+x

 

sun_in_the_city - 20 Jan 2018

+ x[Zitat]

 

[b]Winston - 19. Januar 2018[/ b]

Für alle, die mit gestolenen Guthaben buchen:

Sie haben wahrscheinlich alle bösen Online-Saatgut-Generatoren verwendet, als Sie haben Seed generierten haben. Es sieht so aus, als ob die Besitzer dieser Webseite (n) heute geschlossen sind, alle Geldern des Opfers zu stehen, auch wenn eine Reihe panische Beiträge über gestützte Geldern. Hinweise:

1. Wenn die gestohlene Transaktion auch ausgibt, wird die Transaktion in Ihrem Fall automatisch gestartet. Sie können die CLI-Brieftasche verwenden, um diese neue Transaktion durchführen zu können, die Sie in der GUI-Brieftasche integriert haben. Sie müssen Ihre neue Transaktion bestätigen, bevor die Transaktion erfolgreich durchgeführt wird.
CLI Brieftasche -
https://github.com/MichaelSchwab/iota-commandline-wallet
https://github.com/TimSamshuijzen/iotaproxy
CLI Wallet Hinweise: https://forum.helloiota.com/post/8584

2. Wenn die gestohlene Transaktion ist bestätigt (es wird unter die Transaktion in Ihrem Brieftaschenverlauf "Bestätigt" angezeigt), leider ist IOTA jetzt für immer verschwunden. Dies ist eine erschreckende Situation, aber hoffentlich können wir diese Erfahrung, um sicher zu stellen, Methoden zur Saatgutgenerierung zu entwickeln.


Die goldene Regel besteht, 10 Zeichen aus der Zeichenfolge, die der Seed-Generator hat, zu ändern. Sie sind vor allem Online-Saatgut-Generatoren. Hier sind die aktuellsten Tipps für die Generierung von Saatgut durch die IOTA-Gemeinschaft:
https://helloiota.com/generate-seed.html

[/ Zitat]

Hallo, meine IOTA sind gestohlen worden, aber noch nicht ganz weg. Ich verstehe die Rettungsaktion leider nicht. Hab 'überhaupt keine Programmierkenntnisse.
Kann mir jemand helfen?

@sun_in_the_city
If you're having trouble with specific steps in that process, I'd recommend immediately going to the IOTA discord and asking for help. It might be easier to get real-time assistance for a time sensitive issue like trying to beat out a pending stolen transaction.
https://discord.gg/fNGZXvh

My Balance of 2.778356741 Gi has been stolen. It has been transferred to this adress:

NBYYOUKS9HSYUWYLMOFWMF9ZRCABNDTNLJAXTTXIWFEXW9EEBZDDWLIWWJJTBROYDDO9GZIUFKGBLVTUBSLTJEKTUB

The transaction has been "confirmed". Is there any chance to get my IOTA back? Pleas help me!

+x

 

Winston - 20 Jan 2018

+x

 

sun_in_the_city - 20 Jan 2018

+ x[Zitat]

 

[b]Winston - 19. Januar 2018[/ b]

Für alle, die mit gestolenen Guthaben buchen:

Sie haben wahrscheinlich alle bösen Online-Saatgut-Generatoren verwendet, als Sie haben Seed generierten haben. Es sieht so aus, als ob die Besitzer dieser Webseite (n) heute geschlossen sind, alle Geldern des Opfers zu stehen, auch wenn eine Reihe panische Beiträge über gestützte Geldern. Hinweise:

1. Wenn die gestohlene Transaktion auch ausgibt, wird die Transaktion in Ihrem Fall automatisch gestartet. Sie können die CLI-Brieftasche verwenden, um diese neue Transaktion durchführen zu können, die Sie in der GUI-Brieftasche integriert haben. Sie müssen Ihre neue Transaktion bestätigen, bevor die Transaktion erfolgreich durchgeführt wird.
CLI Brieftasche -
https://github.com/MichaelSchwab/iota-commandline-wallet
https://github.com/TimSamshuijzen/iotaproxy
CLI Wallet Hinweise: https://forum.helloiota.com/post/8584

2. Wenn die gestohlene Transaktion ist bestätigt (es wird unter die Transaktion in Ihrem Brieftaschenverlauf "Bestätigt" angezeigt), leider ist IOTA jetzt für immer verschwunden. Dies ist eine erschreckende Situation, aber hoffentlich können wir diese Erfahrung, um sicher zu stellen, Methoden zur Saatgutgenerierung zu entwickeln.


