Winston
|
|
Group: Administrators
Posts: 3.6K,
Visits: 6.8K
|
+x+ x[Zitat]Für alle, die mit gestolenen Guthaben buchen: Sie haben wahrscheinlich alle bösen Online-Saatgut-Generatoren verwendet, als Sie haben Seed generierten haben. Es sieht so aus, als ob die Besitzer dieser Webseite (n) heute geschlossen sind, alle Geldern des Opfers zu stehen, auch wenn eine Reihe panische Beiträge über gestützte Geldern. Hinweise: 1. Wenn die gestohlene Transaktion auch ausgibt, wird die Transaktion in Ihrem Fall automatisch gestartet. Sie können die CLI-Brieftasche verwenden, um diese neue Transaktion durchführen zu können, die Sie in der GUI-Brieftasche integriert haben. Sie müssen Ihre neue Transaktion bestätigen, bevor die Transaktion erfolgreich durchgeführt wird. CLI Brieftasche -https://github.com/MichaelSchwab/iota-commandline-wallet https://github.com/TimSamshuijzen/iotaproxy CLI Wallet Hinweise: https://forum.helloiota.com/post/8584 2. Wenn die gestohlene Transaktion ist bestätigt (es wird unter die Transaktion in Ihrem Brieftaschenverlauf "Bestätigt" angezeigt), leider ist IOTA jetzt für immer verschwunden. Dies ist eine erschreckende Situation, aber hoffentlich können wir diese Erfahrung, um sicher zu stellen, Methoden zur Saatgutgenerierung zu entwickeln. Die goldene Regel besteht, 10 Zeichen aus der Zeichenfolge, die der Seed-Generator hat, zu ändern. Sie sind vor allem Online-Saatgut-Generatoren. Hier sind die aktuellsten Tipps für die Generierung von Saatgut durch die IOTA-Gemeinschaft:https://helloiota.com/generate-seed.html [/ Zitat] Hallo, meine IOTA sind gestohlen worden, aber noch nicht ganz weg. Ich verstehe die Rettungsaktion leider nicht. Hab 'überhaupt keine Programmierkenntnisse. Kann mir jemand helfen? @sun_in_the_cityIf you're having trouble with specific steps in that process, I'd recommend immediately going to the IOTA discord and asking for help. It might be easier to get real-time assistance for a time sensitive issue like trying to beat out a pending stolen transaction. https://discord.gg/fNGZXvh
|
|
|
Mallacka
|
|
Group: Forum Members
Posts: 4,
Visits: 2
|
My Balance of 2.778356741 Gi has been stolen. It has been transferred to this adress:
NBYYOUKS9HSYUWYLMOFWMF9ZRCABNDTNLJAXTTXIWFEXW9EEBZDDWLIWWJJTBROYDDO9GZIUFKGBLVTUBSLTJEKTUB
The transaction has been "confirmed". Is there any chance to get my IOTA back? Pleas help me!
|
|
|
sun_in_the_city
|
|
Group: Forum Members
Posts: 4,
Visits: 0
|
+x+x+ x[Zitat]Für alle, die mit gestolenen Guthaben buchen: Sie haben wahrscheinlich alle bösen Online-Saatgut-Generatoren verwendet, als Sie haben Seed generierten haben. Es sieht so aus, als ob die Besitzer dieser Webseite (n) heute geschlossen sind, alle Geldern des Opfers zu stehen, auch wenn eine Reihe panische Beiträge über gestützte Geldern. Hinweise: 1. Wenn die gestohlene Transaktion auch ausgibt, wird die Transaktion in Ihrem Fall automatisch gestartet. Sie können die CLI-Brieftasche verwenden, um diese neue Transaktion durchführen zu können, die Sie in der GUI-Brieftasche integriert haben. Sie müssen Ihre neue Transaktion bestätigen, bevor die Transaktion erfolgreich durchgeführt wird. CLI Brieftasche -https://github.com/MichaelSchwab/iota-commandline-wallet https://github.com/TimSamshuijzen/iotaproxy CLI Wallet Hinweise: https://forum.helloiota.com/post/8584 2. Wenn die gestohlene Transaktion ist bestätigt (es wird unter die Transaktion in Ihrem Brieftaschenverlauf "Bestätigt" angezeigt), leider ist IOTA jetzt für immer verschwunden. Dies ist eine erschreckende Situation, aber hoffentlich können wir diese Erfahrung, um sicher zu stellen, Methoden zur Saatgutgenerierung zu entwickeln. Die goldene Regel besteht, 10 Zeichen aus der Zeichenfolge, die der Seed-Generator hat, zu ändern. Sie sind vor allem Online-Saatgut-Generatoren. Hier sind die aktuellsten Tipps für die Generierung von Saatgut durch die IOTA-Gemeinschaft:https://helloiota.com/generate-seed.html [/ Zitat] Hallo, meine IOTA sind gestohlen worden, aber noch nicht ganz weg. Ich verstehe die Rettungsaktion leider nicht. Hab 'überhaupt keine Programmierkenntnisse. Kann mir jemand helfen? @sun_in_the_cityIf you're having trouble with specific steps in that process, I'd recommend immediately going to the IOTA discord and asking for help. It might be easier to get real-time assistance for a time sensitive issue like trying to beat out a pending stolen transaction. https://discord.gg/fNGZXvh Thank you!
|
|
|
Winston
|
|
Group: Administrators
Posts: 3.6K,
Visits: 6.8K
|
+xMy Balance of 2.778356741 Gi has been stolen. It has been transferred to this adress: NBYYOUKS9HSYUWYLMOFWMF9ZRCABNDTNLJAXTTXIWFEXW9EEBZDDWLIWWJJTBROYDDO9GZIUFKGBLVTUBSLTJEKTUB The transaction has been "confirmed". Is there any chance to get my IOTA back? Pleas help me! @MallackaIt looks like this transaction has already been confirmed. Unfortunately there's nothing that can be done, and these funds are gone forever. Sorry to see this
|
|
|
Mallacka
|
|
Group: Forum Members
Posts: 4,
Visits: 2
|
+x+xMy Balance of 2.778356741 Gi has been stolen. It has been transferred to this adress: NBYYOUKS9HSYUWYLMOFWMF9ZRCABNDTNLJAXTTXIWFEXW9EEBZDDWLIWWJJTBROYDDO9GZIUFKGBLVTUBSLTJEKTUB The transaction has been "confirmed". Is there any chance to get my IOTA back? Pleas help me! @MallackaIt looks like this transaction has already been confirmed. Unfortunately there's nothing that can be done, and these funds are gone forever. Sorry to see this Thank you for your support. There is so many users who lost their balance like me. Is there any chance to get at least some of the coins back - in the context of a compensation or something? I guess the IOTA foundation keeps currently millions of coins.
|
|
|
Winston
|
|
Group: Administrators
Posts: 3.6K,
Visits: 6.8K
|
+x+x+xMy Balance of 2.778356741 Gi has been stolen. It has been transferred to this adress: NBYYOUKS9HSYUWYLMOFWMF9ZRCABNDTNLJAXTTXIWFEXW9EEBZDDWLIWWJJTBROYDDO9GZIUFKGBLVTUBSLTJEKTUB The transaction has been "confirmed". Is there any chance to get my IOTA back? Pleas help me! @MallackaIt looks like this transaction has already been confirmed. Unfortunately there's nothing that can be done, and these funds are gone forever. Sorry to see this Thank you for your support. There is so many users who lost their balance like me. Is there any chance to get at least some of the coins back - in the context of a compensation or something? I guess the IOTA foundation keeps currently millions of coins. @MallackaUnfortunately, balances that have been stolen are gone forever. The IOTA Foundation is simply in place to develop and spread adoption of the software protocol
|
|
|
fvantom
|
|
Group: Forum Members
Posts: 57,
Visits: 1
|
+x+x+xMy Balance of 2.778356741 Gi has been stolen. It has been transferred to this adress: NBYYOUKS9HSYUWYLMOFWMF9ZRCABNDTNLJAXTTXIWFEXW9EEBZDDWLIWWJJTBROYDDO9GZIUFKGBLVTUBSLTJEKTUB The transaction has been "confirmed". Is there any chance to get my IOTA back? Pleas help me! @MallackaIt looks like this transaction has already been confirmed. Unfortunately there's nothing that can be done, and these funds are gone forever. Sorry to see this Thank you for your support. There is so many users who lost their balance like me. Is there any chance to get at least some of the coins back - in the context of a compensation or something? I guess the IOTA foundation keeps currently millions of coins. No. If you think about it. Who would they give it to? They have no way to know who the seed actually belongs to. The people stealing the funds have the original seed too after all. Plus what is happening now is because someone is scamming people by giving them compromised seeds. The iota technology isn't the problem here. It's human in nature. I'm not saying that makes it ok or not tragic. I really wish there was more I could do to help.
