Important Security Update
Verify if your account was compromised and take action.
Previously in December, we reported a number of user keys were intercepted by what was a yet to be determined means. At the time we had only limited information but were able to ascertain quickly that it affected telos sign users and made recommendations for all telos sign users to update keys.
Since then we have worked diligently to identify the exact methods, the source and scope of the attack. We are able to report we have succeeded in that operation and will be providing a detailed report in the coming days.
Key Information ahead of the upcoming full report
A total of 16 accounts had funds stolen, the amount of funds stolen is 500,202.3 TLOS.
A further 162 accounts had compromised keys but no funds were stolen likely due to the comparatively small amount of funds in those accounts. The 16 accounts that were stolen from held 95% or more of the total assets held by compromised keys/accounts.
The total number of accounts compromised represents <0.0002% of all telos accounts and the Telos blockchain itself was never compromised or hacked.
Today we are providing a list of compromised accounts so account owners can take action to secure them.
While the remaining funds from the total 178 affected accounts represent less than 5% of the 500,202 TLOS stolen it’s still imperative that these users are found so they can take action — we have seen a handful of cases where funds were stolen after more significant value was added by users. Additionally, the value of TLOS is in flux — a low amount of value now may be significant enough to steal in the future.
Please check for your account in this list and change your keys if you have been compromised.
A-Z of Compromised Accounts that need to change their keys
If you find one or more of your account’s below we recommend you change both your owner and active key for each of the affected accounts. Below the list you will find video instructions to make the change. Alternatively, affected users may decide to move their funds to a new account with different keys.
Click here to view the specific public keys that are compromised along with accounts.
Need Help Changing your keys?
Download Greymass Anchor (Previously “Greymass Wallet”) then follow the instructions in the video
Stay tuned for the full report
We are very pleased to have been able to determine the full scope of the key theft and know its effects are largely already behind us. We look forward to providing a more detailed report soon.
Wanting to report a security issue?
Send a support request to https://help.telos.net/
Telos Blockchain (Tlos) is a 3rd generation smart contract platform that offers compatibility with Solidity, Vyper, and Native C++ smart contracts, providing full EVM/Solidity support as well as a fee-less native smart contract layer upon which the EVM is built. Telos performance is unrivaled in the industry and was purpose-built to offer speed, scalability, cost-effectiveness, decentralization, and end-user fairness. The network can sustainably support hundreds of millions of transactions per day, produces blocks in 0.5-second intervals on a first-in-first-out basis (eliminating frontrunning on the network), offers a fee-less native, and low per transaction cost EVM (<$0.10), and a fully decentralized block producer network.