Hacked? How to check & change your vesting route

image.png

Have you been hacked?
Did someone set a vesting route change on your account?
Wtf is a vesting route?

Vesting route is a lesser known feature where you direct your powerdown to another account. While there are legitimate users for this feature (I use it to redirect my powerdowns to my cold wallet), hackers will usually set this feature to send powerdown funds to their account even if you recover your keys. Yes, they will still receive funds from your account after you change your keys.

How can I tell if I have a vesting route set?

One way to tell is to look at hiveblocks.com and see if you have seen the operation.

image.png

While this is easy if you recently got hacked, you will not know if this was done in the past.

Most people setting vesting route are probably using the cli wallet and I believe this is probably too complicated for most users. I am going to cover an easier way to check this and remove it if necessary.


Introducing Vessel wallet

Vessel is a desktop wallet for Hive. Vessel allows you to do anything you can do from Hive.blog Wallet and Peakd Wallet as well as a few other things, one of which adjusting your vesting routes.


Installing Vessel

Visit the Vessel Github releases page and download the build for your operating system.

Installation is pretty straight forward, just say yes to everything.


Add your account

Once Vessel is installed, you are going to want to add your account.

You have two ways to go about this.

image.png

You can use your master password to import all keys into Vessel, or you can add them each manually.

If you want to use your master password, you would fill it in like this.

I recommend using a Wallet Password to encrypt your accounts in Vessel. If you use the same wallet password for all accounts you will only be prompted once.

image.png

It is generally recommended to never enter your master password anywhere unless you are trying to recover your account. While it is a couple more steps to enter each of your three keys manually, I recommend that you do so.


Check for vesting route

Once you have setup your account(s) you should see the overview page with your account(s) listed.

If you click on the Vesting tab you will see all your accounts and their vesting routes.

Currently there are no vesting routes for this account, but let's set one up so you can see what it looks like.


Here you can see I setup a vesting route to @themarkymark, meaning any powerdowns done will send funds silently to @themarkymark. Even if I change the keys to my account, this vesting route will continue to do it's job.


Removing a vesting route

Removing the vesting route is as easy as clicking the trash can button.

That's it. If you recently got hacked and you are not sure you have a vesting route set, you can give this a try.


Pro Tip

One thing I recommend doing if you have a larger account is create an account to act as a cold wallet, an account you rarely ever log into and do not use any dapps with. Set your primary account vesting route to send funds to this account. Any extra funds you do not need in the immediate future, send to this account so you minimize your risk.

Never use your owner key or master password for anything other than recovering your account.

Stay safe!

PS: @asgarth @jarvie any chance you can add some functionality to PeakD for vesting routes? Would be awesome as there is no public easy to use interface for vesting routes currently.

@deathwing, can we get vesting route add/remove notification added to F.R.I.D.A.Y.? Would be nice to have Powerdown started/Stopped added as well.


Securely chat with me on Keybase

Why you should vote me as witness

H2
H3
H4
3 columns
2 columns
1 column
55 Comments