NancyWheeler Posted November 9, 2022 #1 Posted November 9, 2022 The Stake email was not a random phishing email. It was a result of their sendgrid (what they use to send out emails) account being compromised. The hacker was able to send emails from the stake official email and although it pointed to a different site, many people confused it for a mirror. Which makes sense since there’s so many mirrors. The fact that the email was from Stake and that they haven’t told the truth about what happened is a big deal. It’s even more surprising that we aren’t compensated for this. So, it’s up to us now: we shouldn’t tolerate this. attached are the files showing the email and the website after the hacker made off with 10 mill and left a message showing how he did it. he was able to withdraw users funds by using the graphql api, using the withdraw mutation. this allowed him to do it without any user input besides the login.
88icario Posted November 9, 2022 #2 Posted November 9, 2022 My Thread was deleted, where i was ask similar Questions about the Hack and them IT
PluePlue Posted November 9, 2022 #3 Posted November 9, 2022 so.. just 1 guy got robbed of 10 million?
wowemir Posted November 9, 2022 #4 Posted November 9, 2022 Yes email spoofing not difficult. But as per my view as an email marketer. They can't send email from [email protected] because the domain is own by stake.com. If they any how used stake.com domain to send email on technical terms DKIM,SPF should be failed but it was DKIM,SPF is passed. And most importantly the mail is come not only from [email protected] email id which stake use but the mail also come from same server IP which stake use. Mail was 100% originally from stake, with less words someone from stake with high access sent mails to members.
Moderator Faris Posted November 9, 2022 Moderator #5 Posted November 9, 2022 You didn't write anything different here, you can just check this thread and you will see that these things are already posted there by many users.
88icario Posted November 9, 2022 #6 Posted November 9, 2022 Just now, Faris said: You didn't write anything different here, you can just check this thread and you will see that these things are already posted there by many users. HAHAHA OMG
NancyWheeler Posted November 9, 2022 Author #7 Posted November 9, 2022 Just now, Faris said: You didn't write anything different here, you can just check this thread and you will see that these things are already posted there by many users. Lol, I didn’t write anything different? So what? Stake hasn’t written anything regarding the matter so we should be allowed to post about this as much as we want until we get a proper answer. No need to act so smart, unless Eddie is holding a gun to your head (possible)
Moderator Faris Posted November 9, 2022 Moderator #8 Posted November 9, 2022 2 minutes ago, NancyWheeler said: Lol, I didn’t write anything different? So what? Stake hasn’t written anything regarding the matter so we should be allowed to post about this as much as we want until we get a proper answer. No need to act so smart, unless Eddie is holding a gun to your head (possible) I expected something different from you because you said you are 100% sure that they stole $10 million and you have proof. As far as I can see, you have written the same messages that I have seen hundreds of times today. So just fake rumours.. Have a good one
NancyWheeler Posted November 9, 2022 Author #9 Posted November 9, 2022 7 minutes ago, Faris said: I expected something different from you because you said you are 100% sure that they stole $10 million and you have proof. As far as I can see, you have written the same messages that I have seen hundreds of times today. So just fake rumours.. Have a good one Perhaps you are blind or like I said, Eddie has a gun to your head. The images I attached show they stole 10 million and how. I have added info about how they did it via a simple graphql mutation. It should be noted though, that this only affected users who didn’t have 2fa. And on the topic of fake rumours, this isn’t fake. What is fake is Stakes response to all this (blaming the users) Even if there are rumors, what on Earth do you expect when Stake themselves are not giving a clear answer ?
dawid-m Posted November 9, 2022 #10 Posted November 9, 2022 10 minutes ago, wowemir said: Yes email spoofing not difficult. But as per my view as an email marketer. They can't send email from [email protected] because the domain is own by stake.com. If they any how used stake.com domain to send email on technical terms DKIM,SPF should be failed but it was DKIM,SPF is passed. And most importantly the mail is come not only from [email protected] email id which stake use but the mail also come from same server IP which stake use. Mail was 100% originally from stake, with less words someone from stake with high access sent mails to members. That makes me scary....
SorteMenino Posted November 9, 2022 #11 Posted November 9, 2022 this is my view on this,basically if u withdraw a confirmation on email is needed how did the hacker got that or maybe the millionaire has been tricked into putting codes????? it will also say withdrawal confirmation or something,so i think no money has been lost guys,just stake wanting the 2fa??? or maybe the end is near????
NancyWheeler Posted November 9, 2022 Author #12 Posted November 9, 2022 4 minutes ago, SorteMenino said: this is my view on this,basically if u withdraw a confirmation on email is needed how did the hacker got that or maybe the millionaire has been tricked into putting codes????? a graphql mutation can withdraw user funds in one simple request. Edit: it should be noted that this is not possible if 2fa is enabled
SorteMenino Posted November 9, 2022 #13 Posted November 9, 2022 4 minutes ago, NancyWheeler said: a graphql mutation can withdraw user funds in one simple request. Edit: it should be noted that this is not possible if 2fa is enabled oh ok, another one you think a man with ten million dollars will click on some email saying new VIP program, huge bonuses???? think about it bro???? rich man excited to small penny bonus????
Kirito89 Posted November 9, 2022 #14 Posted November 9, 2022 2 minutes ago, NancyWheeler said: Perhaps you are blind or like I said, Eddie has a gun to your head. The images I attached show they stole 10 million and how. Just because that guy said in the fake website that he got 10 mil from 1 account, doesn't mean he actually did it.
Evostevens Posted November 9, 2022 #15 Posted November 9, 2022 11 minutes ago, Faris said: I expected something different from you because you said you are 100% sure that they stole $10 million and you have proof. As far as I can see, you have written the same messages that I have seen hundreds of times today. So just fake rumours.. Have a good one So someone could just take 5 minutes out of their busy days in the office, posting monthly memes and prove to paying customers there wasn't 10 mil stolen. It's not our responsibility to prove it. Getting your customer's personal information "social engineered" out of a billion-dollar operation, doesn't put you as a company, nor your mods, in a position for smart remarks like "So just fake rumors.." , prove it wrong, give a decent statement. That's the least that could be done after breaching data of tens of thousands of people?
Moderator Faris Posted November 9, 2022 Moderator #16 Posted November 9, 2022 Why Stake did not write anything about this is a different topic, but the hacker stole 10 mills are fake information and you have no evidence, nothing just the same words that some other people wrote. Something will probably be written about this situation, but after the investigation. You guys can continue to write your opinion on this in the thread I posted above. Have a good one 🍀
Featured Comment
Archived
This topic is now archived and is closed to further replies.