Hacked? How to check & change your vesting route

in LeoFinance2 months ago (edited)

image.png

Have you been hacked?
Did someone set a vesting route change on your account?
Wtf is a vesting route?

Vesting route is a lesser known feature where you direct your powerdown to another account. While there are legitimate users for this feature (I use it to redirect my powerdowns to my cold wallet), hackers will usually set this feature to send powerdown funds to their account even if you recover your keys. Yes, they will still receive funds from your account after you change your keys.

How can I tell if I have a vesting route set?

One way to tell is to look at hiveblocks.com and see if you have seen the operation.

image.png

While this is easy if you recently got hacked, you will not know if this was done in the past.

Most people setting vesting route are probably using the cli wallet and I believe this is probably too complicated for most users. I am going to cover an easier way to check this and remove it if necessary.


Introducing Vessel wallet

Vessel is a desktop wallet for Hive. Vessel allows you to do anything you can do from Hive.blog Wallet and Peakd Wallet as well as a few other things, one of which adjusting your vesting routes.


Installing Vessel

Visit the Vessel Github releases page and download the build for your operating system.

Installation is pretty straight forward, just say yes to everything.


Add your account

Once Vessel is installed, you are going to want to add your account.

You have two ways to go about this.

image.png

You can use your master password to import all keys into Vessel, or you can add them each manually.

If you want to use your master password, you would fill it in like this.

I recommend using a Wallet Password to encrypt your accounts in Vessel. If you use the same wallet password for all accounts you will only be prompted once.

image.png

It is generally recommended to never enter your master password anywhere unless you are trying to recover your account. While it is a couple more steps to enter each of your three keys manually, I recommend that you do so.


Check for vesting route

Once you have setup your account(s) you should see the overview page with your account(s) listed.

If you click on the Vesting tab you will see all your accounts and their vesting routes.

Currently there are no vesting routes for this account, but let's set one up so you can see what it looks like.


Here you can see I setup a vesting route to @themarkymark, meaning any powerdowns done will send funds silently to @themarkymark. Even if I change the keys to my account, this vesting route will continue to do it's job.


Removing a vesting route

Removing the vesting route is as easy as clicking the trash can button.

That's it. If you recently got hacked and you are not sure you have a vesting route set, you can give this a try.


Pro Tip

One thing I recommend doing if you have a larger account is create an account to act as a cold wallet, an account you rarely ever log into and do not use any dapps with. Set your primary account vesting route to send funds to this account. Any extra funds you do not need in the immediate future, send to this account so you minimize your risk.

Never use your owner key or master password for anything other than recovering your account.

Stay safe!

PS: @asgarth @jarvie any chance you can add some functionality to PeakD for vesting routes? Would be awesome as there is no public easy to use interface for vesting routes currently.

@deathwing, can we get vesting route add/remove notification added to F.R.I.D.A.Y.? Would be nice to have Powerdown started/Stopped added as well.


Securely chat with me on Keybase

Why you should vote me as witness

Posted Using LeoFinance Beta

Sort:  

Yes, good suggestion. I’ll do my best to include this in one of the next releases 👍

I just added controls for withdraw_routes to everyones profile page on https://hive.ausbit.dev .
Here's how it looks for my @ausbit.dev account now

Thank you for this post @themarkymark. It happened to me 12 days ago, and thankfully my vesting routes are safe. However, I got a question. The hacker claimed I posted my master key on a memo, but I wanted to checkout somewhere what have I done wrong to no avail. Is there a tool where can I review it or search it? I've tried hiveblocks, but it goes beyond my knowledge. I just want to be 100% sure what have I done wrong to not do it again. Thanks again for this Mark.

I just checked your last year of transfers and I did not see a private key in any of your memos, that was not how you were compromised.

Posted Using LeoFinance Beta

Thank you @themarkymark! Now it's just a guessing game, I think. One probable hypothesis is that I kept using the same keys as I was using on steemit and I didn't change them. Maybe that was the way, but I'm not sure.