Die goldene Regel besteht, 10 Zeichen aus der Zeichenfolge, die der Seed-Generator hat, zu ändern. Sie sind vor allem Online-Saatgut-Generatoren. Hier sind die aktuellsten Tipps für die Generierung von Saatgut durch die IOTA-Gemeinschaft:
https://helloiota.com/generate-seed.html

[/ Zitat]

Hallo, meine IOTA sind gestohlen worden, aber noch nicht ganz weg. Ich verstehe die Rettungsaktion leider nicht. Hab 'überhaupt keine Programmierkenntnisse.
Kann mir jemand helfen?

@sun_in_the_city
If you're having trouble with specific steps in that process, I'd recommend immediately going to the IOTA discord and asking for help. It might be easier to get real-time assistance for a time sensitive issue like trying to beat out a pending stolen transaction.
https://discord.gg/fNGZXvh

Thank you!

+x

 

Mallacka - 20 Jan 2018

My Balance of 2.778356741 Gi has been stolen. It has been transferred to this adress:

NBYYOUKS9HSYUWYLMOFWMF9ZRCABNDTNLJAXTTXIWFEXW9EEBZDDWLIWWJJTBROYDDO9GZIUFKGBLVTUBSLTJEKTUB

The transaction has been "confirmed". Is there any chance to get my IOTA back? Pleas help me!

@Mallacka
It looks like this transaction has already been confirmed. Unfortunately there's nothing that can be done, and these funds are gone forever. Sorry to see this

+x

 

Winston - 20 Jan 2018

+x

 

Mallacka - 20 Jan 2018

My Balance of 2.778356741 Gi has been stolen. It has been transferred to this adress:

NBYYOUKS9HSYUWYLMOFWMF9ZRCABNDTNLJAXTTXIWFEXW9EEBZDDWLIWWJJTBROYDDO9GZIUFKGBLVTUBSLTJEKTUB

The transaction has been "confirmed". Is there any chance to get my IOTA back? Pleas help me!

@Mallacka
It looks like this transaction has already been confirmed. Unfortunately there's nothing that can be done, and these funds are gone forever. Sorry to see this

Thank you for your support. There is so many users who lost their balance like me. Is there any chance to get at least some of the coins back - in the context of a compensation or something? I guess the IOTA foundation keeps currently millions of coins.

+x

 

Mallacka - 20 Jan 2018

+x

 

Winston - 20 Jan 2018

+x

 

Mallacka - 20 Jan 2018

My Balance of 2.778356741 Gi has been stolen. It has been transferred to this adress:

NBYYOUKS9HSYUWYLMOFWMF9ZRCABNDTNLJAXTTXIWFEXW9EEBZDDWLIWWJJTBROYDDO9GZIUFKGBLVTUBSLTJEKTUB

The transaction has been "confirmed". Is there any chance to get my IOTA back? Pleas help me!

@Mallacka
It looks like this transaction has already been confirmed. Unfortunately there's nothing that can be done, and these funds are gone forever. Sorry to see this

Thank you for your support. There is so many users who lost their balance like me. Is there any chance to get at least some of the coins back - in the context of a compensation or something? I guess the IOTA foundation keeps currently millions of coins.

@Mallacka
Unfortunately, balances that have been stolen are gone forever. The IOTA Foundation is simply in place to develop and spread adoption of the software protocol

+x

 

Mallacka - 20 Jan 2018

+x

 

Winston - 20 Jan 2018

+x

 

Mallacka - 20 Jan 2018

My Balance of 2.778356741 Gi has been stolen. It has been transferred to this adress:

NBYYOUKS9HSYUWYLMOFWMF9ZRCABNDTNLJAXTTXIWFEXW9EEBZDDWLIWWJJTBROYDDO9GZIUFKGBLVTUBSLTJEKTUB

The transaction has been "confirmed". Is there any chance to get my IOTA back? Pleas help me!

