job" , but this is all very suspicious and requires an answer and confirmation from r2cornell, who has not written a word about what happened
EDIT: it was 20K not 200K so it makes more sense
"I'm not saying @r2cornell is @richardman and this hack is an "inside job" , but this is all very suspicious and requires an answer and confirmation from r2cornell, who has not written a word about what happened."
This BS.
Jak tak czytam to podobne przygotowania wewnętrzna akcja na wyłudzenie 200k. Przypadek ? Nie sądzę, bo to praktykowana na ste, hiv itd...rzekome haki to raz projekty zbierające informacje to 2.
EDIT: it was 20K not 200K so it makes more sense, but un-delegating BP and powering down all funds says to me that he was preparing for leaving this chain for a long time before the hack
Powering down all funds took place after the theft. Look at the other accounts. Do complete research before making such statements. @scilwa was being powered down before because it was no longer being used as a curation account. I did not want to deal with that account anymore and was simplifying. Some of the power-down was to be shifted to the other accounts, and yes I was selling small amounts. I was selling a little Hive and steem too. Hell, I was selling small amounts of BTC and BCH too as the prices of those pushed up. Investments in crypto is just that. I sell other investments outside the blockchain realm too. I like taking profits from time to time and reallocate where needed.
Just in case you do not know the active curation accounts prior to the theft were: @r2cornell, @r2cornell-curate, and @dsc-r2cornell. For the record I had not been in the r2cornell account for awhile, so I was not aware of a full power-down taking place prior to the theft. I cancelled the power-down when I noticed the theft, and reported it. It should show in the wallet. I am not about to dignify any of this by double checking. I know I did not start it and when I saw the money moved out I immediately cancelled. Later when emotions got the better of me (after changing password/keys) I started a full power down in that account and the others.
All this BS of trying to insinuate I did it all is not reflecting well on Blurt. I have tried to make sure I was not blaming Blurt. So, now Blurt users have taken it upon themselves to blame me. I have no clue what happened. Yes I shut down the curation project. Some of my followers have been trying to have me reconsider. I stopped some power-downs. Left some in place with plans to move Blurt to two accounts to simplify things. I still had not made up my mind about the projects future. Now after reading all this crap I have to work back through my emotions so I can make a decision without emotion.
although it could also be that the fraudster noticed that the cornell was powerdowning some of the funds and simply took advantage of it. Because it is known that the most dangerous time for a hack is when the funds are withdrawn. Then they can be easily transferred quickly. For example, I also triggered full powerdown many times to withdraw 1/4 of the stake and then cancel the rest and leave it.
very accurate observations. It's good that you did better research, but unfortunately I haven't had time for it lately.
So it turns out that he played the bluff and intended to ruin us. because somehow the way he presented it suggested that there was something wrong with Blurt's security. Because withdrawing from somewhere after the theft is a suggestion that it was the portal's fault.
The question is whether, if so, it was his unintentional action in which he simply came up with such a bluff to justify his withdrawal, or did someone suggest it to him, e.g. from competing blockchains on which this guy also earns quite a lot, just to knock us off before the boom?
Where on earth did you get that I was suggesting something was wrong with Blurt's security. I reported the theft in hopes we could figure out what happened. I never placed any blame on Blurt, only the thief. By my reporting his account got blocked.
I would appreciate it you would stop trying to make it sound like I was the thief. You even said that person was a scammer for a long time on other platforms.
My projects on other platforms, like Blurt were to support those who got little or no support from others. I have tried to stay above the petty bickering between all competing platforms. It serves no purpose.
50% of my earnings on the 3 platforms go to my curators. That is why some of them have stayed with me all these years.
I have explained elsewhere what I was doing with power-downs before the theft. The full powerdown took place after the theft when I was emotionally upset. Not sure may would not be upset if they just lost 240,000 plus Blurt.
I also wrote in a comment below that it could have been different and that the thief took advantage of noticing your powerdown. he hid and on the day the funds were withdrawn he broke in and transferred them.
As I replied to you below. These speculations about the veracity of the claim arose because you made the decision to withdraw shortly thereafter, and this would suggest that you blame us because if you considered that your security had been breached, most people would most likely want to try to find out the truth before making such a decision, and not from it immediately withdrew.
Dlatego przestaję używać frontendów z kilku czynników również minimalizując grono odpowiedzialnych za projekt. A sam się przygotuje na nowy rok. Jak widzę to konto jest co jakiś czas aktywne i drenuje konta...?
nie no ostatnio było aktywne 2 lata temu i były jakieś transfey ale nikt najwyraźniej albo nei zauwazył albo nie zgłaszał problemów albo też już nikt nie pamęta.
Oczywiście no jest kilka takich pasożytów z rodu steem jedni siedzą tu a drudzy na hiv dalej robią te same numery. Tego nie zmienimi i to nie tylko w tych sieciach. Tak samo, jak się chce, to znajdzie się daną osobę, bo prędzej czy później popełni błąd i wizyta co do metra wjazd z IT albo agresywnie z pałą:).
Patrz podrzucę w następnym poście perełki warte przeglądu na strefacrypto...
It's a sad situation to see moments like these. Whatever the reason is, everybody should take this as a precaution and resecure their funds.
very sad incident. I really appreciate the team's hard work r2cornell. But thieves actually make them targets.
I want to know more about this case. Where is more detailed information?
Thank to @khrom for sharing this information.
well some details are on public witness chat but this is all what i know myself. The rest goes on here under the post. It turns out that Mariusz found several inaccuracies in the colonel's statements
I forgot about the most important thing! All people who have not changed their Blurt keys after Steem fork should do so immediately.
Shouldn't it be easy to trail where were the funds transfered to?
It depends on how the thief secured himself. If he used VPNs and fake data and converted the funds into some cryptocurrency that cannot be traced, it will probably be difficult.
But it had to move to a specific account as first hop, even if its exchange account it leaves a memo. I don't see anyway to steal without a trace.
yes, but on a probit basis up to certain amounts you trade, you do not have to verify your account, so he could have provided false data