• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

Telegram Chat compromised !!!

tungfa

Well-known member
Foundation Member
Masternode Owner/Operator
mz53wOv.jpg


out telegram chat seems compromised
somebody took over my account and kicked all admins from the group
there is some rogue tungfa out there !!

do NOT trust him !!
(need to run out but will sort this out later )
 
Last edited:
okay shutting down all Dash Telegram !

Do NOT use any Dash telegram group anymore
do NOT trust any 'News" postings there and such
and do NOT trust any TUNGFA !!
(ping me here or on other outlets until this is solved !!!)
 
...but what if the tungfa forum account has been compromised? Are you in posession of any GPG keys or some sort, so you could publish news digitally signed?
 
...but what if the tungfa forum account has been compromised? Are you in posession of any GPG keys or some sort, so you could publish news digitally signed?

good thinking
tbh this is a good excuse / exersice to re-evaluate our OpSec
andy and the pros are on it to work out a plan moving forward
 
How did this happen anyways ? Was it through phishing email that they manage to take-over the Telegram chat / tungfa account ? Or by other means ?

cloned sim card it seems
 
cloned sim card it seems
You connected another device, they send you an SMS OTP confirmation, but someone by using ss7 signaling cloned your sim card.
You should configure your telegram with advanced security precautions next time, and ask 2 SMS confirmations instead of just one.

 
Last edited:
Glad you guys are all over this.

On a tangentially related note, I have never really messed with our telegram platform. What goes on there in general terms?
 
Glad you guys are all over this.

On a tangentially related note, I have never really messed with our telegram platform. What goes on there in general terms?

multiple channels in multiple languages
+ News Feed
no biggie - we can rebuild this easy fresh and new
 
Telegram update :
- still waiting for Telegram response
- “my account” is now for sale on Telegram (hacker is spamming all groups ) + up for Auction on DN
do NOT buy that account !!! let Telegram take care of it first !! we will NOT be blackmailed and do NOT pay !!!
it happened before and no worries, shut it all down and start fresh is the plan
 
Update:

- I am still me and me (@Figlmüller )
https://keybase.io/tungfa

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

After recent hack of my @tungfa Telegram account i want to verify myself here !
I am still Tungfa , secured all accounts, New Passwords, 2FA, .... all around !
I will NOT be using Telegram App for the time being !
Do NOT trust anybody using my name on Telegram App
[email protected]
-----BEGIN PGP SIGNATURE-----
Version: Keybase OpenPGP v2.0.76
Comment: https://keybase.io/crypto

wsFcBAABCgAGBQJappbWAAoJELBDogy6LA+FUagQALE6Ik83/4gZOjZu46z//JEK
qsnlXYhGGHbZPsdjPB0C/H395YCpVBtwbCezHFuPoVHajII62EGg3ythyQMINP6Y
wrvHq5sqXAcXgezvJYQJdBbAjK0y2YvSq5LhC658IhxuuN47skVz1UYvuFj1D9Nk
N3kEO1vHn+oGFL6pe+jgfwjs08y0iSjBy8wwDrN3RqdfH2NombETukJm//nNZEUp
Wd/lLNFbmPj+OsOlC7Kd94KIeyPeP9gKM7LdJf3xInE0hRWicGJ+nVquG49jyAiw
dD+rhWczBg3kPjOAMVUIHqDYvBnE07lVIH2w2om3s9Wh4rZq45R68Hmyi18F7m2k
pWwDCN9A6wZd1+nZVLRA6qgRXi+sT1w/158UoZYeYH7fALpIW5+B5rpDNDQij194
vo/iiAsmwaMC+gU8Ab9+UQehWX7+03cGAIL89x6WpKTD+ySTSsMOcK/7U0RHAV57
6hsWNozj0MkWWCqjMbeq21IlEs3gAfJfT8Xzp7/ANu+FWtvyi9r5aInVAKVZqz50
vkqYUe6NUsuG7nkwpLI7KVx9pVGR4Tm6j7drxZSLq/sFQZCHUULKS0CptU0yqi/l
DYqYWS634s2pXi7C2zMlN1MJ7YazHSZuUiKcJjz9zsj/FjbenO1U+/NLqAcck0dY
oCycAiHq2US0R7x9UzVG
=GBQf
-----END PGP SIGNATURE-----