But those who sign-up using ecency just get there master password my friend @abhi4 signed and he uses only that for transaction so do he need to change password. I am worried cause he felt it is not for him and he is sending his funds to me don't want to loose them.

You can extract your other keys on PeakD or use cli wallet to extract them (advanced), and importing the master key into keychain also sets the active/posting and no longer uses or stores master password. I highly recommend not using master key.

Thanks and are you some kind of alpha whale here, thats why I am getting unrealistic amount of curation for even at comment on your post 🧐

You are the wise master in the arts of hive. Do you know a tool to claim an account like steemworld used to do it???

Posted Using LeoFinance Beta

You can claim accounts right from PeakD wallet.

image.png

Thank you very much. Peakd never cease to amaze me.

Good information here. The vesting route is integral for getting your power down where you prefer it, unsure how many people were aware of this sort of thing (new users) until this post. Good work on the PSA Marky.

Is there any notification system that will let me know once my power down started?

I'm new here so any info is highly appreciated.

Btw, is there a tool where I can track info related to my acc? Followers, number of times someone visited my profile or something similar?

There currently isn't a notification system for Powerdown or vesting route, I have asked the creators of F.R.I.D.A.Y. to add it.

If you haven't signed up, join their Discord for more information. It is a notification system for Hive through discord, I couldn't imagine using Hive without it.

You can find follower numbers on your profile, there is no way to tell how often people view your profile or anything like that. That information is unique to each frontend (there are many).

Oh I get it!

Thanks for the response!

This happened to me. I had accidentally posted a key into a post back in the early days and it was immediately grabbed by a scammers bot who instantly started a powerdown on my account. I was able to get it stopped with the help of my favorite witness, and the scammer only got 8 liquid Steem from my account. I never powered down until after the Hard Fork to Hive and because that scammer had set a vesting route years before, my first Steem powerdown of over 800 Steem went to him with no chance of recovery.
Checking your vesting route is GREAT advice!

This is why it is critical to never use your master key for any reason unless it is recovering your account or changing password. Every time you use that key you put your account at risk.

This is also another reason to store liquid funds on an alt that you typically don't log into (aka Cold Wallet), you can send funds without ever logging in. I would only recommend this if you have a significant amount of Hive/HBD you need to protect. For a couple Hive I wouldn't worry about it.

Posted Using LeoFinance Beta

A lot has changed since those early days when it was necessary to use your master key for some functions and it was still possible to accidentally post keys.
It taught me a valuable lesson and these days I don't keep any more liquid than I would be willing to loose, but your cold storage idea is a great safety solution.

This is really nice and informative, can I use it on mobile phone?

Unfortunately no, but if PeakD as support for it (which they said they would) then that would be the best way.

Using a mobile phone is restricting so much. Hopefully i will get a pc soon. Don’t want to miss out on some opportunities

Or do a test PD with e.g. 1 Hive to see if the first installment goes to the right account.
This is just my dumb approach, since this vessel thing seems too complicated to me. But it would work too, correct?

It would work, but a lot of work.

You are always wise in these fields and definitely will read up on it later. This all makes sense and worthwhile. Peace of mind knowing you have another security layer is always a good idea.

Posted Using LeoFinance Beta

Thank you very much.
Yes. The hacker was hiding there silently
vessel_vesting_route.png

Thanks to you, I was able to delete him. After deletion (from hiveblocks)
stop.png

And in vessel
08.png

Hope that I don't have to experience the same!

Hey, @happypanganiban ! Disappointed!!

Marky is our own personal Hive schoolteacher. Thanks a lot for this information.

Posted Using LeoFinance Beta

Never knew this was possible. Thanks for the info.

Thanks for the information! I am new to Hive, and feel that I am tentatively going through it and learning it; however, posts like these help me take confident steps.
I think you explained it very well, you made the post newbie proof, thanks for that. :-)

This happened to me once!! They stole over 100 HIVE and I'm still pissed about it. How they cracked it I don't know but I changed that password.

