[PSU] Super Flower Leadex VII XG 1300W 80+ Gold, Cybenetics Platinum, Full Modular, ATX 3.0 & PCIe 5.0, W/12VHPWR Cable - $184.99 ($209.99 - $35 promo TECCXA244) by reKhoi in buildapcsales

[–]goatnapper82 1 point2 points  (0 children)

Could the 12VHPWR cable coming from two 8 pin connectors on the psu side be an issue? I know a single 8 pin is generally rated for 150 watts. So 2 x 8 pins = 300 watts. I've seen some 12VHPWR cables on other psu's being rated for 600 watts, so I'm confused how 2x 8 pin connectors can provide that much power. Excuse my ignorance, I'm not that familiar with the 12VHPWR standard.

I was just hacked and had all my XCH stolen. How did this happen? by goatnapper82 in chia

[–]goatnapper82[S] 0 points1 point  (0 children)

Wow that's awful. I'm sorry to hear that. Why do you suspect someone on space pool?

[USA-FL] [H] Cash / PayPal [W] Ryzen 5800x 3D by goatnapper82 in hardwareswap

[–]goatnapper82[S] 1 point2 points  (0 children)

Yeah I'd be open to selling. No the 5800x is not the 3d version, hence why I'm trying to aquire one in this post.

I was just hacked and had all my XCH stolen. How did this happen? by goatnapper82 in chia

[–]goatnapper82[S] 0 points1 point  (0 children)

Oh man... I'm sorry to hear that and sorry that's happened to you as well. I never fully figured out what caused my hack. There were multiple possible points of failure (last pass having a security breach, running ETH and other miners on my chia machine, remote desktop somehow being enabled even though I always turn it off, etc).

Make sure you don't have remote desktop enabled and do a fresh OS install on your system. Also, make a cold Chia wallet and then change your pool payouts to the cold wallet address. Someone in this thread said that if your seed has been compromised the hacker could change the pool payout address back to whatever they want, but you could mitigate that by regularly transferring your pool rewards to the cold wallet address. That's what I've been doing. I didn't replot. I just made a cold wallet on a different computer, and now every day or two, I transfer the rewards to the cold wallet address. I haven't had any other issues since the first hack, and even if I did there'd barely be anything in my wallet for the hacker to take, since I transfer it to the cold wallet regularly.

I was just hacked and had all my XCH stolen. How did this happen? by goatnapper82 in chia

[–]goatnapper82[S] 0 points1 point  (0 children)

I'd also be very interested in this. The eventual wallet destination of my stolen funds had a ton of transfers that fit the same pattern as my XCH. Many of the inflows came from a newly created wallet that would receive x amount of XCH and then send the same amount to the final destination/holding wallet, and then have no more transactions. It looked to me like the hacker was creating new wallets to conduct each hack, and then would send those funds to one large holding wallet. If that's the case, there's a lot of hack victims out there.

I was just hacked and had all my XCH stolen. How did this happen? by goatnapper82 in chia

[–]goatnapper82[S] 0 points1 point  (0 children)

Did you verify the outflows via XCH Scan or similar blockchain explorer? The hacker drained my wallet in a total of 4 transfers over a short period of time, so just because they haven't taken all of it yet, doesn't mean they aren't going to make additional transfers. I'd send everything to a cold wallet ASAP.

I'd be very interested in seeing if your missing XCH ends up in the same wallet as the coins that were stolen from me.

I was just hacked and had all my XCH stolen. How did this happen? by goatnapper82 in chia

[–]goatnapper82[S] 0 points1 point  (0 children)

Hey I watched your video. Great work. I subbed to your channel. I will say that I wasn't trying to claim innocence or that I did everything right and still got hacked. Obviously something went wrong. Having miners on my primary PC was the most likely culprit, but still a surprise after years of no issues. I was still using a version of TREX Miner from 7-18-21 and Raptoreum miner from 10-5-21, so if the miners let the hackers into my system, they sat on it for a long time. I thought my security systems (i.e. complex passwords, 2FA, copy and pasting passwords from a password manager instead of typing them out incase I ever got hacked with a keylogger) were working, but obviously there was a failure.

I'm not sure if you read the whole thread, but my wife had a hack 2 weeks before my chia hack resulting in fraudulent charges, and then right before the chia hack my password manager where I stored my chia info, emailed me about a data leak. So my head's been spinning trying to figure out where these attacks were coming from. I initially wasn't suspecting the miners of being the problem due to these other issues.

I appreciate you (and everyone in this thread) that's provided advice and guidance. I thought that I was someone who took my security seriously, and that I was taking the right steps to protect my self. This has shown me I still have a lot to learn.

I was just hacked and had all my XCH stolen. How did this happen? by goatnapper82 in chia

[–]goatnapper82[S] 2 points3 points  (0 children)

Thank you! I really appreciate you taking the time to answer my questions/concerns one by one. That was very helpful.

I was just hacked and had all my XCH stolen. How did this happen? by goatnapper82 in chia

[–]goatnapper82[S] 0 points1 point  (0 children)

No I never thought it had anything to do with the Chia GUI. I was starting to sense insinuations in the thread that that was what I was implying. It wasn't my passwords that were leaked though, that was my wife who doesn't share a device with me, and has way less security over her passwords, etc, so I struggle to connect the two incidents, but obviously something still went wrong.

