Tracking the hackers

last year

When @siamcat told me about what was happening I made a monitor robot to track some accounts she told me where doing illegal activities.

This seems to be a profesional job, and developers are part of this, i can understand their first impression was to blame me for it.

It offended me but in this moment I am convinced that differences should be put aside to fight this.

I am of course not disclosing details here that might let the hackers know and adapt their actions, also they are technical and i dont think the average weku populationwould be able to understand it.

But i am available on discord to discuss this on detail (I will only go deep in detail with people i have had in video callsin the past to avoid disclosing details to impersonators)

So here is some advice:

The weku Explorer is offline

It is very inconvenient that the weku explorer i made was taken offline more than 1 month ago which would help all people working in the blockchain keep track of the criminals.

My question is: was is taken down by the hackers or was it taken down by team ?

The site gives a SSL certificate expired, this is very easy to solve, suffice to generate a new certificate and the site should work.

If the hackers took it down then they must have access to the servers which is very worrysome they should change all the passwords as they did when i left the team also all their witnesses passwords.

If it is down because of the certificate, then the team should repair it ASAP by generating a new certificate to allow the guys working at busters to monitor the criminal accounts.

The explorer is a very powerful tool and it will help a lot the weku police which are flying blind without anyway to explore the blockchain.

The explorer is a very heavy application, I sadly dont have an available server to make one, but if i see they are unable to repair it i might rent a server to make one available to help with the fight.

The hackers are taking advantage of the centralization in weku.

If services are distributed around the witness servers this type of attacks only affect 1 part of the platform, but sadly since all is concentrated in the 2 or 3 servers run by the team when 1 thing is compromised everything is compromised.

This is not a matter of having more people running witnesses, it is needed that those witnesses run part of the services on their server which means witnesses with technical knowledge, not just good intentioned people renting a small server.

This does not have an easy solution.

What I have been able to read in the blockchain about the attack:

  1. One of the owners by mistake posted publicly the root password of the main weku server in GITHUB
  2. The code for weku was private before so this should have not have much impact as they choose who can read their github, but they changed that and now it i public and you dont even need to be logged in to see the weku code, anyone can dowload it.
  3. The hackers seem to have created a smoke curtain while all the time having access to the main server.
    There is no way to know what they installed, or what they have done hidden in the background.
  4. They stole the Chen account, this account is key because it is used to create new accounts, the hackers are now the recovey account of all weku accounts.
  5. If they installed malware in the web site they might have the passwords of anyone who logs with the key starting with P5
    We have no means to check how many accounts are compromised.
  6. The recovery account needs 1 month for the change to take effect, so the hackers have 1 month to act
  7. the new creation account has chen as recovery account, so accounts created after the hack are at risk too.

What can be done:

  1. Format main server and reinstall it
  2. make the github private again
  3. make the explorer available so people fighting has at least a public tool to help
  4. change the creator account to an account that was not created by chen.
  5. change all server passwords and lockout not core team members (when i was in charge of development the team allowed access to a few users that i never saw work or do anything to the development servers where key information was also freely available i kept complaining about that and was one of the reasons i left)
  6. take a blockchain security training, there are avaiable courses online.

What I have done and what i know so far:

So i made a watchdog that is monitoring the wallets of the accounts we know are part of this.

They have posted about 6000 hidden comments and are actively farming but they are not voting or moving money.

I have been checking the account history of the criminals, and since yesterday they seem to have stopped their flagging spree hopefully the team managed to block them for good.

But it might just be they are recharging VP, only the hackers and the team know the real reason they stopped.

chen account changed its recovery account so it is likely it will not be possible to recover it

if that is the case the team needs to find a way to really block it, the chen account has 4.3 million weku in the wallet and if they are to use it as a weapon the only solution will be to increase the delegations thus allowing the official farmers to farm more and weku value will be reduced again.

  • Users need to change their account recovery, even if the hackers do not steal the accounts, if the users loose their password weku will not be able to recover it.

Changing it requires we make a web site or a discord bot or access to a witness node.
I proposed siamcat to make one because there is more than 2000 accounts affected including all the weku witnesses and the account used to pay for promotions ( @scoobydoo with 2 more million wekus)

The other problem is that the change takes 1 month to take place as per the blockchain rules, so the accoutns will be at risk all this time.

What can you do?

Well basically not much, keep posting, try to help those who receive flags and pray for the team to come up with a solution.

