Topic: KanoPool kano.is lowest 0.9% fee 🐈 since 2014 - Worldwide - 2432 blocks - page 1845. (Read 5352140 times)

Just added 34TH of rented power to Kano pool to help us bring home more Blocks!!  All this while waiting for my power to be done so my 20TH from the physical can join the Block party. 


Worker Name:   Work Diff   :Last Share   Shares   :Diff   :Share Rate   «Elapsed   :Invalid   Block %   :Hash Rate
nhando1977.Rent1   26.969k   0s   6,331   53,334,598   34.04THs   3m 3s   0.315%   0.079%   15.55THs

same here...and the vault is a 3 day wait before the coins leave. great service

on a related topic about others having access to your keys and passwords [subtle transition].

any volunteers to pm me their kano.is username and apikey for testing.
looking for a multi worker user.

i can only get so far with my one miner and random generator.

OK...I'm gonna put my Satoshi in here, and then get off the forum for a while...not getting anything done otherwise. Security is my "thing."

Someone had to access your PC to manipulate your wallet, and it could have been done either via the net or in person. It could have been done simply by (1) having physical access to your machine, or (2) accessing it through the 'Net, and your router didn't catch it. Since this caper would not require them to add any software, Linux (Ubuntu in my instance) would NOT pop up a window asking for your system password; Windows would care less unless something tripped one of its myriad switches, as it would not be seen as a "code change" and trigger UAC (I guess you can tell I'm not fond of MS). Summarily, they would have simply had to transfer your wallet.dat file, and then could have done whatever they wanted with it unless you had it encrypted. It doesn't really matter which flavor of wallet, or even OS, you use...it's just that you must encrypt the wallet for it to be really safe.

Peace

EDIT: I would not use a remote wallet under any circumstances, except for my exchange...and I only keep enough in there to cover my draws. The only really secure place for it is on your PC's HDD or whatever...LOCAL. BTW...I just use the Bitcoin Core's wallet. I don't want to mess with the integration headaches that apps like Armory create.

Sorry. Now I'm outta here until tomorrow.

I know this hack was a disaster but it's really way offtopic for this pool's thread. Can you please take the discussion to technical support where you posted a thread already seeking help?

OK. So either they have accessed your machine physically or remotely, or they somehow have a copy of your keys and passphrase.....

There are other software wallets, but they function basically the same as multibit. Hardware wallets would be the safest, or cloud/on-line with 2 factor auth.....and very strong passwords

Trezor, love it and sleep at night knowing my keys never leave the device. Very easy to use with Chome plugin. Even if you have a infested computer or use a library computer, bad guy can't get your keys unless they got a gun to your head and you give it to them.

What is Wrong With Bitcoin Core and a strong passphrase

yes my wallet was accesed and they transferred funds from it

For example, if you are using an S3/5/7 etc someone could theoretically change the settings and mine wherever they want, or if someone has used your password to access your ckpool account they could have changed the payout address. But I think what you are saying is that someone has accessed your multibit wallet and transferred funds out....? Correct?

more specifically access to private keys.   

access to your wallet (with passphrase)
access to a cached copy of your keys while moving them from a to b.
use of an online vanity address generator.

what do you mean by "altered" ?

MultiBit should be fine...... I use it on a Linux machine (with a 30+ character password) - I can't really see how someone could make transactions from your wallet without physical access to your PC or unless it has been compromised in some way..... What OS are you running? And are you sure the payout address wasn't altered somewhere else - ie. on the miner or in your ckpool settings.....

I use Coinbase. It notifies me when there is a deposit with USD value (great for accounting) or withdrawals. Allows use of 2FA.

The best is offline wallet aka paper one. Try armory, you ca ln sign transactions from offline computer. It is preaty secure, but please read all about it and learn how to use it online and offline.

multibit.
anyone can recommend me a safer wallet ? maybe something with mail confirmation to approve an transaction ?

And please install some malware cleaner, like mawarebytes and kaspersky, see what they will tell you. Hope you find what caused the problem. Just curious, what type of wallet you were useing?

yes, lesson learned now.
had to learn it the hard way
and no, i've never used f2pool

vortexz, did you also use the same password on f2pool? There was a warning on their site a few days indicating that if you used the same password on f2pool as other sites, you might be at risk.

It wasn't clear if this meant that f2pool's account passwords were hacked, or if it was just a general warning.

But in any case, you really should not use the same password on multiple sites, especially when money is involved. Sorry that this advice comes too late...

I will not deal with this via the forum.

You need to send me an email (from your pool email address) to the address you get all the messages from the pool and we'll discuss such details there.

I'll be able to get recent access logs easily enough and give them to you in email.

If you request from there to temporarily stop payments so they end up in your dust fund, that can be arranged also
(though that may mean I've got to reprocess these current payments )

If you do not have a permanent static IP address when you access kano.is then we may have some issues to deal with.