(updateauth, urgent) M to N mapping among key pairs accounts #4030
Comments
|
The registered key of the Then in block 15185, there was a transaction which changed the account's owner key to Then, in block 20252, there was a transaction which changed the account's active key to If neither of these transactions were signed by the legitimate owner of Later on, in block 49312, the active key of the account was changed again, this time to And in block 49575, the owner key of the account was also changed to Has the owner of the A similar pattern is followed with the other three accounts: |
|
Hi, I am owner of ‘guzdonzugmge‘, as far as i remember i did not expose my private key until yesterday morning(10:00 am KST). I try to use it to vote through Scatter(checked extension ID)and things went wrong. Before that since my EOS was in the hard wallet, i’ve checked my balance through MEW with my ethereum address which also is in the Hard wallet. Please let me know if you have any other questions. |
|
One thing i don’t really understand is that my private key still pairs with my public key on some tools providing correct balance. |
|
@SoBaD08: And what tool did you use to generate your original EOS public/private key pairs? |
|
It wasn't a tool, i've got it from EOS.io through registration process where it provides EOS public key and private key which i registered using my ethereum address. I've just checked my transaction and the first one was done on Feb 13th, 2018. The last Crowdsale participation was on March 9th, 2018. After that I bought some from Bithum and send it to my hard wallet(Nano Ledger). |
|
And have you verified that when you import your private key into a wallet that it does in fact map to your original public key of If you got the public/private key pair from eos.io, registered it properly, kept the private key safe, and did not ever use it until after 2018-06-10T17:51:16 UTC, then I have run out of ideas to explain how this could have happened. Perhaps arbitration will be able to help you. Try checking out the EOS 911 Telegram. I don't know if it will help, but it is worth a shot. |
|
Yes, here I just did it again and attached an image. |
|
One thing is still not clear. Even someone knows private key, how he can use signed transaction or cleos console command? If he do that, that meant he could access BPs server. |
|
And one more original question, using cleos, someone can map same eos public key to different accounts? Is there any checking replication procedure? Then this can happen again and this can cause same problem even though he or she does not have bad intension. Am I wrong? |
|
Hi, I may have the same problem. Can anyone check that for me, since I am not an expert using these tools? I did not expose my private key before 11th of June. I was trying to use Scatter to vote. The original EOS account I saved: EOS8HE9yuMyHfuMF1fciMxjJPWjsZJAozFcZ7bugefLUrUuxm2KT1 Thank you. |
|
Something different case. According to log, there is no malicious action. Did you check your public key om genesis snapshot csv file? |
|
Yes it contains the account shown on mainnet. The account I saved is nowhere. |
|
I think there is a possibility that when you was generating EOS keys from eos.io, there was some script injection happening then. Browser extensions can easily do thing like that. Could you share the extensions you installed in your browser that you used to generate the keys? |
|
Did you download Scatter (a Chrome extension) from the CORRECT website? It should direct you to go to Chrome Store like this? Where you can see people votes, comments & how many users are there. It's best to use tools which are open source, reviewed, audited & confirmed from a few (or at least 5 Block Producers) |
|
@JohnnyZhao and @NghiaSE If you are asking me, I used the scatter 2 days ago for the first time and I've check the ID to make sure it is proper extension. |
|
This is done by smartcontract which freeze EOS account. Thanks for your considerations. |
and others
Hi, I am not sure what is the root cause of this(snapshot tool or any other issue?)
Pre-condition : one of account uses nano ledger which is connected to MEW.
expected result : he can login to scatter with his EOS pub/private key pair and account name which are exactly same, comparing to search result from eosauthority.com.
On his registration before genesis snapshot, he received EOS pub/private key pair. So what he want is using that pair as others did. Even he had key pairs, it did not work due to mixed mapping.(explained as follows) As far as I heard, he has no fault on process.
Actual result :
He could not login and logs are as follows.
I do not know why eosio account change permission with eosio - updateauth log. I think there are mapping issue among accounts and key pairs. I intentionally expose account because it is public. If this is issue, then please let me know. I will remove that account. But without account name, there is no way to check this detail
details :
please check followings. They are very strange.
1. EOSAuthority with MEW public key
EOS public key starts with EOS7.... and account is "guzdonzugmge"
2. eosFlare.io with account name
still fine. Next we can see very weird things.
3. eosFlare.io with EOS public key
no associated account???
there are four accounts with A key pair. Only one is his account name.
According to 4, there are 1 to 4 mapping between key pairs and accounts,
Also according to 1, 4, for account name "guzdonzugmge", there are 2 to 1 mapping between key pairs and accounts.
Thus, there are m to n mapping between key pairs and accounts (n, m >= 0, integer)
The text was updated successfully, but these errors were encountered: