[TronLabsRO SR Partner] Somebody stole our crypto and transferred it elsewhere

Reddit Thread: https://www.reddit.com/r/Tronix/comments/x7ib06/tronlabsro_sr_partner_somebody_stole_our_crypto/

Original story

I was just checking the price on the phone in a watch only account via Tronlink
SR Account: https://tronscan.org/#/address/TYTYuSyiEpxNsjakQSRmjiZAymvxoBbziH (TronLabs Romania).

-> And saw bogus numbers. We were at place 96/97 in the partners list yesterday.

Frozen Funds and Tokens were all transferred to this account https://tronscan.org/#/address/TVJN4SjNZrRtHz2GA46ioRDm71grC8i7Ck

Some of our backers have been cleaned up as well:
– TVXkHyMWitcBseK6UCwPH3pfHX1sgBjCLh
– TCEB1pg14dTmP3CG4NroHmrPg7PG2tSt5j
– TronLabsRomania-DAPPS-Fund TXgbWCjqoM7QKSntXW9t1d9eoA3j9
JUhCG

ID’s of the transactions:
https://tronscan.org/#/transaction/14700b66527c505d46c19cff014f7f3a819883c7bbfcfbda4296accfeaf5fe0c
https://tronscan.org/#/transaction/eafe57712ee95cc264cae6a13cc6191b863a649fe5a2a1d73574d396dec9c7ea
https://tronscan.org/#/transaction/2332218ea71e74622f35421a42b2ce9f406b1863d92b01d245bfea16f5f6c8d8

Sending it here for awareness as this was a serious breach. I am sure that my system was not compromised, but others were also hacked and all were transferred at the same time.

To Do
I will audit my PC anyhow and if anything is found i’ll post updates here. So far, sadly, Tronlabs ROMANIA is done as SR with no funds and no votes. ūüôĀ

If anyone can advise about possible next steps, I would be grateful.


Update at 22:20 / 06.09.2022
Website was inaccessible as password was not accepted. After recovery, Sucuri shows successful login from 41.141.15.174 and a username change.

Successful Logins (all)
Username IP Address Hostname Date/Time
Dorian (dexter) 41.141.15.174 41.141.15.174 4 days ago
Dorian (dexter) 41.141.15.174 41.141.15.174 4 days ago
WHOIS Lookup ( 41.141.15.174 )
% This is the AfriNIC Whois server.
% The AFRINIC whois database is subject to  the following terms of Use. See https://afrinic.net/whois/terms

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '41.141.0.0 - 41.141.127.255'

% No abuse contact registered for 41.141.0.0 - 41.141.127.255

inetnum:        41.141.0.0 - 41.141.127.255
netname:        ADSL_Maroc_telecom
descr:          ADSL_Maroc_telecom
country:        MA
admin-c:        DMT1-AFRINIC

First conclusions:
1. Full system scan shows no infections nor compromise.
2. Site and private keys were unrelated, there are no active links, scripts or app that sync between the two.

Full site dump incl logs was secured.
—-
Update 2 / 07/09.2022

Update thread
  • Subsequent scans with different AV returned no infections.
  • System is fully patched and up to date.
  • The Auth (Keys) were present in Tronlink Google Chrome extension that was password protected.
  • Private Keys were also present on disk, as I had a backup. They were generated right at the beginning via Tronscan when TRON was launched. This was maybe the problem, as they should have been elsewhere. I blame it on me, unless there is a way to get the private keys via brute force and then again, they went for mine and some of my voters, not others who were bigger (had more money).
  • Web site was also compromised, it was also up to date on the latest WP version, but this is more or less a separate thread as there are no keys, scripts or any data imports between the two. As it runs on WordPress there was some exploit used to upload a plugin that was used to change something. Apparently you cannot change the username, but the logs show that exactly this happened. The site was used to post news and technical information about how to set up nodes, and provide knowledge. The only links it has with the hack are an older post where I was posting a list with our backers (copy from tron scan at that time) and the DAPPS funding report where I wrote from time to time for transparency how many tokes we’ve stacked. The first 3 from that list were hit, maybe more, but no one reached out yet. This is still not fully analyzed, maybe this was an entry point.
As I see it is performed like this:
  1. They got hold of the keys somehow and I still need to figure how they did.
  2. Everyone who voted had the funds frozen, so they went and unfrozen the first and then transferred everything in the same hour.

Open questions:
  1. How did it happen?
    a) Site runs un server with Imunify.
    There was a shell script present and some cpanel exploit that does change the users. It was removed by imunify after a few hours, but this is how they breached the site.
    b) How did they get the private keys? This is still open and relevant. In the absence of a plausible explanation, I do accept full responsibility and blame myself for my keys.
  2. How were several hit at once? I have no idea where others are browsing, as I have no control over them. Maybe they had a backup of their keys, locally, like I had.This is relevant if I can find out how they got to mine. This is either through exploit of my pc or via a compromised website or browser extension.
  3. How should I go forward? I mean, if the private keys are compromised, there is no point in continue and using them, but again this means to create a brand new SR account from scratch.
    Later edit: I looked and saw that owner permissions can be set to another accounts, so after all this might no require a new SR account.

