The hard hit suffered by Mad-Runner: $50k stolen by @hivewallet94 - Keep your passwords safe! / Il duro colpo subito da Mad-Runner: 50k $ rubati da @hivewallet94 - Tieni al sicuro le tue password! (ENG/ITA))

@mad-runner is a great hiver, he's the great leader of the EDSF Guild I'm a part of and is also a great person. I've built nice relationships here on Hive and have almost always found a spirit of cooperation and helpfulness. mad-runner even though I have never met him in person I consider him a true friend. When I was a small user of Hive my posts received few comments and few votes but among those who commented there was always @mad-runner and if I'm here now is thanks to those who have always supported me and commented. When three nights ago he contacted me saying that he couldn't login on Hive I thought it was a simple problem of Hive node or anyway I thought it was something easily solvable. Then when I checked the transactions made by mad-runner on the Hive blockchain from https://hiveblocks.com/@mad-runner I immediately understood that the situation was serious and that his account had been compromised and that someone had changed his access passwords. By the way in more than two years I have never seen @mad-runner doing a power down while, as you can see from the transactions in the following image, a total power down of all HP was started.  It's clear who's behind this: the @hivewallet94 account. I am the recovery account of @mad-runner and I immediately helped him to perform the recovery procedure. To do the recovery of his account we used the procedure implemented by @reazuliqbal at the following link: https://reazuliqbal.com/HiveAccountRecovery/  After changing the Master password I thought mad-runner was safe and secure but instead the next morning hivewallet94 logged into his Splinterlands account and took all his cards. When mad-runner contacted me it was already too late. ## How did hivewallet94 connect to Splinterlands after the passwords had been changed? There are only two hypotheses: ### **First Hypothesis**: **hivewallet94 when he first took control of the account linked one of the following wallets to Splinterlands:** - Wax - Wombat - Metamask - Arkane Network In fact Splinterlands provides many login possibilities and in that case, even if hivewallet94 didn't have mad-runner's Hive password anymore, he could access Splinterlands with the alternative login methods.  ### Second Hypothesis: **hivewallet94 had taken control of mad-runner's computer and/or had access to his email.** hivewallet94 has not only attacked mad-runner but has also attacked @sissim and @angeloacrobat at the same time and this detail makes the first hypothesis fall.  mad-runner had helped sissim and angeloacrobat in the Hive registration process and had sent the passwords by email. Mad-runner was the only one who had sent the passwords of all three accounts (including his own) via email. Tried by the bad experience and in a state of confusion for the violation suffered mad-runner sent his new Hive password to a person of his trust via email. So hivewallet94 to do what he did had control of mad-runner's pc or had access to his email otherwise he wouldn't have been able to access Splinterlands after mad-runner had changed his Hive credentials. The breach of mad-runner's email is therefore the most likely scenario. The losses mad-runner had on Hive were small, those on Hive Engine (STARBITS tokens,...) bigger but still bearable but **the theft he suffered on Splinterlands was really big**. Mad-runner had a respectable card collection worth about **55000 dollars** and the bastard hivewallet94 stole everything from him, **EVERYTHING!!!** ## The history of the theft At 9:40pm on September 6, 2021 mad-runner regains possession of his account with the recovery operation.  At 03:12 hivewallet94 resumes control of mad-runner's account but this time he doesn't change the password and the first thing he does is to start modifying his recovery account.  My biggest regret is that I didn't notice this operation. It takes 30 days to modify the recovery account so this operation is easily cancellable but if I had noticed the transaction I could have called mad and warned him...but it was 3 am and I didn't notice it unfortunately... At 04:17 hivewallet94 takes the first mad-runner card  And then he takes them all...  At 9:12 he steals the last card in mad-runner's collection  By the time mad-runner realizes what was going on it is too late and hivewallet94 has already completed his disgusting and deplorable activity. Having finished his theft from mad-runner's account, hivewallet94 switches to the account of @sissim who is also a Splinterlands player. sissim is a good friend of mad-runner and mad-runner asks me to help her, sissim calls me and I explain her how she has to do to transfer the cards and I tell her to transfer them to my curation account @libertygame27. Sissim starts to transfer the cards but she is not very fast and after a while she has a family mishap that makes her leave the computer.  