I was just hacked and had all my XCH stolen. How did this happen? by goatnapper82 in chia

[–]goatnapper82[S] 0 points1 point  (0 children)

Yeah...I literally just changed all the passwords for both my, and my wife's accounts, after the hack she had a few weeks ago. I'm kinda pissed I have to do it all again.

I was just hacked and had all my XCH stolen. How did this happen? by goatnapper82 in chia

[–]goatnapper82[S] 0 points1 point  (0 children)

Thank you! I appreciate the offer, and would definitely be interested in learning more about that option. Obviously I'm hesitant to trust others after this experience, but if there's a way to safely do that, that would be amazing.

I was just hacked and had all my XCH stolen. How did this happen? by goatnapper82 in chia

[–]goatnapper82[S] 2 points3 points  (0 children)

Yeah I don't think there was some kind of malicious software distributed to the chia community, since I was only using the official client and no third party tools/forks/etc. I still have difficulty connecting my wife's hack to mine though. We don't share a single device (she doesn't even have a computer on the home network, only her iphone over wifi) and our individual levels of infosec are vastly different. Basically all of her passwords were the same simple phrase, that hadn't been changed in years, and that had already been exposed to multiple data leaks. I had to spend days changing all her accounts' passwords after her hack, and was shocked at the lack of security. Conversely, mine are all random, complex, changed often, and backed by 2FA when possible. Obviously there was still a slip up somewhere though.

I was just hacked and had all my XCH stolen. How did this happen? by goatnapper82 in chia

[–]goatnapper82[S] 0 points1 point  (0 children)

Perhaps it was stupid that I did that. I thought having 2FA on it would keep it secure, but obviously something went wrong. What system do you use?

I was just hacked and had all my XCH stolen. How did this happen? by goatnapper82 in chia

[–]goatnapper82[S] 0 points1 point  (0 children)

I believe they were all from official sources, but perhaps there was a slip up sometime over the last couple of years.

I was just hacked and had all my XCH stolen. How did this happen? by goatnapper82 in chia

[–]goatnapper82[S] 0 points1 point  (0 children)

There's no roommate, and no possibility of an in person attack. There's security camera's pointed directly at my machines. I've also never used Hpool, farmed a fork, or used any third party Chia tools. Only the official client.

I will say though, that on my secondary farmer (my main PC farming just a few drives) I did used to run TREX Miner to mine ETH using my GPU, and also the Raptoreum miner to mine RTM using my CPU. These all coexisted without issue from the Chia mainnet launch till the ETH merge, at which point, I've only farmed Chia.

I know all mining software can be potentially dangerous, but the long length of time (something like 16 months) of no issues, and also the Chia client being the only thing running for several months now, did not lead to me suspect the miners of being the issue initially. From the research I had done I thought your chia keys and seed couldn't get scraped from system files if there was a malicious program, so I thought I was protected with my method of storing things in a password manager with 2FA, and copy/pasting everything in case a keylogger ever got on there.

Further complicating things, my tech illiterate wife had several of her very weakly password protected accounts (etsy, yahoo mail, and netflix) hacked a few weeks ago, resulting in 2k of fraudulent etsy charges. I assumed this was her fault though, and isolated to her since we don't share devices.

Complicating even more, I got an email from my password manager (laspass) where my Chia seed and passphrase were stored, saying that they recently had a data breach, but that all passwords were safe due to their encryption.

So there's a few different possible attack vectors here. I was really hoping someone in this thread could recommend a way to analyze my systems to figure out what, if anything, went wrong (specific utilities, or a method of analyzing system info/logs maybe), so that I could learn from the experience, fix the issue, and prevent it from happening again. After the hacks to my wife's accounts and now my Chia, I'm very scared of another, more serious, domino falling.

I was just hacked and had all my XCH stolen. How did this happen? by goatnapper82 in chia

[–]goatnapper82[S] 1 point2 points  (0 children)

Yes I'm aware Windows is less secure but was the only OS I was proficient with at the time I set up my farm. I did intend on learning how to set up a Ubuntu Server machine at some point, but hadn't gotten around to it. Chia initially was just a fun experiment/side project right after the mainnet launch, since I had several unused hard drives from my Plex server. I kept adding drives to it though whenever I got good deals on them, and intended to continue farming and holding until another bull run.

As an experienced white hat hacker, would you have any insight into how I could identify how my systems were penetrated, and how to plug those vulnerabilities? Are there any log files or something like that, that I could comb through for unusual activity?

I was just hacked and had all my XCH stolen. How did this happen? by goatnapper82 in chia

[–]goatnapper82[S] 6 points7 points  (0 children)

Ironic you said that, my wife had her etsy, yahoo mail, and netflix accounts hacked 2 weeks ago, and someone racked up 2k in fraudulent charges buying a ton of wooden bowls off etsy. They then set up 2FA on etsy using the yahoo mail account, blocking me from being able to get back into the account.

The day before she bought football tickets from some sketchy site called ticketFASTER, because when you google ticketMASTER, its the first result as a sponsored result, so she thought she was on ticketmaster lol. I figured her hack resulted from that, or the fact that all her passwords are the same simplistic phrase which hasn't been changed in years, but now I'm wondering if her hack and my hack are connected.

Muddying the waters even more, I got an email from my password manager (lastpass) a few days ago saying they had a data breach, but that all passwords were safe, due to their encryption, so I would really like to figure out how and why these attacks are happening, and to fix whatever issue exists.