Finally I am here to help because friends asked me to because they have important stake, but for me weku is over.

I have been preventing about this and about what needs changed i have made many tools and proposed many solutions that were chosen not the be implemented, and there are still a few actors making veiled accusations.

This saddens me and I have decided that I will go after my power down finish and i have sold all my weku.

I will be helping in the shadows in the mean time and posting safety updates if i feel like, but mainly will be just discussing in discord.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE WEKU!
Sort Order:  trending

Thanks for all this useful info, it cleared some of my doubts about the magnitude of the problem. Far worst than I thought. Hope the lack of activity of @chen account would be due the Team blocked it, but I'm not sure.

We need notices from them.

Well, this is a tricky situation... I will help according my capacities, I'm thinking a way to help the users in case @chen flags comes back. I'm good investigating but I'm not a dev, so have running Weku Explorer again would be a gift.

Let's see what they say about your proposal.

Thank you @nnnarvaez for your information. Honestly, I do not know what to do. I see all my friends powering down. I have so enjoyed Weku this last year and am sad to see this. These hackers should not have such power over our platform or the Weku dream. Perhaps I should leave Dodge too, but hate to. Blessings.

The @chen account that had been hacked by idiots was very annoying and very detrimental to us because he marked some of my posts with flags and even many of my friends were also tagged by that account.

If you want to investigate who did this, let's prove it before you leave WEKU because I know you have a little idea of ​​who did it.


I dont understand well your message, I suppose you are using a translator.

The problem here is much more that the hundreds of flags they did these last days.

I have a few ideas of who is doing this but i do not have evidence, so i will not irresponsibily name names. Also if it is who I think, there is not much that can be done against.

What can be done is make WEKU safe and better to avoid this happening again, but that is not my job or yours.

I would like to say thank you to you on public for clarify many things and supported me with some important information. We believe account Chen is lost, its not possible to recover that account but the new account recovery is no longer account Chen, at this point every new created account is safe.

The flags seems to be an automate vote following votes of the big accounts. Whoever behind this dislike me, my team, WEKU, you and your team. It seems to do thing that put us to distrust each others and created conflict.

At this point I believe that the person that blocked the busters was not you and this is my public apology that I was suspecting you for this.

Weku Team did blocked Chen account but they overcome the blocked, for now they are searching to see where the hole is and try to solve problem once for all., it will take more time for this process.

Whatever will happen, will happen...there is nothing els I could do more...I gave WEKU my best and more than I can effort.

I informed Eric about the certificate, he actually got a new one but seems the explorer is still down. It seem to have more problem than just about the certificate.


Es lamentable que esto halla ocurrido y que weku este vulnerable ante estos delincuente por otra parte me alegro mucho de esas disculpa de @siamcat es bueno aclarar las cosas y no solo eso unirse para rescatar a weku que sea un sitio seguro donde podamos invertir sin problemas.. gracias @nnnavaez


Thanks @siamcat.

I see now the explorer is back bravo, i did not feel like spending money in servers to make a new one.

The new account recovery is @weku-witness11 if you look at it in the explorer, the recovery account for weku-witness11 is chen.

Weku has a deprecated steemit thing called account challenge active.

As you see in the capture, this can be abused.

So the account creating accounts and becoming the new recovery should be an account created from a trusted witness in control of the team, otherwise history can repeat itself.

but the same you say you have done all you can for Weku I think I also have done all I can, it is up to them to follow or not advise after all weku belongs to them and we are in their hands.


I suggested Eric to pick an account that created from initminer but will approach him again about this. Your suggestion about the discord bot is good, one month waiting shouldn’t be a problem, users should be able to pick their own recovery account.

Chen account with 4 millions WP is a joke compared to much higher WP from many curators accounts, it can’t hurt anybody that long. For now, we should ignore the flag. Most to worry is about malicious code you mentioned... i am waiting for the answer from the team about the results.

thank you @nnnarvaez, your writing can change the atmosphere that has been a controversy between fellow teams, we hope that in the future there will be the best, you are a great developer I have ever known in the blockchain world. the success of Weku platform is in the hands of @siamcat with you. Thank You

These type of things if learned from and dealt with properly can only serve to make a platform stronger. It would be nice to see accounts more like masternodes with no funds online and only delegated power from an offline wallet.

Thank you Nathan. You are generous to help Weku in this time of great need.