hivewallet94 unlike sissim who is a mom and has kids and a family to think about, he only has one goal: **steal (you fucking bastard!)**. When sissim gets back to the computer she calls me on the phone and tells me she has nothing left on Splinterlands.  # What happened to the cards of mad-runner and sissim? A part of mad-runner's card collection has been sold while a good part of it has been transferred first from hivewallet94 account to hivewallet95 account and then transferred again... Last time I checked hivewallet94 account transactions, many mad-runner cards were in hivewallet92 account whose (stolen) card collection was worth 30000 dollars.   I tried asking for help for mad-runner on the Splinterlands discord server and also sent a private message on discord to @aggroed and byzantinist. Both aggroed and byzantinist were kind and answered me immediately but the answer I received was what I unfortunately expected: **intervention is improbable because an intervention would mean violating the principle of decentralization**. **I would like that in cases of proven and obvious theft Splinterlands would intervene but I also understand the complexity of the problem related to the violation of the principle of decentralization.** I wrote this post because I hope it will be useful to those who will read it and I hope that the terrible experience that mad-runner had to undergo can be of help to others. **We tend to think that bad things can happen only to others and never to ourselves but it is not so.** **You should never let your guard down especially when you own very valuable assets!** In the decentralized world of blockchains the safeguard of passwords is only up to the users who must take the maximum measures to protect their assets. # Basic tips to secure your account  Below I list a series of basic tips to follow that I hope will be useful to everyone and especially to those who have recently entered the world of blockchain: #### **1.** **Never store your passwords on the same device on which you use passwords.** If you are a Hive user, only use your passwords to enter them on Hive Keychain during initial setup. With Hive Keychain your passwords are safe and you can login to Hive and the many Hive projects without having to enter passwords manually each time. You can store your passwords on a digital device but only if it's a device external to the computer you use to access Hive or any of your wallets. I recommend that you also save a copy of your passwords on a paper device and keep it in a safe place. #### 2. Don't send your passwords by email or on channels like Discord and don't send them to other people even if they are trusted people. Doing so only doubles the risk of your passwords being stolen. #### 3. Don't click on links that come from accounts you don't know. Many links are disguised and you should check each link carefully before clicking on it (e.g. www.amaz0n.com is not the most famous www.amazon.com). #### 4. Nobody gives anything to anybody! Never trust messages that offer you gifts or benefits. #### 5. If you have email always use two-factor authentication (2FA) to access your email and use two different devices for the two stages of authentication. #### 6. Install and use good anti-virus and anti-malware software on your computer or device. #### 7. When performing financial transactions make sure the network you are connected to is secure. Public and open networks can be risky. *** # Basic tips for securing your Splinterlands account ***  If you are a Splinterlands player follow these two important tips: #### 1. make sure you have activated in the Settings section the option "Require active authority for transferring assets out of your account".  #### 2. Use the Lock Cards feature on the Splinterlands website If you have a very valuable card that you use in Splinterlands battles and you don't want to sell or transfer it, use the useful **Lock Cards** feature that allows you to lock any card transfer for a certain period of time. To use the Lock Cards feature follow the arrow directions in the following image.  After clicking on the lock symbol on the next screen you have to enter the number of days the card is to be locked and then click on LOCK.  *** ## Conclusion *** **If you follow the tips I listed above you will make the dirty and vile work of non-humans like @hivewallet94 difficult to accomplish.