The story will be updated as it develops. In the meantime, I’ll go on and rebuild from scratch.

Word of advice: Please scan your systems and stay safe !

[Release] Java Tron GreatVoyage-v4.5.2 (Aurelius)

Official link: https://github.com/tronprotocol/java-tron/releases/tag/GreatVoyage-v4.5.2

Important note: This is a Non-mandatory upgrade
New Features
Core
API
Changes
  • Improve node link stability #4542 #4540

  • Improve fault-tolerance capabilities of API parameters #4556 #4560

  • Optimize the eth_estimateGas
    and eth_call
    JSON-RPC API #4570

The universe is change; our life is what our thoughts make it.

—Aurelius

[Release] Java Tron GreatVoyage-v4.4.6 (David)

Official Github Link: https://github.com/tronprotocol/java-tron/releases/tag/GreatVoyage-v4.4.6

Note: This is a Non-mandatory upgrade

Changes

  • Upgrade fastjson version

Beauty in things exists in the mind which contemplates them.

— David Hume

[Release] Java Tron GreatVoyage-v4.4.4 (Plotinus)

Official Link: https://github.com/tronprotocol/java-tron/releases/tag/release_v4.4.4

Special Note: This is a Non-mandatory upgrade

New Features

Core

TVM

  • Supports multi-version program executors #4257 #4259

Changes

  • Optimize log storage mechanism #4245
  • Optimize network service shutdown logic #4220
  • Improves the java-tron upgrade mechanism #4218

The world is knowable, harmonious, and good.
¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬†¬† — Plotinus

Justin Sun stepped down and Tron Foundation dissolved – What Next?

In the last days, there were a few headlines that resonated with the community.

  • “The Tron Foundation, the organization behind the TRON (TRX) cryptocurrency, announced that it will dissolve itself next summer, leaving the blockchain‚Äôs ecosystem completely in the hands of its community”
  • “Tron founder Justin Sun has revealed that he is stepping down from his position of CEO and will take up a job with the government of Grenada as its ambassador to the World Trade Organization (WTO)”
  • “The Tron Foundation‚Äôs three original nodes‚ÄĒ‚ÄĚjustinsuntron,‚ÄĚ ‚ÄúBitTorrent,‚ÄĚ and ‚Äú¬ĶTorrent‚ÄĚ‚ÄĒhave withdrawn from the list of blockchain‚Äôs ‚Äúsuper representatives‚ÄĚ (essentially key players in the Tron‚Äôs governance system), leaving the network in the hands of 27 super representatives hosted entirely by the community.”

Official References:
1. https://tronfoundation.medium.com/justin-suns-open-letter-to-the-community-on-tron-s-decentralization-and-his-personal-journey-853990c3d978
2. https://twitter.com/justinsuntron/status/1471802392673161218

On reddit in the Tronix sub there were a few threads as well as discussions started (example) as of how to go forward like forming a SR, getting votes and being able to submit proposals. I did join them and tried to explain based on my experience how the last 2 and 1/2 Years played out. I am part of this since it all started and as you all know we’ve downsized starting November from 11 nodes to a single one, because of the lack of votes as it could not sustain the costs.

Not only that, but I did pay for TronLabsRO servers and yes, even if there is a risk of you believing I’m bragging, I am the one guy who used to own 1% of the nodes running on the tron main network. 2 Months ago, I decided to downsize as there was no point in paying for it, IF there is no break even in sight. You can read a detailed explanation here. The highest place the SR did ever climb was #56 and since then it only went down as voters vote for those who pay better, even if there is no project. I as a SR never achieved anything else, but at least I’ve tried. I am thou in the first 127, and I can go back to running nodes if the situation might change, but for now I’m just evaluating options.

I’ve also received questions like Why run a node?

Again, because of the love for this project. If you run a node, you will just help the network, there is no benefit nor gain, unless you are elected. IF you get elected, it will happen fast, and you will need to produce blocks. If you don’t, you will lose the associated block rewards and somehow sabotage the network because you can’t fulfill your duty.

There are also specific use cases in addition to the above like:

  • In case you develop or deploy dapps (games, gamble, etc) you will also need to use a dedicated node that is synced with the network and not overload a node that is run by someone else. This usually needs to be close to where your (d)app server is and be able to reply with low latency.

  • You can import the entire blockchain in a DB and then query specific transactions in case you want to offer data mining capabilities. This sort of access is a paid service. Jason from Community node had a project like this.

  • help other SR’s who had no nodes running when they got elected. I can deploy and get a node running (full sync) fast.

We have also seen FUD (Fear, Uncertainty and Doubt) expressed by others who moved their coins from Tronscan. Relax, your coins are safe, they are in the network.

So far everybody blamed Justin for the lack of success. I’ve seen this over and over in the Tronix sub. Now he’s gone, so we either get to work and build on what we have as a community and the existing blockchain, or just roll over and die.

I’ll put my effort and shares on “Get to work and build” and I hope you do too. This is the only way to thrive and do good.

