Recovering your hacked account with a local MS Windows Steem Wallet

You may have heard of the recent hack at Steemit.com. If you are one of the unfortunate victims, fret not. Steemit has implemented a new way for a user to recover their compromised account - the Steem Account Recovery Process.

If your steem account is hacked, this guide shows you an easy way to recover it.

Things you need to have

You will need to have access to one of your previous "old" Owner private keys within the past 30 days.

You will need to contact your Recovery Account (a.k.a Recovery Agent).

You will need to have a local steem wallet - it can be a Linux, Mac or a MS Windows Steem Wallet. This guide show you the steps for a MS Windows Steem Wallet.


Download Wallet

Steem SoftwareLink
Visual C++ Redistributable Packages for Visual Studio 2013https://www.microsoft.com/en-us/download/details.aspx?id=40784
Steem Windows Wallethttps://github.com/btscube/steem/releases
blockchain-v011.zip (optional)

https://mega.nz/#!rNZXEQwA!Bs4Kh8JBUqIhMRtt-Zx0Pehex9zuOcOcddz2dYmeE5g
|

> Download and install both the Microsoft C++ Redistributable

> Create a folder for the cli wallet, say L:\steem

> Download the "Steem Windows Wallet".  In this example, download "steem-win-x64-011.zip"

> Extract the files in steem-win-x64-011.zip to L:\steem

> Create a folder for the Steem blockchain, say L:\steem\chain

> Extract the files in blockchain-v011.zip  to L:\steem\chain

Note:

  • Downloading the blockchain-v011.zip is optional. But it helps because it saves you time from syncing. The blockchain was backuped on 17 July 2016 with steem running on version 0.11.0.
  • In this example, we are using the L drive. You may use C:\ drive or D:\ drive if you do not have a L:\ drive

Running the local CLI Wallet

Running Steemd (Blockchain Software) for the first time

Steemd is the software that manages the Steem blockchain.

> Open a new Command Prompt window

>cd L:\steem

>steemd -d L:\steem\chain --rpc-endpoint

[]

Note:

The "-d" parameter specifies the location path to store the blockchain and configuration files. In this example, we choose L:\steem\chain to store them.

The "--rpc-endpoint" is to let the cli_wallet.exe (to be run later) to communicate with steemd.

You will see this error "Error parsing logging config from config file L:\steem\chain\config.ini, using default config". You can safely ignore it.

steemd will attempt to download the latest blocks from the network. We leave this command prompt windows running and wait for steemd to be fully in synced with the latest block.

We will now run cli_wallet to check the status of the blockchain syncing.

> Open a new Command Prompt window

>cd L:\steem

>cli_wallet.exe
> You will see a "new >>>" prompt

Now, let's check the steem version to be sure we are running the latest software.

[]

> At the cli_wallet "new >>>" prompt, type about

Check that your wallet version is or has a prefix "v0.11.0".

We will wait for steem to sync all the blocks. You can type "info" at the cli_wallet prompt to check. Check that the head_block_age is a few seconds old.

[]

Note:

  • If you see "head_block_age" specify a time in the future, it means you need to synchronise your computer's clock with a internet time server.
  • The "participation" field shows the percentage of Witness participation. If you see a rate less than 50%, you could be in a minority fork. DO NOT USE the wallet if you are in a fork.

Running cli_wallet

Once the steemd is synced, you need to start the cli_wallet.

> Open a new Command Prompt window
> cd L:\steem
> cli_wallet.exe

First set a password for this new wallet.

At the cli_wallet "new >>>", type set_password mypassword

The prompt will change to "locked >>>"

At the cli_wallet "locked >>>", type unlock mypassword

The prompt will change to "unlocked >>>"

Note:

  • "mypassword" is just an example. Do make sure you use a real password and remember it! If you forget the password, you will lose access to this local wallet. The local wallet can be recreated as long as you have your Owner Private Key.

Import your old Account's Owner Private Key

You will need to have your OLD Account Private Key. This is the Owner Private key before your account was compromised by the hacker. Import this old key into your cli wallet.

> At the cli_wallet "unlocked >>>", import_key 5JhbGdzyXXXX7dxuGQgsPmZ

Note:

  • This Owner's public key is known as the recent_authority and it has to be valid for the past 30 days.

Generate your new Account's Public and Private Key Pair

The restored account will need a new Account Private Key (a.k.a new password).

> At the cli_wallet "unlocked >>>", type suggest_brain_key

[]

You will see 3 keys created.