|
|
|
didarossi
|
|
Group: Forum Members
Posts: 3,
Visits: 0
|
Hey I have also the same issue
could someone check/help if my iotas are still unconfirmed
WOQMPJPF9FYUPOWKHNEKPQXUCFV9HWGLRLNTCDPQOREX9LVLSMJLFN9JJNQYUPYNRSCLGQVOMSLHMWYWDQFE9FXBYD --> thats the Adresse where it was sent to (1,8+Gi)
Thank you ????????
|
|
|
Winston
|
|
Group: Administrators
Posts: 3.6K,
Visits: 6.8K
|
+xHey I have also the same issue could someone check/help if my iotas are still unconfirmed WOQMPJPF9FYUPOWKHNEKPQXUCFV9HWGLRLNTCDPQOREX9LVLSMJLFN9JJNQYUPYNRSCLGQVOMSLHMWYWDQFE9FXBYD --> thats the Adresse where it was sent to (1,8+Gi) Thank you @didarossiI don't see a 1.8+ Gi transaction on that address: https://thetangle.org/address/WOQMPJPF9FYUPOWKHNEKPQXUCFV9HWGLRLNTCDPQOREX9LVLSMJLFN9JJNQYUPYNRSCLGQVOMSLHMWYWDLots of 1.9 Gi transactions though. If you're unsure if the transaction is pending or confirmed, I would urgently and aggressively pursue the steps in number 1 of the instructions of this thread. There's only a limited window in which you'll be able to save your funds, so you might as well get the ball rolling now just in case it's still pending.
|
|
|
miota
|
|
Group: Forum Members
Posts: 6,
Visits: 11
|
I know it is not technically correct, but I seriously think HelloIOTA should use the word "master password" instead of "seed". I believe all people are familiar with password safety, because they already have password at banks, etc. However the term "seed" is used in bittorrent as as a synonym for sharing. Uneducated people would think this seed value can be shared with others, or can be generated online without fear of being stolen. On the other hand I think nobody would generate his/her bank account password online, as they already know that passwords are for private use and can be stolen.
The confusion might also come from the fact that publicly available IOTA addresses look very similar to address seeds, at least to human eyes: 81 characters vs 90 characters is hardly distinguishable, at least when the two are not directly after each other. While addresses are public, seeds are of course not. However one might pretty easily mix those up and post his/her seed (aka. master password) instead of the address. If one is not careful enough to immediately transfer the funds to another address generated with a new safely generated seed, and an attacker can somehow connect that user's identiy with his/her IOTA address, then the funds can be stolen.
A GUI wallet should at minimum be able to generate seed on its own and offer a way to securely store it encrypted by a user password. Also minimum 10 character long passwords should be enforced for encrypting seeds.
I believe replacing the term seed with master password, and freeing the user from the burden of generating safe seeds and instead use the more familiar password mechanism would greatly reduce stolen IOTAs.
I understand that IOTA was designed for machine-to-machine transactions, and machines are not prone to stupid errors like humans, but there is already a massive human user base and I think it will exponentially grow this year. So it's best protecting IOTA's reputation before it's too late.
|
|
|
miota
|
|
Group: Forum Members
Posts: 6,
Visits: 11
|
+xThe confusion might also come from the fact that publicly available IOTA addresses look very similar to address seeds, at least to human eyes: 81 characters vs 90 characters is hardly distinguishable, at least when the two are not directly after each other. Sorry, addresses are also 81 character long, only 90 character long when checksum is also included. So they are practically indistinguishable from each other to the human eye. And also transaction hashes look very similar. So it is very easy to mix them up.
