.@jiann19 is one of the accounts I am managing that was hacked by @merciuz7, and merciuz7 was an account that belongs to the '@darkwarrior33' hacker and has been on the list since February.
How it happened
A few days ago while checking the accounts, I noticed that @jiann19 transferred all the liquid Hive to @merciuz7, I directly asked the true owner of the account who is my friend Jojie if he have consent on this transaction and found out that he has no idea that this thing happened.
https://hiveblocks.com/tx/8d6d7711b04279986dd1d40970bbf3bd87d8c724
So it kicks my stimulus to check what happened here because this concerns me. I run through the https://hiveblocks.com/@jiann19 to investigate what happened and just found out that @jiann19 password was changed
https://hiveblocks.com/@jiann19/~owners
Thanks to @foxon for always being helpful for teaching me where can I see the Owner Key history on hiveblocks.com.
@jiann19's password was changed twice on April 7 and April 10 by the hacker.
My friend Jojie doesn't have an idea of how the hacker stole his keys but I have done my research and found out that @merciuz7 is active on @splinterlands. I am not 100% certain but when I seek a reliable source he told me this
The mercuiz7 account belongs to the 'darkwarrior33' hacker and has been on our list since February. This type of hacker gathered account information between 2018 and 2020 so to figure out what happened one has to think back.
I have tried searching the keyword Splinterlands on google, and found this as my result
The first three from the top that showed up on google search engine were not an official @splinterlands website, the two were splinterlandss.com and splinterlands.org that were made neatly and looks like the original game itself. I am guessing that some of the victims of the hacker were from this phishing website that is trying to steal your account password by inputting your username and password.
Account Recovery process
Thankfully with God's help and mercy, we have managed to recover the account from the hacker by using the Hive's built-in recovery method which was a brainchild of @dan.
I have used https://reazuliqbal.com/HiveAccountRecovery/ to recover the account created by @reazuliqbal. Thank you for making this website look simple and easy to use for the average users like myself.
After trembling for an hour we have managed to recover it successfully
https://hiveblocks.com/tx/2602c23ebd8b69a5d760dd39916cc9844fec8c10
What can we learn from here?
Honestly, I have learned a lot from the situation, I will try to enumerate it here
- Regularly checking our accounts is a must
In case you noticed some suspicious movement from your account, try to discover it immediately. Hackers will always try to extract all liquid assets when they get access to you, in my case, the hacker has stolen 35 hive and splinterlands cards, I guess I am still fortunate that it did have access on my Hive because most are powered up.
Bookmarking the Owner Key history of your account is I think not a bad idea to immediately see if someone has changed your password.
- Setting up your Recovery account
If your account was created back in the Steem days (before the Hive fork), and the password and recovery account wasn't updated yet, it is a better idea to update it by changing your password and recovery account to set it to someone you can trust that can help you in the times of trouble.
Some accounts are set their recovery account on @steem which is a bad idea in my opinion as we are not already part of the steem inc. We can check our recovery account on https://www.hiveblocks.com
- Avoid clicking suspicious link
This problem is all over the internet, not only on Hive. I see a similar problem on Facebook which is trying to get your password and use it for their evil intention. The Email of some reputable financial entities is also being used to get your personal information. Please try to be vigilant, especially when dealing with a new website you haven't encountered before.
- Google allows scams in their ads
I am afraid that many people can get scammed if this continues, I hope @aggroed can address this, I have also talked to @guiltyparties regarding this issue. Crypto is still in the infant stage and some still haven't seen a password as long as we have on Hive and Bitcoin.
https://peakd.com/@merciuz7/wallet
The Lesson
In the meantime, the best advice I can point here is to be careful especially when login in, try to question everything first, and always double-check the URL address. Take care guys, cheers