[Release] Java Tron GreatVoyage-v4.4.3(Pythagoras)

Official Link: https://github.com/tronprotocol/java-tron/releases/tag/GreatVoyage-v4.4.3

This is a Non-mandatory upgrade

New Features

Changes

  • As an additional precaution, in addition to upgrading to logback version 1.2.9
  • we also recommend that users set their logback.xml configuration file to read-only

logback official news

http://logback.qos.ch/news.html

Silence is better than unmeaning words.
—Pythagoras

Infrastructure Downsizing

Dear friends and Tron enthusiasts. After evaluating the last year voting and rewards and our earnings as a SR Partner, I have taken the decision to downsize the server infrastructure that is allocated to the TRON network.

Starting with November 2021, I plan to reduce the number of active TRON nodes from 11 down to a single one. This is mainly done to keep the costs down. In case anyone is wondering how this happened, I am transparent and will share the details below.

Each tron Node consumes 16 CPUs, 32-64 GB of RAM and 2 TB of storage. While the datacenter has plenty of resources available as it was expanded at my own contribution, doing the math.. I provide ~176 vCPUs, ~416-704 GB of RAM and 22 TB of storage since we brought the nodes online in September 2019.

The initial plan was to help TRON, grow the network, bring awareness. The only thing we expected in return was other tron enthusiasts votes. I understand that 60% voting rewards is significant less than 80-100% as others are paying but we are not like others, this is how we operate as we have our costs.

In all this time the total earnings from the voting are in total sum of 1400 USD. (The full report can be found here).
This is a small drop in terms of returns, and I’m sad to admit that it is not enough for 1% of the network.

Our current voters are

Voters
Votes

Percentage

TVXkHyMWitcBseK6UCwPH3pfHX1sgBjCLh
138,178 82.908%
TXgbWCjqoM7QKSntXW9t1d9eoA3j9JUhCG
14,221 8.533%
TCEB1pg14dTmP3CG4NroHmrPg7PG2tSt5j
9,842 5.905%
TLV6x189E98jX75763SfTZS5EpNcv4o9Mv
3,000 1.80%
TJV5SHcLpMnNHSysoYigDqHFYbdrRYuZhq
1,000 0.60%
TC8HSbx8QXMQqNMwTCzwcYmxBAEiTyp6gC
200 0.12%
TB59xNQmLgP8GNdK8HSQpG647qa2dbNApN
200 0.12%
TTCa1Yr7Q2qsaaMSp8U78zHqzJxxLLyDMD
10 0.006%
TKsqoRbt8ywQpi1JBDFXVBeM87Az86hYj7
5 0.003%
TMHifEZDR61xZsittrgVbHaueXhGrWXEgC
5 0.003%
TYgotyWuRvowMefhE8VdNZXrVLrR2guk9S
3 0.002%

The first three accounts are with us for a long period of time. It’s worth mentioning that the second one is our own DAPP Fund that does accumulate our voting rewards. Kudos to everyone who is voting for us. We love you! You keep us going.

Going forward:
– The DAPP Fund will be used to pay for the expenses for the server colocation and expenses in the next few months. It was meant for developing new sites and services, and until now I was its main sponsor. It can very well be spent for datacenter expenses.
– We will keep just a single witness node running starting with November 2021.
– I remain open to any collaborations and projects. Feel free to reach out.

Thank you!
Dorian | TronLabs Romania

[Release] Java Tron GreatVoyage-v4.4.1(Protagoras)

The Java Tron GreatVoyage-v4.4.1(Protagoras) has been released today.

Note: This is a non-mandatory update.

GitHub link: https://github.com/tronprotocol/java-tron/releases/tag/GreatVoyage-v4.4.1

Changes

  • issues-4122 Solved the problem caused by database optimization. #4124
    Notes: Two solutions are proposed in this release, you can choose any one of them.

    • Restart the node with the latest configuration file. config file
    • Change the limits of the system file descriptor via unlimit -n -1 before the node startup.

There are two sides to every question.

— Protagoras

[Release] Java Tron GreatVoyage-v4.4.0 (Rousseau)

Java Tron GreatVoyage-v4.4.0 (Rousseau) has been released today.

Note: This is a forced update!

Link: https://github.com/tronprotocol/java-tron/releases/tag/GreatVoyage-v4.4.0

New Features

Core

  • TIP-289 Block broadcast logic optimization. #3986
  • TIP-290 Dynamic database query optimization. #3993
  • Transaction broadcast interface optimization. #4000
  • Database parameter optimization. #3992 #4018

TVM

  • TIP-272 Add a proposal to provide compatibility with Ethereum Virtual Machine. #4032
  • TIP-318 Add a proposal to be adapt to Ethereum London Release. #4032
  • The energy limit supports customization and the default value is increased in constant mode. #4032

API

  • Support ETH compatible JSON-RPC APIs excluding filter APIs. #4046
  • Support to disable specific APIs via the configuration file. #4045
  • Optimize the TriggerConstantContract API. #4032

Changes

  • Upgrade event plugin to support BTTC data. #4067
  • Increase the upper limit of the MaxFeeLimit network parameter. #4032
  • Optimize the quick deployment script start.sh see detail

 

The world of reality has its limits; the world of imagination is boundless.

— Rousseau