The "pub_key" is the Public Key.

The "wif_priv_key" is the Private Key.

The "brain_priv_key" is the Private Brain Key.

Note:

  • The two private keys (wif_priv_key and brain_priv_key) are the keys to your account and its fund. Store them (and the public key) securely in a secret place!
  • Note down the public and private keys. You can copy them to a notepad. They will be needed later to configure the miner.
  • We are using this key pair for our example
    "wif_priv_key": "5JsMnPge4rDKAh8JRhsVVFw3nHw3fkdjbEXHXUB2TMe3qJy58V9",
    "pub_key": "STM4uXGcRAJmh4gxedZ1Lx3EKakXzCa4hiKksz6N7gXzArfvCmhQr"
  • The pub_key will become the "new account authority". You will send this pub_key to your Recovery Agent.
  • BUT DO NOT use them in your actual setting. You need to generate your own keys!

Who is your Recovery Agent (a.k.a Recovery Account)?

Finding out who is your Recovery Agent

Let's use 'bitcube' as an example account.

> At the cli_wallet "new >>>" get_account bitcube

[]

From the above screenshot, you can see "id: 2.2.880" and "name: bitcube". Scroll down further you will see the 'recover_account'. In this example, 'steem' is the recovery agent for bitcube.

[]

You can also find out from the website steemd.com.

> Open a web browser and visit https://steemd.com/@bitcube

[]

Note:

'steem' is owned by Steemit. So bitcube will need to contact Steemit and let them know his account needed to be recovered.


Recovery Agent activates the Recovery Process

Your recovery agent will verify you as the original account owner. Once they are satisfied you are indeed the rightful owner, they will start the recovery process by making a request to the Steem blockchain.

Recovery Agent starts the recovery process

Recovery Agent will use his local wallet and type in the following command in his cli_wallet.

> cd L:\steem

> cli_wallet.exe

> At the cli_wallet "locked >>>", type unlock mypassword 

> The prompt will change to "unlocked >>>"

> At the cli_wallet "unlocked >>>", type request_account_recovery "steem" "bitcube" {"weight_threshold": 1,"account_auths": [], "key_auths": [["STM4uXGcRAJmh4gxedZ1Lx3EKakXzCa4hiKksz6N7gXzArfvCmhQr",1]]} true

Note:

  • This step is carried out by the Recovery Agent. The hacked account holder skips this step.
  • The Recovery Agent types in this command syntax : request_account_recovery recovery_account account_to_recover new_authority true
  • The actual function is : request_account_recovery( string recovery_account, string account_to_recover, authority new_authority, bool broadcast )
  • BUT DO NOT use them in your actual setting. You need to generate your own keys!

Recover Account to complete the Process

Once your Recovery Agent initiated the request to the blockchain, you will be informed to recover the account. You will do this step with your cli_wallet.

> cd L:\steem

> cli_wallet.exe

> At the cli_wallet "locked >>>", type unlock mypassword 

> The prompt will change to "unlocked >>>"

> At the cli_wallet "unlocked >>>", type recover_account "bitcube" {"weight_threshold": 1,"account_auths": [], "key_auths": [["STM5wf7YDmZdh6L6f5GDDeB239f6WzrLWcrueNywDa69zX8zuXRkA",1]]}  {"weight_threshold": 1,"account_auths": [], "key_auths": [["STM4uXGcRAJmh4gxedZ1Lx3EKakXzCa4hiKksz6N7gXzArfvCmhQr",1]]} true

Note:

  • You type in this command syntax : recover_account account_to_recover recent_authority new_authority true
  • The actual function is : recover_account( string account_to_recover, authority recent_authority, authority new_authority, bool broadcast )
  • You will need to perform this step within 24 hours upon your Recovery Agent making the recovery request. The request will expires after 24 hours. If this happens, your Recovery Agent will need to create another recovery request to the blockchain.
  • DO NOT use the above keys in your actual setting. You need to generate your own keys!

Let's check if your account is now using the new Account Key

> At the cli_wallet "unlocked>>>" get_account bitcube
> Look our for the field "owner".  You will see that your Owner Key has changed to the new public key, which in this example is "STM4uXGcRAJmh4gxedZ1Lx3EKakXzCa4hiKksz6N7gXzArfvCmhQr"

Further reading

@dan/steemit-releases-groundbreaking-account-recovery-solution

H2
H3
H4
3 columns
2 columns
1 column
35 Comments