Thank you very much for your pro advises! I really appreciate that!
Please install a pro antivirus software (mcaffee, norton etc.). You were obviously hacked and I suspect the Google extension site was fake. I recommend using Brave Browser instead of Google Chrome. Only thing you can do now is to learn from it. I was scammed myself and learned the hard lesson. Stay safe.
If you share the relevant wallet addresses / transactions, maybe we know more from the public blockchain data. Itâs sometimes easy to associate certain addresses to certain types of attacks.
2 Likes
Thereâs a website to check how much of your data was breached and what companies were breached for your data. Itâs haveibeenpwned (.) com, Robinhood was breached and a few other companies I use.
Just looking now, Coinmarketcap back in october last year was breached with 3.1 million emails being stolen and traded on hacker forums
Hi everyone.
I just wanted to report that on the 7th of April all my UST where withdrawn from my anchor earn and sent to the following address:
terra13yxhrk08qvdf5zdc9ss5mwsg5sf7zva9xrgwgc
Iâm sure i didnât use a âfakeâ site and I know that not using an external key makes me the only one responsible for what happened. Itâs just extremely frustrating not really understanding what happened.
1 Like
From OP there is a plethora of ways for your account to have been compromised. Have you ever used an electronic over a non home wifi? Whatâs the router firmware for your home network? Do you use a VPN? Do you have a reserved IP for said VPN? What is the VPNâs policy? How do you store your key phrase? Do you use a hardware wallet or software wallet? Can you confirm you donât have compromised accounts? Can you confirm your DNS was secure / without bad nodes? Was it your ISP dns? Whatâs the software version of your electronic that hosts the wallet? Have you ever transferred your wallet to a different host machine? Do you torrent? Do you have forwarded ports? Do you mine crypto? Have you ever used the internet with the machine you have the wallet on? Which sites do you normally use with said machine? Have you ever used the internet with the machine that has your wallet on cellular? Do people you know know that you use a crypto wallet? How much do they know about your usage? Do you delete cookies after every browsing session?
Chrome just had that 0-day exploit patched, we wonât ever know if the products we use are 100% secure of vulnerability, a long time ago I used to work as a iPhone support and I used to have hundreds of people a month claim that their phone was mysteriously hacked and they did everything right, likewise there was nothing apple could do about it since thereâs so many human attack surfaces before even getting into the technology ones. There was a system in place for security specialists who detect vulnerabilities to have them escalated. In anchors case or terra stations it would be a bug bounty. If it wasnât reported for bounty there isnât anything to be done really apart from self reflect on your personal security.
Just a small number of the millions of questions youâd need to answer to find out what happened.
The same thing happened to me yesterday. I had a significant amount of UST earning interest in anchor protocol. Someone, clearly an expert, was able to access my wallet and drain all my funds to a wallet address: terra10x5sezspctjxs27vql9xm4efrm93tlwzpj402n
This wallet is active right now and is draining other peoples wallets as I type this.
Some ongoing exploit of terrastation wallet is occurring and nothing is or can be done to stop it.
Nothing from support. Why even provide a contact method if it is never answered.
There is no ongoing exploitation of terra station wallets. The problem is between Chair and Computer (PIBCAC).
If what your proposing was feasible it would be front page news the moment it was discovered. Please keep yourself safe and DYOR in terms of security. Otherwise forgoe custody to someone who will do it for you and is willing to hold the liability of loss of funds.
Thatâs really stinks! Sorry to hear about that! Personally, I will never use Terra Station again until we can get a definite answer on how this keeps happening. FYI, you can still invest in Anchor via Okcoin and get the same interest rate without having to use Terra Station. Yes, itâs a centralized exchange, but after several years of investing in crypto Iâve never had any of my funds stolen from a centralized exchange. However, the first time I go the âdecentralized-my-keys-my-fundsâ route, I have $2k stolen. Just saying.
You do realize that if itâs a problem with terra station or Anchor then OKcoin isnt safe as well as they will have their accounts drained right?
I understand, but something inexplicable is happening with Terra Station to more than just a few people. I am not a newby and as far as I know, I took all the precautions that have been suggested and still got hackedâŚDownloaded the wallet directly from the play store, never used public wifi, used a VPN, never shared my keys, etc. Nobody has an answer.
unfortunately, while your seeing a problem security specialists are not. So you have to look elsewhere for the solution.
The forums is not a place to complain about hacks.
@moderators please lock the thread thank you people are just using it for spam at this point.
If you think this is a problem submit the bounty, thank you. This is not something anchor protocol is able to address for you.
What spam? Weâre having a discussion here. If you donât like whatâs being discussed, donât join in. Asking for the thread to be locked because you donât like whatâs being said is pretty petty and childish.
Youâve been actively trying to claim your own mistakes is a security flaw in the terra station wallet or Anchor protocol which is not the case and has been proven so. You have no proof other than you had your funds stolen. Iâm sorry it happened but itâs nobodyâs problem but yours. Go somewhere else because otherwise what are you discussing?
The most you should be discussing at this point is how to keep your funds secure which you are not. You are consistently and constantly alluding that there is some underlying security flaw no auditor or security specialist has found. I find this to be an insult and an attack on the community.
Kindly carry on your discussion elsewhere or submit a ticket on the terra station or anchor discord itâs not for here.
I personally have not alluded to any security flaw, but am just trying to find out what happened. Iâm just saying that I took all the security precautions that you and others have mentioned and still got hacked, so there might be something else going on here. As such Iâm just trying to get help from people who are supposedly more knowledgeable than I, so this doesnât happen again to anybody. Isnât that what a forum is for? I would think this would be an important discussion for the community and that those whoâs really care about Anchor and itâs mass adoption would want to get to the bottom of this stuff and make sure it doesnât keep happening.
But I guess I was wrongâŚ
No the forums are for discussing governance proposals and changes.
If you read the OP (first post in this thread) he explicitly says you money could be stolen for a variety of reasons outside yours, Terraâs, or anchors control and unless your an expert you probably wouldnât know or be able to figure out which attack surface you were on.
What your discussing isnât even on topic with the original post of the thread.
I used to work as an Apple IOS support a while back and we would have plenty (10s of thousands) of calls a day of people claiming that there was a security flaw or their phone got hacked and they did everything right. Sadly to say not even apple can do anything but turn them away.
Itâs interesting that each time an issue is brought up about lost funds, there is no feedback on finding out how it happened. Nor is there any information about how to secure your wallet so this cannot happen. When a wallet is accessed through chrome, might it be chrome has a security issue? I propose changing the withdrawal process for UST earning APY on anchor protocol. How can withdrawing aUST be made more secure?