search

anza-xyz / agave

Web-Scale Blockchain for fast, secure, scalable, decentralized apps and marketplaces.
https://www.anza.xyz/
Apache License 2.0
428 stars 210 forks source link

solana-keygen created a private key, but it does not belong to me. The threat is still ongoing. #3255

Closed yrelationlab closed 3 weeks ago

yrelationlab commented 3 weeks ago

  1. solana-keygen create HX4bcUho7mNZL3NCBAzDKhoVjJzXibY1A1Wfr568wzBU for me.

  2. but this address is a nonce account and belong to AmK8k6ZqE4Rnguw1q83XNQ934b2SWE1ni4vLP6Hz1P3r

  3. I lost all my sol, and i find many people is attacked by AmK8k6, this guy is still stealing tokens, pls check its' transactions.

have same tojan in solana.web3.js

yrelationlab commented 3 weeks ago

  1. solana-keygen --version solana-keygen 1.18.17 (src:b685182a; feat:4215500110, client:SolanaLabs)

  2. I use this command solana-keygen new --outfile ./cli/.config/token.json

  3. I find the tool created a private key, but it does not belong to me. The threat is still ongoing. My address is 8EKEHX9CkmNrjn91TZ9tzBbxTWniS3Tixp358GTJpSwW, but authority is AmK8k6ZqE4Rnguw1q83XNQ934b2SWE1ni4vLP6Hz1P3r,which is not controlled by me

  4. similar issue:https://www.reddit.com/r/solana/comments/1fn6syu/who_wants_free_0058_sol_8_try_to_transfer_this/

  5. most of explorer do not show nonce account information,this issue is very subtle

joncinque commented 3 weeks ago

Sorry, the GitHub issues are not for end-user support