Yes it is true, what we all fear has just happened to me because negligence and stupidity.
I will write about what happened, what steps I had to take to recover and advices how to prevent all these in the future.
This is what I found this morning
Now this is something you never want to see, when you know you have some good valuable coins in there.
I obviously panicked and started to investigate why.
It turned out that both my yahoo mail (I know, Yahoo! bad) and Poloniex account were both hacked, but password was not changed though, which is good, otherwise I would have been completely screwed.
Hacker with ethics right? .... WRONG!!
He sold all my STEEM, LTC and other coins into BTC and made withdraw to his address.
Luckily, something went wrong (not fully understand what) and the transaction went wrong:
So I followed the trace and went to Poloniex support where he opened a ticket to unblock the transaction. Normally it should have gone through, as he had access to the mail as well. As Poloniex support is slow (YAAY!) nobody answered therefore the transaction is still pending.
I cancelled the ticket and opened new one to ask blocking all transactions. At the time of writing this the operation is still blocked in awaiting approval.
Curiously, even if this is a"play" account on Poloniex, this dude could have hurt me so bad by changing passwords, going through mail and trying other services and sites that have the mail as reference. He could have made BIG BIG damage, but he did not. He was after the money, therefore too busy to do other crap around there.
So how did this happen?
Very simple, in a moment of stupidity I opened an unknown binary file, from unknown sources and ignoring Windows alerts that it was a malware. The irony is that my daily job is to enforce IT security with my customers and I always take extra care with all these, then this happened to me. Lesson learned the hard way.
Where did I go wrong?
- Opening binary files from unknown sources (by the way, this was in a description of a youtube video)
- Ignoring antimalware advice to not open the file
- Using and rotating the same passwords since ages
- Not having 2FA (MFA) on none of the accounts (not mail, not Poloniex) - BAD
How did I mitigate?
- Immediately changing the passwords of Poloniex, Support Poloniex and mail
- Enabling MFA on both of these
- Cleaned the windows machine with spybot, defender and malwarebytes
- Cleared all cookies, temp, registry clean, unknown process stop, uninstall useless programs
- Changed the passwords on all accounts and never using those passwords again
- Enabled MFA/2FA where possible
- Cross linking all mail and google accounts and having different passwords on them to be able to recover them in case of
- Changed passwords of the wallets or re-create them, if empty
- Opened a beer and complained to my girlfriend
Again, lesson learned the hard way.
SECURE YOUR ACCOUNTS NOW! and don't get compromised
Please let me know in the comments if you think I did the right/wrong steps here
I really hope this will not happen to you!
Peace!