@Mallacka
It looks like this transaction has already been confirmed. Unfortunately there's nothing that can be done, and these funds are gone forever. Sorry to see this

Thank you for your support. There is so many users who lost their balance like me. Is there any chance to get at least some of the coins back - in the context of a compensation or something? I guess the IOTA foundation keeps currently millions of coins.

No. If you think about it. Who would they give it to? They have no way to know who the seed actually belongs to. The people stealing the funds have the original seed too after all.
Plus what is happening now is because someone is scamming people by giving them compromised seeds. The iota technology isn't the problem here. It's human in nature. I'm not saying that makes it ok or not tragic. I really wish there was more I could do to help.

Hey 
I have also the same issue

could someone check/help if my iotas are still unconfirmed

WOQMPJPF9FYUPOWKHNEKPQXUCFV9HWGLRLNTCDPQOREX9LVLSMJLFN9JJNQYUPYNRSCLGQVOMSLHMWYWDQFE9FXBYD --> thats the Adresse where it was sent to (1,8+Gi)

Thank you
????????

+x

 

didarossi - 20 Jan 2018

Hey 
I have also the same issue

could someone check/help if my iotas are still unconfirmed

WOQMPJPF9FYUPOWKHNEKPQXUCFV9HWGLRLNTCDPQOREX9LVLSMJLFN9JJNQYUPYNRSCLGQVOMSLHMWYWDQFE9FXBYD --> thats the Adresse where it was sent to (1,8+Gi)

Thank you

@didarossi
I don't see a 1.8+ Gi transaction on that address:
https://thetangle.org/address/WOQMPJPF9FYUPOWKHNEKPQXUCFV9HWGLRLNTCDPQOREX9LVLSMJLFN9JJNQYUPYNRSCLGQVOMSLHMWYWD

Lots of 1.9 Gi transactions though.

If you're unsure if the transaction is pending or confirmed, I would urgently and aggressively pursue the steps in number 1 of the instructions of this thread. There's only a limited window in which you'll be able to save your funds, so you might as well get the ball rolling now just in case it's still pending.

I know it is not technically correct, but I seriously think HelloIOTA should use the word "master password" instead of "seed". I believe all people are familiar with password safety, because they already have password at banks, etc. However the term "seed" is used in bittorrent as as a synonym for sharing. Uneducated people would think this seed value can be shared with others, or can be generated online without fear of being stolen. On the other hand I think nobody would generate his/her bank account password online, as they already know that passwords are for private use and can be stolen.

The confusion might also come from the fact that publicly available IOTA addresses look very similar to address seeds, at least to human eyes: 81 characters vs 90 characters is hardly distinguishable, at least when the two are not directly after each other. While addresses are public, seeds are of course not. However one might pretty easily mix those up and post his/her seed (aka. master password) instead of the address. If one is not careful enough to immediately transfer the funds to another address generated with a new safely generated seed, and an attacker can somehow connect that user's identiy with his/her IOTA address, then the funds can be stolen.

A GUI wallet should at minimum be able to generate seed on its own and offer a way to securely store it encrypted by a user password. Also minimum 10 character long passwords should be enforced for encrypting seeds.

I believe replacing the term seed with master password, and freeing the user from the burden of generating safe seeds and instead use the more familiar password mechanism would greatly reduce stolen IOTAs.

I understand that IOTA was designed for machine-to-machine transactions, and machines are not prone to stupid errors like humans, but there is already a massive human user base and I think it will exponentially grow this year. So it's best protecting IOTA's reputation before it's too late.

+x

 

miota - 20 Jan 2018

The confusion might also come from the fact that publicly available IOTA addresses look very similar to address seeds, at least to human eyes: 81 characters vs 90 characters is hardly distinguishable, at least when the two are not directly after each other. 

Sorry, addresses are also 81 character long, only 90 character long when checksum is also included. So they are practically indistinguishable from each other to the human eye. And also transaction hashes look very similar. So it is very easy to mix them up.