- General and personal
The hacker has much more personal info than expected
so i went trough a OpSec excessive the last days and whipped everything
Wiped all computers, new passwords all around , new KeePass file, moved all coins , new encryption's , 2FA, new sim card + phone number, canceled all CC , Reported my Passport to BKA (at embassy)
...... (huge pain - good excersise)

- Telegram in General
Telegram never replied to me and that guy is still out there !
I messaged and emailed them on multiple outlets - still no answer
For safety (1 message) i will keep Telegram off for now and keep all Dash Groups off too !
My worry is , if we start new groups now , we still would have to deal with that guy and different "tungfa's " out there
so
best to solve that problem 1st
and then get back to work !
(supposedly all my info goes for sale on DN soon - and we take it from there)

General Message to Blackmailers: we do NOT pay !!
Until Further Notice: DO NOT Trust any Dash related News Posted on Telegram !!!!!

mz53wOv.jpg
 
Last edited:
The hacker has much more personal info than expected
so i went trough a OpSec excessive the last days and whipped everything

This suggests that more than just your Telegram account was hacked, which is why I think @demo is asking for more confirmation.

You're right, this is a valuable exercise to establish procedures when this sort of thing happens. I look forward to a debrief report, after everything is settled down.
 
This suggests that more than just your Telegram account was hacked, which is why I think @demo is asking for more confirmation.

You're right, this is a valuable exercise to establish procedures when this sort of thing happens. I look forward to a debrief report, after everything is settled down.
This suggests that more than just your Telegram account was hacked, which is why I think @demo is asking for more confirmation.

You're right, this is a valuable exercise to establish procedures when this sort of thing happens. I look forward to a debrief report, after everything is settled down.

it was a cloned phone , nothing else
so the only thing i had connected to my 'real' phone number was telegram !
(nothing else got compromised !)
obviously i went full power (to make sure nothing else was malicious) and whipped everything
i will not use my MN to verify , because all i will get out of that then is demo spamming me for any vote i do or not do ; )
Keybase is 100% trusted and used for 100% secure communications (back up plan ) in case Slack or others fail. feel free to double check my integrity with the rest of the team or look me up on keybase (and send message there) https://keybase.io/tungfa
 
it was a cloned phone , nothing else
so the only thing i had connected to my 'real' phone number was telegram !
(nothing else got compromised !)
obviously i went full power (to make sure nothing else was malicious) and whipped everything
i will not use my MN to verify , because all i will get out of that then is demo spamming me for any vote i do or not do ; )
Keybase is 100% trusted and used for 100% secure communications (back up plan ) in case Slack or others fail. feel free to double check my integrity with the rest of the team or look me up on keybase (and send message there) https://keybase.io/tungfa
I dont trust keybase.io certificates for another reason.
Someone may claim that his keybase.io has been compromised, while it hasnt!
This may happen for various reasons, for example because the individual signed something and he changed his mind.
Put your words where you money is! Thats why I think the most honest signature, is the signature of the dash wallet.

i will not use my MN to verify , because all i will get out of that then is demo spamming me for any vote i do or not do ; )
It is not a matter of masternode and of vote tracking. It is a matter of wallet. If you dont want to use your masternode wallet, use a simple wallet (that contains some money in it) to sign. The more money you have in this wallet, and the larger the percentage of your total money this wallet contains, the more I trust the honesty of your wallet signature.
 
Last edited:
I thought it is a well protected messenger... Did you find who and how did this?
If you are unable to read this very thread, you will never be protected. We already told you how they did it.
You connected another device, they send you an SMS OTP confirmation, but someone by using ss7 signaling cloned your sim card.
You should configure your telegram with advanced security precautions next time, and ask 2 SMS confirmations instead of just one.

 
Back
Top