Have you been hacked?
Did someone set a vesting route change on your account?
Wtf is a vesting route?
Vesting route is a lesser known feature where you direct your powerdown to another account. While there are legitimate users for this feature (I use it to redirect my powerdowns to my cold wallet), hackers will usually set this feature to send powerdown funds to their account even if you recover your keys. Yes, they will still receive funds from your account after you change your keys.
How can I tell if I have a vesting route set?
One way to tell is to look at hiveblocks.com and see if you have seen the operation.
While this is easy if you recently got hacked, you will not know if this was done in the past.
Most people setting vesting route are probably using the cli wallet and I believe this is probably too complicated for most users. I am going to cover an easier way to check this and remove it if necessary.
Introducing Vessel wallet
Vessel is a desktop wallet for Hive. Vessel allows you to do anything you can do from Hive.blog Wallet and Peakd Wallet as well as a few other things, one of which adjusting your vesting routes.
Visit the Vessel Github releases page and download the build for your operating system.
Installation is pretty straight forward, just say yes to everything.
Add your account
Once Vessel is installed, you are going to want to add your account.
You have two ways to go about this.
You can use your master password to import all keys into Vessel, or you can add them each manually.
If you want to use your master password, you would fill it in like this.
I recommend using a Wallet Password to encrypt your accounts in Vessel. If you use the same wallet password for all accounts you will only be prompted once.
It is generally recommended to never enter your master password anywhere unless you are trying to recover your account. While it is a couple more steps to enter each of your three keys manually, I recommend that you do so.
Check for vesting route
Once you have setup your account(s) you should see the overview page with your account(s) listed.
If you click on the Vesting tab you will see all your accounts and their vesting routes.
Currently there are no vesting routes for this account, but let's set one up so you can see what it looks like.
Here you can see I setup a vesting route to @themarkymark, meaning any powerdowns done will send funds silently to @themarkymark. Even if I change the keys to my account, this vesting route will continue to do it's job.
Removing a vesting route
Removing the vesting route is as easy as clicking the trash can button.
That's it. If you recently got hacked and you are not sure you have a vesting route set, you can give this a try.
One thing I recommend doing if you have a larger account is create an account to act as a cold wallet, an account you rarely ever log into and do not use any dapps with. Set your primary account vesting route to send funds to this account. Any extra funds you do not need in the immediate future, send to this account so you minimize your risk.
Never use your owner key or master password for anything other than recovering your account.
@deathwing, can we get vesting route add/remove notification added to F.R.I.D.A.Y.? Would be nice to have Powerdown started/Stopped added as well.