Account hacked ... ETH and ETC Wallet changed

#1

Three hours ago my wallet addresses of ETH and ETC whrer changed to:

ETH: 0xc865ce8bc2284a50ab9bb0983d35fa9927e01415

ETC: 0x5979b616ffa186dd61dab81dc82c928f23629e71

I found no login-ip in the hive log online. Only in activity I can see, that the addresses where changed.
I changed all passwords and also added 2fa. Hopefully now this will not happen any more.

#2

Please read - Security reminder

Two steps on rigs:

  1. Change password to strong for user user on the rigs via passwd user command
  2. Disable VNC or if you need this service make password more&more strong (default 1)
1 Like
#3

Hi Halo Genius,
I changed what was already a strong password, i was also already using 2FA. I changed shellinabox password and am still being taken over. When you change shell in a box password does that also change VNC password? if not, is there steps to change VNC documented someplace. This hacking of my mining rig is getting annoying and costing me money. Please help with a resolution.

  • i have changed all passwords
  • using 2FA
  • Changed shellinabox password
  • not mining using Claymore
    Does HiveOS need to be patched.
    Thanks
#4

When you creating USB/SSD drive for rig you have 2 partitions - one small with config files of Hive mounted after boot into /hive-config and bigger with Linux and Hive itself.
Under config files you can find file vnc-password.txt where you can find password and instruction howto disable VNC password/change service.

Also under web interface check that nobody has Full Access to your account.

#5

Halo,
Thank you very much for your prompt reply. Is actually access through VNC the issue or is it a bug in Claymore like i have read. All the rest of my access controls are in place and tight.
Thanks again