|
|
|
ndi01
|
|
Group: Forum Members
Posts: 2,
Visits: 0
|
I have >8000 gone and don't know what to do? Any Ideas
|
|
|
iq34acal
|
|
Group: Forum Members
Posts: 15,
Visits: 12
|
Hey guys, also my IOTAs were stolen, 19.01.. The TX is confirmed and most probably I'll get a shitstorm for my following comment. But if there are so many hacked accounts and the adresses are public, what is the point in changing the "snapshot" to try at least getting some of these IOTAs back. It's obvious which adresses are used to receive stolen IOTAs.The tanglesearch shows that they have plenty of incoming transaction, some of them unconfirmed, a lot of them confirmed. The money is still on the adress!!!! I also know that's in the responsibility of the end-user to setup a safe account, but the situation shows it's not that obvious and easy as many of the programmers may assume. I bought for almost all of my coins a Hard Wallet and safer them securely. But for IOTA I didn't know what to do, so I checked the internet, ended up on Youtube and followed the advice from some different videos. They didn't say anything about changing 10 characters of the seed and they recommended to use seedgenerators. For sure, I watched more than one videoe and obviously it's kind of confusing for beginners to understand everything from the very beginning. Especially if you buy more than one coin it doesn't make it easier. Maybe I used wrong key words or wrong sources but I also tried to get some infos for all of my coins from google and and and. I found nothing about that issue, but still...my fault. It's an expensive lesson for my own (and obviously also for a lot of other folks out there), but the guys behind IOTA should overthink their security settings and policies. Maybe a simple pop-up window integrated in the wallet with the most important security tips would have protected my money...not that hard to implement, everybody who opens the wallet needs to check that and get the necessary infos...Although I don't expect that somebody decides to undo the hack and send my 314.69 MIOTAs back, I'll give the thiefes and IOTA the chance to do so  : New Adress: BXZLVCQV9GZMMAMANHAZCNARDD9JNWCLORAYSADLHBZFDODGDBQRTZENMWFYZTVJT9YJFKXPGCRQTKAUXJZSZRHWKC And for all these wonderful guys out there knowng more about coins, blockchain, cryptographie then I do, hack this adress, bc my IOTAs were transfered to : OQRJJB9MJFOLGALRYNAUNZCRQOZGRQPHTRNGNWLPPNGETIU9JVQNRSOEICJOGLQVPLCMHEBZSHNI9UJQWQXVFENLBB Do what you can do  Have a good night and thx for your support!!!
|
|
|
miota
|
|
Group: Forum Members
Posts: 6,
Visits: 11
|
I don't understand why the following post is not removed from the "official" iota forum: https://forum.iota.org/t/iotaseed-io-now-also-for-generating-paper-wallets/3915Someone has posted iotaseed.io, one of the most dangerous SCAM sites 5 months ago, and no one has removed that post, or at least followed up by a THIS IS A SCAM, DO NOT EVER USE IT post. Unfortunately registration to forum.iota.org has been closed for some time now, mostly because of scams and spams like this. Otherwise I would have already posted there, as I see already some few hundred people reached that scam site via "official" iota forum.
|
|
|
Winston
|
|
Group: Administrators
Posts: 3.6K,
Visits: 6.8K
|
+xI know it is not technically correct, but I seriously think HelloIOTA should use the word "master password" instead of "seed". I believe all people are familiar with password safety, because they already have password at banks, etc. However the term "seed" is used in bittorrent as as a synonym for sharing. Uneducated people would think this seed value can be shared with others, or can be generated online without fear of being stolen. On the other hand I think nobody would generate his/her bank account password online, as they already know that passwords are for private use and can be stolen. The confusion might also come from the fact that publicly available IOTA addresses look very similar to address seeds, at least to human eyes: 81 characters vs 90 characters is hardly distinguishable, at least when the two are not directly after each other. While addresses are public, seeds are of course not. However one might pretty easily mix those up and post his/her seed (aka. master password) instead of the address. If one is not careful enough to immediately transfer the funds to another address generated with a new safely generated seed, and an attacker can somehow connect that user's identiy with his/her IOTA address, then the funds can be stolen. A GUI wallet should at minimum be able to generate seed on its own and offer a way to securely store it encrypted by a user password. Also minimum 10 character long passwords should be enforced for encrypting seeds. I believe replacing the term seed with master password, and freeing the user from the burden of generating safe seeds and instead use the more familiar password mechanism would greatly reduce stolen IOTAs. I understand that IOTA was designed for machine-to-machine transactions, and machines are not prone to stupid errors like humans, but there is already a massive human user base and I think it will exponentially grow this year. So it's best protecting IOTA's reputation before it's too late. @miotaRe: "master password" - this is a very interesting take on the situation. There'd definitely a ton of education that constantly needs to be done, and a change in terminology could indeed be a great move. This is an important discussion to have
|
|
|
Winston
|
|
Group: Administrators
Posts: 3.6K,
Visits: 6.8K
|
+xI have >8000 gone and don't know what to do? Any Ideas  @ndi01Follow the instructions in the original post. All of the information and contacts (discord) that you'll need are included there.
