When @siamcat told me about what was happening I made a monitor robot to track some accounts she told me where doing illegal activities.
This seems to be a profesional job, and developers are part of this, i can understand their first impression was to blame me for it.
It offended me but in this moment I am convinced that differences should be put aside to fight this.
I am of course not disclosing details here that might let the hackers know and adapt their actions, also they are technical and i dont think the average weku populationwould be able to understand it.
But i am available on discord to discuss this on detail (I will only go deep in detail with people i have had in video callsin the past to avoid disclosing details to impersonators)
So here is some advice:
The weku Explorer is offline
It is very inconvenient that the weku explorer i made was taken offline more than 1 month ago which would help all people working in the blockchain keep track of the criminals.
My question is: was is taken down by the hackers or was it taken down by team ?
The site gives a SSL certificate expired, this is very easy to solve, suffice to generate a new certificate and the site should work.
If the hackers took it down then they must have access to the servers which is very worrysome they should change all the passwords as they did when i left the team also all their witnesses passwords.
If it is down because of the certificate, then the team should repair it ASAP by generating a new certificate to allow the guys working at busters to monitor the criminal accounts.
The explorer is a very powerful tool and it will help a lot the weku police which are flying blind without anyway to explore the blockchain.
The explorer is a very heavy application, I sadly dont have an available server to make one, but if i see they are unable to repair it i might rent a server to make one available to help with the fight.
The hackers are taking advantage of the centralization in weku.
If services are distributed around the witness servers this type of attacks only affect 1 part of the platform, but sadly since all is concentrated in the 2 or 3 servers run by the team when 1 thing is compromised everything is compromised.
This is not a matter of having more people running witnesses, it is needed that those witnesses run part of the services on their server which means witnesses with technical knowledge, not just good intentioned people renting a small server.
This does not have an easy solution.
What I have been able to read in the blockchain about the attack:
- One of the owners by mistake posted publicly the root password of the main weku server in GITHUB
- The code for weku was private before so this should have not have much impact as they choose who can read their github, but they changed that and now it i public and you dont even need to be logged in to see the weku code, anyone can dowload it.
- The hackers seem to have created a smoke curtain while all the time having access to the main server.
There is no way to know what they installed, or what they have done hidden in the background.
- They stole the Chen account, this account is key because it is used to create new accounts, the hackers are now the recovey account of all weku accounts.
- If they installed malware in the web site they might have the passwords of anyone who logs with the key starting with
We have no means to check how many accounts are compromised.
- The recovery account needs 1 month for the change to take effect, so the hackers have 1 month to act
- the new creation account has chen as recovery account, so accounts created after the hack are at risk too.
What can be done:
- Format main server and reinstall it
- make the github private again
- make the explorer available so people fighting has at least a public tool to help
- change the creator account to an account that was not created by chen.
- change all server passwords and lockout not core team members (when i was in charge of development the team allowed access to a few users that i never saw work or do anything to the development servers where key information was also freely available i kept complaining about that and was one of the reasons i left)
- take a blockchain security training, there are avaiable courses online.
What I have done and what i know so far:
So i made a watchdog that is monitoring the wallets of the accounts we know are part of this.
They have posted about 6000 hidden comments and are actively farming but they are not voting or moving money.
I have been checking the account history of the criminals, and since yesterday they seem to have stopped their flagging spree hopefully the team managed to block them for good.
But it might just be they are recharging VP, only the hackers and the team know the real reason they stopped.
chen account changed its recovery account so it is likely it will not be possible to recover it
if that is the case the team needs to find a way to really block it, the chen account has 4.3 million weku in the wallet and if they are to use it as a weapon the only solution will be to increase the delegations thus allowing the official farmers to farm more and weku value will be reduced again.
- Users need to change their account recovery, even if the hackers do not steal the accounts, if the users loose their password weku will not be able to recover it.
Changing it requires we make a web site or a discord bot or access to a witness node.
I proposed siamcat to make one because there is more than 2000 accounts affected including all the weku witnesses and the account used to pay for promotions ( @scoobydoo with 2 more million wekus)
The other problem is that the change takes 1 month to take place as per the blockchain rules, so the accoutns will be at risk all this time.
What can you do?
Well basically not much, keep posting, try to help those who receive flags and pray for the team to come up with a solution.
Finally I am here to help because friends asked me to because they have important stake, but for me weku is over.
I have been preventing about this and about what needs changed i have made many tools and proposed many solutions that were chosen not the be implemented, and there are still a few actors making veiled accusations.
This saddens me and I have decided that I will go after my power down finish and i have sold all my weku.
I will be helping in the shadows in the mean time and posting safety updates if i feel like, but mainly will be just discussing in discord.