We are homing in on what happened which appears to be malware stealing people's private keys when they pasted or type them into Telos Sign and possibly other browsers. It is not a hack of the chain or any smart contracts. Good old password theft, although Telos Sign may bear some responsibility. If it does, Justin & I will propose a measure to reimburse them that I hope the block producers and/or voters will support. But first we need to verify my suspicions, fully understand and patch any potential future exploits.
I was using telos sign with my anchor wallet, had my keys on an offline computer, never got a scam mail or something like that...aaaand it wasnt enough 😅
You mean you were using the telos web wallet wallet.telos.net using anchor, right?
Right. I believe the malware sniffed the private key as it was transferred for signing. That would be our fault, not yours.
Has DNS hijacking been ruled out? That is how people used to have their Ethereum/Metamask hacked. If you can get the user to land on a website other than what they intended then hacking is easier.
Обсуждают сегодня