Posted using Dapplr

I used hivesigner to set a route once and omg that whole 100 is not 100% was confusing as hell. if @peakd would be as always awesome to add this easily to use would be of so much help!

How to counter?

Don’t leak your keys or click questionable links.

Thanks so much for making this and for the advice :) I definitely like the idea of spreading the Hive around to minimize risk :)

Oh this is quite nice. I will wait till PeakD implements it then do this to make things easier.

Posted Using LeoFinance Beta

No clue this feature was even there. It's a super cool feature. I think like many of the best things in Hive - unless front ends make it easy we won't be using or even become aware of these.

Posted Using LeoFinance Beta

This will be very useful, as I have seen that many accounts and billfolders have been hacked, I will keep checking.

Posted Using LeoFinance Beta

Out of curiosity, What is a 'large account' in your eyes?

50K HIVE? 100K? 250K? 1 million HIVE?. When is good time to start considering a cold wallet for Hive related assets?

Btw, (just remembered) any updates regarding the Ledger integration work which netuoso started a while back? Could it be possible to escalate his already done work and get a working ledger integration?

Posted Using LeoFinance Beta

Out of curiosity, What is a 'large account' in your eyes?

It doesn't matter what it is in my eyes. What is it in yours? What's your risk tolerance?

Btw, (just remembered) any updates regarding the Ledger integration work which netuoso started a while back? Could it be possible to escalate his already done work and get a working ledger integration?

I believe it was picked up by someone else and waiting peer review. There was an update not too long ago.

Quite a useful post for the two sides. For some- how to check whether they were hacked. For another- not a bad idea for hacking ;)

The truth is that I don't understand much, but I can see that you put a lot of effort into the post to make yourself understood, at least among those who have studied the subject.
By @hojaraskita

Your content has been voted as a part of Encouragement program. Keep up the good work!

Use Ecency daily to boost your growth on platform!

Support Ecency
Vote for Proposal
Delegate HP and earn more



The rewards earned on this comment will go directly to the person sharing the post on Twitter as long as they are registered with @poshtoken. Sign up at https://hiveposh.com.

Wow, never thought at this until now. Good job to inform us. !LUV


Posted via proofofbrain.io

<><

<><

LUV

Connect

Trade


@themarkymark, you've been given LUV from @heruvim1978.

Check the LUV in your H-E wallet. (2/4)

thanks for the helpful info


Posted via proofofbrain.io

Woh, great info...thanks @themarkymark.

Thanks that's good to know. IMO keychain is a very good solution for it. I hate to use keys :P

Posted Using LeoFinance Beta

I'm fairly new to Hive and I'm definitely glad to have stumbled upon this post. Bookmarked to make sure I can come back to it another time. Thank you so much!

This is thoughtful and I have to put it into practice because this is the issue in the 20 and 21 century that has been connected trouble in all spheres of the world and this has to be checked


Posted via proofofbrain.io

Saludos, @themarkymark, diariamente en mi wallet llega un depósito de 0.001 HIVE from dhedge-drips. Dice Your daily DHEDGE drip for HIVE based on 25.01826559 DHEDGE with 0.00723215 % share. Yo no se cómo obtuve esos 25 dhedge que se mencionan allí, deseo saber cómo los obtuve para realizar la misma acción, obtener más dhedge y así que mis intereses sean mayores. Me imagino que entré en un concurso o coloqué una etiqueta o publiqué algo en una comunidad donde obtuve esos 25 dhedge. Veo que usted está muy informado sobre los tokens ¿Podría ayudarme? Gracias anticipadas.

Thank you for the information.

Posted Using LeoFinance Beta

Thank you, I will bookmark this for future reference.
This is a definite entry on my hive helpful post archive, if you have any other posts I should include please let me know.

Posted Using LeoFinance Beta

Any chance making a mobile or web based version?

Not likely, there are already pretty good tools for web (PeakD is fantastic and will be adding vesting route support).