|
|
|
Winston
|
|
Group: Administrators
Posts: 3.6K,
Visits: 6.8K
|
+xI don't understand why the following post is not removed from the "official" iota forum: https://forum.iota.org/t/iotaseed-io-now-also-for-generating-paper-wallets/3915Someone has posted iotaseed.io, one of the most dangerous SCAM sites 5 months ago, and no one has removed that post, or at least followed up by a THIS IS A SCAM, DO NOT EVER USE IT post. Unfortunately registration to forum.iota.org has been closed for some time now, mostly because of scams and spams like this. Otherwise I would have already posted there, as I see already some few hundred people reached that scam site via "official" iota forum. @miota"I don't understand why the following post is not removed from the "official" iota forum: https://forum.iota.org/t/iotaseed-io-now-also-for-generating-paper-wallets/3915 Someone has posted iotaseed.io, one of the most dangerous SCAM sites 5 months ago, and no one has removed that post, or at least followed up by a THIS IS A SCAM, DO NOT EVER USE IT post. Unfortunately registration to forum.iota.org has been closed for some time now, mostly because of scams and spams like this. Otherwise I would have already posted there, as I see already some few hundred people reached that scam site via "official" iota forum. "The iota.org forum hasn't been active in a long time. This does appear to be a bad situation! I'll see what we can do to remedy this problem of having old posts on that forum possibly leading users astray. Thank you very much for pointing this out.
|
|
|
ndi01
|
|
Group: Forum Members
Posts: 2,
Visits: 0
|
I agree 100% with iq34acal and his points regarding security and so on! Ialso wanted to transfer my MIOTA away from the "unsecure" exchange and the only thing was the damned light wallet. So I ended up storing it in there.... thanks to IOTA foundation it's gone!? another address to hack would be: XHNRFOZYSPMZFRQQKQGKSDLAQHUNPAXVOSZWYIDMMWBXLPBWIXIZZ9BJIKAMWADMAWJJBZMOLXMXIIKPCGVWVKYKNW and I would be glad to get my 8695 MIOTA back!
|
|
|
miota
|
|
Group: Forum Members
Posts: 6,
Visits: 11
|
iq34acal: you are right, until proper wallet GUIs are implemented that do not require external seeds, at least a huge warning window should be shown indicating the seeds should never, ever be generated online. If one does not have access to a Linux console, use this dice roll method: https://i.redd.it/1ob6f3wagp601.jpgHave 3 dices and roll them. If the first dice shows 1 or 2, go to left in the second row, if 3 or 4 go to middle, if 5 or 6, go to the right. If the second dice shows 1 or 2, go to the left in the third row, if 3 or 4 go the middle, if 5 or 6 go to the right. Then do the same with the third dice: if it shows 1 or 2, go the left in the fourth row containing letters on the left, if 3 or 4 go the middle, if 5 or 6 go to the right. For example rolling 3, 2, 5 would yield L, then rolling 6, 1, 4 would yield T, etc. You will have to roll all the dices 81 times, but at least you can be pretty sure you have a quite random seed. At least much more random than using an online generator whose source of randomness you cannot be sure of (or whether it is stored on their servers), and much more random than just bashing the keyboard or trying to randomly type 81 capital letters and 9s.
|
|
|
damian19
|
|
Group: Forum Members
Posts: 2,
Visits: 0
|
Hi, It looks like if somebody has stolen my Iota. I hope this is a problem with wallet. The balance shows zero. this is the hash: JKAEWURXXEV9OCVDJTEZWHQWGIQLGVUDTGOURMZILVNFPNNEENUYPWZIPFZG9ZHEHKGUZBQJKMOVZ9999
Could you please help! it looks like this is the address it went to LPRIXKCYXVFUN9CXNNNLJUG9W9REZ99ZXZLXJINABSPJ9RNYNXIGNCEJ9BIJGW9ZHYYFGBOOVXLIIFAYAUCGRRSJLB
|
|
|