Yesterday, a friend of mine had his EOS account stolen — someone had gotten a hold of his account keys by hacking his phone, email, and Dropbox accounts.
I was able to change his account keys and secure the account. Now, I want to share how that can be done so that anyone can change their keys whenever they choose.
About EOS Accounts
Accounts are one of the exciting features of EOS. Every EOS user must have an account — the account name most users were gifted from the EOS snapshot looks something like this “gzxfefadhghg” — but you can create any account name of 12 characters (for now).
Accounts are controlled by key pairs. Each key pair has a public key that begins with “EOS#” and each private key begins with “5”.
EOS Account Key Permissions
There are two levels of permissions for keys on EOS accounts:
OWNER — this is the super key. This private key can control any action for the account — ake/unstake, transfer, vote, buy ram, and even change the account’s owner key. Protect this key and make it different than the ACTIVE key.
ACTIVE — this is the daily-use key. This private key can stake/unstake, transfer, vote, buy ram — but it cannot be used to change the OWNER or ACTIVE key. If this key were ever compromised, you could just change it using your OWNER key.
If unwanted actions were taken, you could use your OWNER key to open a case with ECAF arbitration and prove that you own the account — potentially, those actions could be reversed.
Changing Account Keys with Cleos
If you download and install cleos on your computer (command-line EOS). You can change your keys. We will create new keys, import the private key into the wallet and then assign the public key to the account. Be careful, go slow and don’t get your keys twisted or you will lose access to your account!
First, create a wallet load your existing OWNER key into your wallet.
I recommend using the shEOS API endpoint, since that’s the one I maintain — but you can use any from this list.
You will need to copy down the password when you create the wallet.
cleos -u "https://api.proxy1a.sheos.org" --wallet-url "http://127.0.0.1:8900" wallet create -n <NameofWallet>cleos -u "https://api.proxy1a.sheos.org" --wallet-url "http://127.0.0.1:8900" wallet import <Your Existing Private Key>
Next create some new keys:
cleos -u "https://api.proxy1a.sheos.org" create key
Warning — Do not share the private key with anyone and do not enter it on any websites. Always use a wallet or Scatter plugin.
This will create fresh EOS keys for you to use. The output should look something like this.
Private key: 5JDRvNv2iM2BH6zoU4Uya8NBY7PHMYLtFzpwhqcSz8CUbXjjPublic key: EOS6GeGgybmefy1jaBwEFWfCWvBVSHqJ42w4bLWYU6seQjsG
Import this new private key into your wallet and make sure that the public key matches.
cleos -u "https://api.proxy1a.sheos.org" --wallet-url "http://127.0.0.1:8900" wallet import <Your New Private Key>
Now you can change the existing owner permissions on your account to your new key. Replace the following with your EOS account name and new EOS public key.
First change the active permissions:
cleos set account permission <12LetterAcctName> active <New EOS Public Key> -p <12LetterAcctName>@owner
Then change the owner permissions:
cleos set account permission <12LetterAcctName> owner <New EOS Public Key> -p <12LetterAcctName>@owner
I know there are some tools out there like https://eostoolkit.io/home that allow you to change keys. This tool also requires Scatter Desktop.
I hope you found this helpful. Hit me up with any questions at @bensig on Twitter.