Phishing!?! The Chronaverse has Been Compromised!
Well it was a regular day just like any other on Thursday July 7th. The Chronaverse was pumping full steam ahead, and all was well.
Suddenly the Chronaverse received a telegram message by a user by the name of simply “WSB”. They were representing a wax blockchain online boxing game and they had heard my music, and were interested in using it in the game! They were curious how much I charged per song.
And so I told them — we discussed back and forth, and then came the issue of contract signing. I had done many contract signings in the past and didn’t think much of it. So he sent me a docx file for the “contract” to open — but when I tried to open it on my home pc it said it was protected — and so I tried to open it on my work computer, which had word instead of open office. Same thing.
I told them I couldn’t get it open so then sent me a .src file — claiming it was a self contained word opening file — my computer said it couldn’t detect a program to open it, and my work computer just wouldn’t open it because it couldn’t detect a program as well. Little did I know that by this time the docx had already infected both computers with a keylogger, and was recording everything I had open. My home computer had my email open, my main wax wallet, my authy, and my telegram.
It wasn’t until I went to claim my aether in R-planet and the transaction didn’t go through that I detected something was amiss. Normally, signing in and out of WAX wallet can sometimes fix this. Well, when I tried to sign back in, it would not let me. When I tried to send a recovery email it showed a different email than my own. “email@example.com
In a panic I looked at bloks to see that the wam “5n3rg.wam” was transferring everything out of my rpiay.wam and vtjay.wam accounts into his 5n3rg.wam account — either directly or liquidating on Alcor or Defibox and sending to his account, and then to Binance.
The Nightmare Begins
At this point I tried signing into my main account to change my account information for my other account, not realizing it was a keylogger and simply thinking he had somehow just directly hacked that account. I cut it off from the main account and then I noticed that he had changed the recovery email and password for that account as well, and, because I was still logged into it, tried to change the password back, but he had gotten into my authy and then set it to 2fa on HIS end, effectively blocking me out of making any changes.
2FA CAN GO AGAINST YOU IF 2FA ITSELF IS HACKED. IT can also prevent you from getting your account back if they in turn put 2fa on their end.
I don’t own a cell phone — which causes its fair share of problems — but I have an online SMS spoofed phone # I use for SMS — so it’s never been an issue — had I had a phone, I could have hosted the authy on my phone and avoided this.
In addition WAX chain wallet does not provide you with the keys to recover your account like say Anchor does or other wallets, thus when I went to the WAX team to try to get my account back, they informed me that, due to decentralization they actually have no control over recovering my account, nor could they disable 2fa so I could get it back. Unlike a bank that can directly get in, decentralizing EVERYTHING means you are screwed.
MY ADVICE: Crypto personal information should be decentralized sure, but certain things, like collection transferring and account recovery, should VERY much be centralized. Everyone gets dinged by someone eventually. In addition, no account should allow a recovery email to be changed for x amt of time if a new login ip is detected. This would have solved a lot of my issues.
But the nightmare was not over.
Because I had also used my work computer, and because I work for the cable company, I figured the security on that computer was iron-clad. It was not. So I used that computer to try to do damage control — to change emails and email passwords — well he had logged that too and got into my bank account, my twitter, my facebook, my discord and telegram. He booted me out of my email, and I used their recovery method to get it back. Unfortunately they logged my entire process of doing so and was thus able to get it back once again from me — and when I tried after, he must have gone on an email deleting spree as I could not recover the account.
At that point I needed to do real life damage report as now he had access to my main email and everything associated with it. I filed a police report — I booted him out of my online banking — as he had gotten into that too — thankfully he didn’t get anything from there — i called the bank and had them freeze my account and remove any recovery email info — I called transunion which in canada deals with fraud and monitors your credit card transactions and also protects your social insurance number (ssn for americans)
The Nightmare Continues
I ran several virus scans on my main computer and ITHINK Igot it all — and also brought in my work computer for re-imaging. As a result however I could not trust my computer anymore and bought a new one. However when i went to do a data transfer I realized he had since hacked into my email and changed the password again — and since my old laptops login was associated with my microsoft account (as you have no other option) I couldn’t even sign into my laptop, thus locking all that info in there temporarily (places like geek squad can bypass that and I will do that eventually)
But the main damage was my crypto. I don’t think he was able to get into my coinbase as I don’t think he had access to my sms spoofer, but if he did anything in there it’s gone, although there was very little I held there.
He got both my wax accounts which meant he now could mint stuff from them as well. Chronaverse wavered between 1st and 2nd place on rplanet and the cards are stakeable — if he wanted he could mass mint cards and devalue the collection, but I believe he was more interested in immediate gain.
also all my assets were gone — all the passive incomes I had built up in other games, all my rplanet lands, all my rdao, all my aether, all my mining equipment, all my dust and dust enhancers, all my shing, all my taco, all my ark infernum monsters, my nefty, my minerals, the list goes on and on..
So What Now?
Well, now I had a big job to do — I had to literally change the recovery email and password of literally everything I could possibly think of associated with my main account — and some things I did not get to in time. He got into my telegram username and deleted it and made my telegram room private only and started to boot people. Then he got into my discord and locked me out of that — I had to remake all my discord rooms and remake my telegram — and since I don’t have a mobile phone some discord rooms I cannot get back into as they require mobile phone # verification — which is dumb — not EVERYONE wants to use a phone, it’s still a choice!
