EMAC [first case of lost EOS retrieve] succeeded, reminding all EOS owner to take precautions against risks
After the EOS mainnet went online, with EOS memory on fire recently, most investors want to have their own EOS wallet address.
If you have already mapped it before the EOS mainnet went online, then just remember the private key and you have the EOS wallet:
But there are still a lot of unmapped users who want to have EOS wallet addresses, so various third-party wallet tools have sprung up, most of which charge fees or need vast points redemption, making users frustrated and crazy. Investors who recently got EOS are looking for the registration service on their behalf, and a lot of cases of assets stolen were reported. Many users claimed that when using third-party tools the public and private keys are overlapped due to formatting problems, resulting in theft of assets.
On the afternoon of July 4, 2018, Beijing time, an EOS investor with a WeChat name called “Red Dust” turned to EMAC (EOS Mandarin Arbitration Community) and claimed that 14869 EOS in his/her account were lost. The victim generated a public-private key pair through https://eostea.github.io/eos-generate-key, and then entrusted a agent with WeChat name “null” to make the registration. After successful registration, through the chain data analysis, it was found that the active permission and owner permission used different public keys. The active public key is provided by the victim “null”, however the public key of the owner permission is not provided by the victim. The rights of the wallet were modified in the afternoon of 2018/7/4. The funds of this account have not been transferred yet, and the arbitration has been applied for freezing.
After intense discussion in the community, the EMAC 911 team had a general understanding of the incident, so the 911 team began to send a commissioner to contact the victim to collect information and evidence. After the 911 team collated and translated the materials, the case was formally submitted to ECAF, which is the third case submitted from the Mandarin community. At the same time, the victims themselves also contacted some media through the power of the community. They also constantly pressured the suspects who may exist in the WeChat group. Through the unremitting efforts of many parties, the rights of the wallet of the victim were modified back in the evening. The 14869 EOS was successfully retrieved. This event is the first case of the EMAC community to successfully retrieve EOS. Here, the EMAC 911 team is pleased that the victim can successfully retrieve the lost EOS, and expresses deep appreciation and sincere gratitude to every community member who participated in the discussion and resolution of the case last night. Thank you for your contribution to the community! ! !
Victim thank you letter
Hello everyone of EOS community,
My name is “Red Dust”. Just now the stolen ~15000 EOS of mine was retrieved. The one who stole my account has given the Active permission back to me and I can now transfer the tokens away. Maybe it’s because of my article this morning, and of course the help from members in the community, and maybe the worry of some platform and people who are afraid of the increasing influence. Anyway, the thief was moved.
Null, who assisted me with the registration, has been helping me to get it back since the account was stolen. We are just acquaintances, but I trusted him. And his behavior is confirmed today.
Here I would like to thank:
- EMAC, Yao Siqi, Victor. They are really hard to handle so many cases by just four of them. Good job and hard work! I hope through this case the EOS community to pay more attention to EMAC and give them more help and support.
- Baicai-one, TommYTP, LiPing@EOSUnionBytecapital, Bell.Martin, UOOYAA(HomEsaiLING) and other friends who provided help.
- DuoBaaa, HelloEos, who helped to spread my article.
- Friends of the community who helped spread, and EMAC 911 team.
- Never go to eostea for registration.
- We all need to learn some knowledge about EOS administrative authority problems.
7/5/2018, 11:29 PM
Lost events are still taking place
Another victim appeared this afternoon (7/5/2018), losing 9722 EOS, and the EMAC 911 team is working hard to help him get back.
Security warning: Open source does not equal security
Recently, a number of EOS wallets have security issues, and it is suspected to be caused by calling the third-party open source tools to generated private keys.
A reminder to users: open source is not equal to security. Open source can make the code stronger and stronger, but it can’t judge whether it is safe or not by open source. They are two different concepts. Before the code becomes open source, the code should be fully reviewed. At present, the public and private keys of several open source tools overlap, and wallet developers should carefully call third-party open source tools.
The EOS system is different from Ethereum. The public-private key pairs of the owner and active permissions are different. The public-private key pair of the owner should be stored in a cold wallet.
Thanks again to the EMAC community and the EMAC 911 team for their efforts in this incident, and EOS users need to pay attention to account security.