I have >8000 gone and don't know what to do? Any Ideas

Hey guys, 

also my IOTAs were stolen, 19.01.. The TX is confirmed and most probably I'll get a shitstorm for my following comment. But if there are so many hacked accounts and the adresses are public, what is the point in changing the "snapshot" to try at least getting some of these IOTAs back. It's obvious which adresses are used to receive stolen IOTAs.The tanglesearch shows that they have plenty of incoming transaction, some of them unconfirmed, a lot of them confirmed. The money is still on the adress!!!! I also know that's in the responsibility of the end-user to setup a safe account, but the situation shows it's not that obvious and easy as many of the programmers may assume. I bought for almost all of my coins a Hard Wallet and safer them securely. But for IOTA I didn't know what to do, so I checked the internet, ended up on Youtube and followed the advice from some different videos. They didn't say anything about changing 10 characters of the seed and they recommended to use seedgenerators. For sure, I watched more than one videoe and obviously it's kind of confusing for beginners to understand everything from the very beginning. Especially if you buy more than one coin it doesn't make it easier. Maybe I used wrong key words or wrong sources but I also tried to get some infos for all of my coins from google and and and. I found nothing about that issue, but still...my fault. It's an expensive lesson for my own (and obviously also for a lot of other folks out there), but the guys behind IOTA should overthink their security settings and policies. Maybe a simple pop-up window integrated in the wallet with the most important security tips would have protected my money...not that hard to implement, everybody who opens the wallet needs to check that and get the necessary infos...Although I don't expect that somebody decides to undo the hack and send my 314.69 MIOTAs back, I'll give the thiefes and IOTA the chance to do so : 

New Adress:
BXZLVCQV9GZMMAMANHAZCNARDD9JNWCLORAYSADLHBZFDODGDBQRTZENMWFYZTVJT9YJFKXPGCRQTKAUXJZSZRHWKC

And for all these wonderful guys out there knowng more about coins, blockchain, cryptographie then I do, hack this adress, bc my IOTAs were transfered to :

 OQRJJB9MJFOLGALRYNAUNZCRQOZGRQPHTRNGNWLPPNGETIU9JVQNRSOEICJOGLQVPLCMHEBZSHNI9UJQWQXVFENLBB

Do what you can do Have a good night and thx for your support!!!

I don't understand why the following post is not removed from the "official" iota forum: https://forum.iota.org/t/iotaseed-io-now-also-for-generating-paper-wallets/3915
Someone has posted iotaseed.io, one of the most dangerous SCAM sites 5 months ago, and no one has removed that post, or at least followed up by a THIS IS A SCAM, DO NOT EVER USE IT post.
Unfortunately registration to forum.iota.org has been closed for some time now, mostly because of scams and spams like this. Otherwise I would have already posted there, as I see already some few hundred people reached that scam site via "official" iota forum.

+x

 

miota - 20 Jan 2018

I know it is not technically correct, but I seriously think HelloIOTA should use the word "master password" instead of "seed". I believe all people are familiar with password safety, because they already have password at banks, etc. However the term "seed" is used in bittorrent as as a synonym for sharing. Uneducated people would think this seed value can be shared with others, or can be generated online without fear of being stolen. On the other hand I think nobody would generate his/her bank account password online, as they already know that passwords are for private use and can be stolen.

The confusion might also come from the fact that publicly available IOTA addresses look very similar to address seeds, at least to human eyes: 81 characters vs 90 characters is hardly distinguishable, at least when the two are not directly after each other. While addresses are public, seeds are of course not. However one might pretty easily mix those up and post his/her seed (aka. master password) instead of the address. If one is not careful enough to immediately transfer the funds to another address generated with a new safely generated seed, and an attacker can somehow connect that user's identiy with his/her IOTA address, then the funds can be stolen.

A GUI wallet should at minimum be able to generate seed on its own and offer a way to securely store it encrypted by a user password. Also minimum 10 character long passwords should be enforced for encrypting seeds.

I believe replacing the term seed with master password, and freeing the user from the burden of generating safe seeds and instead use the more familiar password mechanism would greatly reduce stolen IOTAs.