** In an ideal world we could walk down the street naked with passwords tattooed on our bodies but unfortunately in the real world that's not the case and there are bad and despicable people like @hivewallet94. There are people from whom you can take away everything but not their dignity and then there are people like @hivewallet94 who will have huge financial accounts but they are the poorest because they don't have the most important values. @mad-runner is a great friend, he's a great hiver, he's a great guild leader and he's a great Splinterlands player and what happened to him he didn't deserve because he's above all a good and generous person. His bad experience hit me in the heart.... ## 100% of the payment for this post goes to @mad-runner I am very sorry for the hard blow that @mad-runner had to suffer and as a sign of solidarity and esteem towards him I assign 100% of the payment of this post just to him with the hope that he can return to battle in the highest leagues of Splinterlands as soon as possible. I invite you to be as generous as possible with the votes to this post and I that I have a self-vote = 0 will be the first time that I will vote a post of mine. I tag all EDSF guild members and other users who know and have interacted with the great @mad-runner and who I'm sure will have words of comfort and appreciation to dedicate to him: @fedesox @robibasa @pab.ink @maruskina @poliwalt10 @zottone444 @amico @road2horizon @ilpobre @garlet @claudio83 @stefano.massari @blumela @alequandro @mrcoincon @vittoriozuccala @sissim @armandosodano @spiceboyz @tosolini @ciuoto @coccodema @dexpartacus *** Unless otherwise indicated, the images in this post are screenshots taken from the sites: [https://splinterlands.com/](https://splinterlands.com?ref=libertycrypto27) https://hiveblocks.com/ https://peakmonsters.com/ The font used in my images or edited by me is Open Source ***  ***  *** # Il duro colpo subito da Mad-Ranner: 50k $ rubati da @hivewallet94 - Tieni al sicuro le tue password! ***  *** *** Il 100% delle ricompense di questo post andranno a @mad-runner *** *** @mad-runner è un grande hiver, è il grande leader della Gilda EDSF di cui faccio parte ed è anche una gran bella persona. Ho costruito bei rapporti qui su Hive e ho trovato quasi sempre uno spirito di collaborazione e disponibilità. mad-runner anche se non l'ho mai incontrato di persona lo considero un vero amico. Quando ero un piccolo utente di Hive i miei post ricevevano pochi commenti e pochi voti ma tra chi mi commentava c'era sempre @mad-runner e se sono qui ora è grazie a chi mi ha sempre supportato e commentato. Quando tre sere fa mi ha contattato dicendomi che non riusciva più a loggarsi su Hive pensavo fosse un semplice problema di nodo di Hive o comunque pensavo fosse qualcosa di facilmente risolvibile. Poi quando ho controllato le transazioni effettuate da mad-runner sulla blockchain di Hive da https://hiveblocks.com/@mad-runner ho subito capito che la situazione era grave e che il suo account era stato compromesso e che qualcuno aveva cambiato le sue password di accesso. Tra l'altro in più di due anni non ho mai visto @mad-runner fare power down mentre, come puoi vedere dalle transazioni nell'immagine seguente, era stato iniziato un power down totale di tutti gli HP.  E' chiaro chi c'è dietro a tutto questo: l'account @hivewallet94. Io sono il recovery account di @mad-runner e l'ho subito aiutato a eseguire la procedura di recovery. Per fare il recovery del suo account abbiamo utilizzato la procedura implementata da @reazuliqbal al seguente link: https://reazuliqbal.com/HiveAccountRecovery/  Dopo aver cambiato la Master password pensavo che mad-runner fosse salvo e al siccuro ma invece la mattina seguente hivewallet94 si è collegato al suo account di Splinterlands e gli ha preso tutte le carte. Quando mi ha contattato mad-runner ormai era già troppo tardi. ## Come ha fatto hivewallet94 a collegarsi a Splinterlands dopo che le password erano state cambiate? Le ipotesi sono solo due: ### **Prima Ipotesi**: **hivewallet94 aveva solo le password di Hive di mad-runner e quando ha preso il controllo dell'account la prima volta ha collegato a Splinterlands uno dei seguenti wallet:** - Wax - Wombat - Metamask - Arkane Network Infatti Splinterlands prevede molte possibilità di login e in quel caso, anche se hivewallet94 non aveva più la password di Hive di mad-runner, poteva accedere a Splinterlands con i metodi di login alternativi.  ### Seconda Ipotesi: **hivewallet94 aveva preso il controllo del computer di mad-runner e/o aveva accesso alla sua mail.** hivewallet94 non ha attaccato solo mad-runner ma ha attaccato anche @sissim e @angeloacrobat contemporaneamente e questo particolare fa cadere la prima ipotesi.  mad-runner aveva aiutato sissim e angeloacrobat nel processo di registrazione ad Hive e aveva inviato le passwords per email. Mad-runner era l'unico che aveva inviato le password di tutti e tre gli account (compreso il suo) via email. Provato dalla brutta esperienza e in stato confusionale per la violazione subita mad-runner ha inviato la sua nuova password di Hive ad una persona di sua fiducia via email. Quindi hivewallet94 per fare quello che ha fatto ha avuto il controllo del pc di mad-runner o ha avuto l'accesso alla sua mail altrimenti non sarebbe stato in grado di accedere a Splinterlands dopo che mad-runner aveva cambiato le sue credenziali di Hive. La violazione della mail di mad-runner è quindi l'ipotesi più probabile. Le perdite che mad-runner ha avuto su Hive sono state piccole, quelle su Hive Engine (token STARBITS,...) più