But the main issue was my account — what to do? Should I just pack up and walk away, or start the extremely arduous process of rebuilding? I chose the latter, if only for my fans.
The issue was however that I have no revenue — the hacker was still profiting off everything. So I started to campaign for donations — anything people could do. Track down my rplanet lands and try to give some back to me — track the hacker in blocks and see where his trails lead.. or just donate nfts or wax so I could slowly rebuild.
My fans were generous enough to give me a few things -like a borrowed rplanet wecan nft to gain some aether per hour to give me SOMETHING to stake to earn that I could convert to wax.
I also made a tweet detailing how people could help — you can find it here:
in order to get us back up to where we were chronaverse needs to raise money – once the collection is back up we'll reward donators – here's what we need:
— Shawn Dall (@Chronamut) July 13, 2022
I transparently detailed out how much wax I would need to put into ram, net and cpu for the collection to be remade — as I would need the same amount I had currently had to be able to remake all the schemas and templates to award everyone their pieces. I then notified wax and atomichub of the compromised account so it could be de-whitelisted. I then modified my web page so that people saw the disclaimer of what happened but couldn’t browse the nfts.
At this point it’s a matter of getting the wax to remake the collection, reminting literally everything, giving everyone new nfts to replace their old ones, and then whitelisting the new collection and blacklisting the old collection, and then transitioning it over into any games it is attached to, like galactic123 and rplanet. That is the current goal. I need 13k wax in total for operating costs.
This is the current status of our donations:
main account wam: chronaverse1:
goal: 3600 wax cpu — current: 851 wax (351 mine, 500 others)
goal: 200 wax net — current 200 wax (100 mine, 100 others)
goal: 5000 wax ram — current 482 wax
backup account wam: 5wm3g.c.wam
goal: 500 wax cpu — current: 598 wax (3 mine, 595 others)
goal: 50 wax net — current 55 wax (45 mine, 10 others)
goal: 800 wax ram — current 227 wax
please donate to either of these accounts — chronaverse1 will be what the new collection is built off of on anchor — and 5wm3g.c.wam is the wax wallet used for emergencies if anchor is not working — and thank you to everyone who has donated so far!
Even if you just want to donate nfts anything is appreciated! Uplift donated some uplift stuff, uplifted donated some lands, rland donated some mining equipment to get started — this is basically a crowdfunding movement at this point, where you, the community get to help to rebuild one of the oldest collections on wax blockchain, as the chronaverse was one of THE FIRST collections on the chain!
So what can we take from this?
- Never EVER trust anyone who dms you on discord or telegram or email etc that you do not know. As soon as they claim to represent someone find the official contacts for those people and ask them yourself. If they can verify it then you’re most likely fine, if not block the person immediately.
- Always find a way to sign something either by signing and scanning or doing an online contract that doesn’t require you to download a file. A virus can be placed in a doc, a pdf, even an image file! I know this makes things extremely tricky as almost anything can be compromied when it comes to things like contract signing — but make sure you scan everything you get, but sometimes even this is not enough.
- Always have an account that has both public and private keys. Do NOT store your private key on your device. At ALL. Put it on a ledger or a usb drive or even write it down. Anything that would require the person to actually literally rob you to have to get. At that point you have a different problem. Have multiple ways to access things in case you lose one or information is lost — house burning down losing your phone etc.
- Realize that 2fa CAN go against you if you lose access to your email or your phone number. What protected you can now also lock you out, and NOBODY will be able to help you if you also don’t have access to things such as your email or phone #.
- Realize however that if it is a phishing scam it is very difficult to do anything to protect yourself as every step you make is compromised. If you can however as soon as you realize the extent of the damage find a computer you KNOW is safe and start changing every recovery email and password you can on the non-compromised email, and make sure your other emails can’t be used to restore any emails you have recovered. If you are still not confident try to contact the companies to tell them of suspicious activity and see if you can have those locked.
- Do NOT use a wax wallet to make a collection on atomichub — the collection can NOT be transferred to another wam and you do not have your keys for that type of wallet — instead use any wallet that gives you your own private key and public key pair to own, such as anchor wallet. I didn’t have much choice because I made mine so long ago without knowledge of such things, so I feel for me it was unfortunately only a matter of time.
- Do not despair in having your trusting nature being taken advantage of — eventually we all slip up — we cannot be vigilent 24/7! For me them using my music slid under my radar as it was not the scam I was normally looking for. Normally I would have contacted the original people right away, but this time they got me. This is a known scammer and they have already taken down other collections, toad shaman being another user that they got.
- The chronaverse cannot currently support its massive weight under a new collection without your help! Please donate to chronaverse1 or 5wm3g.c.wam to help me rebuild! Also please share the tweet above! Let’s show the community how we can band together to help those in need, and lets not give this hacker the satisfaction of ruining artists!
*The above is from the original found on Medium here.
- It has been amazing to see the community come together to help out in response to this unfortunate situation. The Uplift community has actually been quite warm in assisting with the Uplift side of things either both through donating plots back and by whitelisting to recently attained plots so that the builds could be continued. From the Uplift side, it is really nice to see so many coming together in support to try and aid a really bad situation. For a taste of some of the scale the Chronaverse has been working on in The Uplift World, check out Bridging the Nether.
- Atomichub has blacklisted Chronaverse for now to prevent the scammer from minting any more nfts – which kinda makes the clock ticking on remaking it. Reminting of the NFTs in the new collection to replace the old can be found here.