I understand that IOTA was designed for machine-to-machine transactions, and machines are not prone to stupid errors like humans, but there is already a massive human user base and I think it will exponentially grow this year. So it's best protecting IOTA's reputation before it's too late.

@miota
Re: "master password" - this is a very interesting take on the situation. There'd definitely a ton of education that constantly needs to be done, and a change in terminology could indeed be a great move. This is an important discussion to have

+x

 

ndi01 - 20 Jan 2018

I have >8000 gone and don't know what to do? Any Ideas

@ndi01
Follow the instructions in the original post. All of the information and contacts (discord) that you'll need are included there.

+x

 

miota - 20 Jan 2018

I don't understand why the following post is not removed from the "official" iota forum: https://forum.iota.org/t/iotaseed-io-now-also-for-generating-paper-wallets/3915
Someone has posted iotaseed.io, one of the most dangerous SCAM sites 5 months ago, and no one has removed that post, or at least followed up by a THIS IS A SCAM, DO NOT EVER USE IT post.
Unfortunately registration to forum.iota.org has been closed for some time now, mostly because of scams and spams like this. Otherwise I would have already posted there, as I see already some few hundred people reached that scam site via "official" iota forum.

@miota
"I don't understand why the following post is not removed from the "official" iota forum: https://forum.iota.org/t/iotaseed-io-now-also-for-generating-paper-wallets/3915
Someone has posted iotaseed.io, one of the most dangerous SCAM sites 5 months ago, and no one has removed that post, or at least followed up by a THIS IS A SCAM, DO NOT EVER USE IT post.
Unfortunately registration to forum.iota.org has been closed for some time now, mostly because of scams and spams like this. Otherwise I would have already posted there, as I see already some few hundred people reached that scam site via "official" iota forum. "

The iota.org forum hasn't been active in a long time. This does appear to be a bad situation! I'll see what we can do to remedy this problem of having old posts on that forum possibly leading users astray. Thank you very much for pointing this out.

I agree 100% with iq34acal and his points regarding security and so on! Ialso wanted to transfer my MIOTA away from the "unsecure" exchange and the only thing was the damned light wallet. So I ended up storing it in there.... thanks to IOTA foundation it's gone!?
another address to hack would be:
XHNRFOZYSPMZFRQQKQGKSDLAQHUNPAXVOSZWYIDMMWBXLPBWIXIZZ9BJIKAMWADMAWJJBZMOLXMXIIKPCGVWVKYKNW
and I would be glad to get my 8695 MIOTA back!

iq34acal: you are right, until proper wallet GUIs are implemented that do not require external seeds, at least a huge warning window should be shown indicating the seeds should never, ever be generated online.
If one does not have access to a Linux console, use this dice roll method: https://i.redd.it/1ob6f3wagp601.jpg

Have 3 dices and roll them. If the first dice shows 1 or 2, go to left in the second row, if 3 or 4 go to middle, if 5 or 6, go to the right.
If the second dice shows 1 or 2, go to the left in the third row, if 3 or 4 go the middle, if 5 or 6 go to the right.
Then do the same with the third dice: if it shows 1 or 2, go the left in the fourth row containing letters on the left, if 3 or 4 go the middle, if 5 or 6 go to the right.
For example rolling 3, 2, 5 would yield L, then rolling 6, 1, 4 would yield T, etc.

You will have to roll all the dices 81 times, but at least you can be pretty sure you have a quite random seed. At least much more random than using an online generator whose source of randomness you cannot be sure of (or whether it is stored on their servers), and much more random than just bashing the keyboard or trying to randomly type 81 capital letters and 9s.

Hi,
It looks like if somebody has stolen my Iota. I hope this is a problem with wallet. 
The balance shows zero. 
this is the hash: 
JKAEWURXXEV9OCVDJTEZWHQWGIQLGVUDTGOURMZILVNFPNNEENUYPWZIPFZG9ZHEHKGUZBQJKMOVZ9999

Could you please help! 
it looks like this is the address it went to 
LPRIXKCYXVFUN9CXNNNLJUG9W9REZ99ZXZLXJINABSPJ9RNYNXIGNCEJ9BIJGW9ZHYYFGBOOVXLIIFAYAUCGRRSJLB