⚠️ WE ARE UNDER ATTACK!

Hello! How was your last week?
The bad news is that RUBI Network has just had a bad week, so today I use this newsletter to inform you about what bad things happened!

Have you ever heard of the story "Alibaba and the Forty Thieves"? That's the title of a story that most of Vietnamese know, I don't know if in your country that story has a more interesting title.

The story is set in ancient Persia, and it tells of a group of robbers or thieves who stole a lot of people's property and piled it up. But the end of the story did not end well for the thieves, they could not enjoy the wealth they stole.

And coincidentally, in the past few days, we have witnessed such bad thefts right on the RUBI Network. It was so bad that many people did not know that "they were visited by thieves" until they read this article. Whatever happened, it happened, thieves came to your house and stole your precious RUBI that you had mined. 

Although we immediately took action, actively found the thieves and handled the situation before we published this article to you! We took drastic measures, tracked down and restrained the thieves and their accomplices. 

Now! Let me find out the details of what happened!

FIRST REPORT!

On March 13th, I received the first incident report sent by 2 Nigerian community ambassadors! This was reported by a Nigerian miner who discovered that his 986 RBL were being moved to a new wallet on his own account that he did not create, and that he did not have the private key to. This was the first report of this kind, and it started a kind of alarm that we had not received before. 

The amount of more than 900 RBL is a huge amount for a miner to mine, and it is a loss that he will almost never be able to recover through further mining. Because this amount is so serious, we immediately investigated what happened.

THIS IS A MASS THEFT

Also on the 13th, after discovering more victims, we tracked down the victim wallets and discovered a series of thieves urgently carrying out the theft. We quickly tracked the thieves' wallets and discovered other victims and where the thieves stored the stolen assets.

On the 15th, we decided to update the source code to implement new tools to support the tracking and verification of fraudulent accounts, consumption accounts, and storage accounts.

A racing was on, Rubi Network made continuous updates and aggressively tracked, while the thieves also continuously created new wallets to continue stealing, hiding, and quickly finding ways to disperse the stolen assets. The race was fierce while most of the miners were sleeping and no one knew about the incident.

ARE THESE FORTY THIEVES?

After looking at the characteristics of this attack, they showed that this was not a single attack, but was carried out by many thieves, which is why I thought of the story of "40 thieves". All the characteristics of the attack indicated that this was a typical Phishing attack that has been quite common in past few years.

The thieves we found were mainly from Iraq, and when we traced them, we found many other thieves, we exclaimed humorously! "Damn - we are dealing with the descendants of the famous thieves from the story of the forty thieves ".

These thieves carried out their thefts simultaneously with quick actions, professionalism and execution speed, showing that these were people with rich experience in the theft profession.

There were really a lot of them, they acted very quickly, but so did our team! In a few days we quickly added the source code and did the tracking, tracing and found many "treasures" where they kept what they stole.

HOW THE THIEVES DO IT.

Did the thieves steal Rubies from your wallet? No, they did not attack your wallet, instead they tried to hack into the mining pool to steal the mined Rubies that had not been transferred to the wallet. These thieves perform PHISHING attacks to gain access to your account, then they steal the mined RUBI that is outside your wallet.

And here is the step by step they did.

Step 1: They got your email and password in many ways and got access to your account

Step 2: They access the account and check the account status, see if it has been KYCed, see if there is a balance outside?

Step 3: If you have KYC and have balances that have not been transferred to the wallet, they will go to the wallet creation section and create a new wallet (this wallet is controlled by the thief)

Step 4: They connect the newly created wallet to your account and then create a migration request for all the Rubies from the mining area to the new wallet.

Step 5: They then quickly transfer all the stolen funds to a wallet on another account that they control.

DAMAGE ESTIMATION

This is a bad attack on the Rubi Network, Phishing attacks are commonly known, attackers perform fraudulent activities to gain access to accounts and passwords, then gain access and steal. Recently, a typical Phishing attack like this happened in early 2024 when a group of young scammers scammed away $230 million worth of Bitcoin at that time.

Here are the estimated figures for the damage in the terrible attack by the "the forty of thieves" on Rubi!

• Hundreds of victims:
The estimated number of observed victims has reached several hundred victims and may continue to expand, with victims coming from many countries, including Nigeria, Vietnam, India, Indonesia, Pakistan and several others.

• Several dozens of thieves:
Dozens of direct attackers, and hundreds of people involved in supporting the hoarding and consumption, they create a complex network of movements to make it difficult to trace.

• Estimated amount of stolen assets:
Based on data, the amount of stolen Rubies could be more than 400,000 RBL, which is clearly a very serious number. However, the majority of the stolen Rubies (RBL) are still in the wallets of the thieves, while the remaining hundreds of thousands of Rubies (RBL) are being sold off at low prices. We are truly witnessing the lesson of history repeating itself, and it has always been a part of development.

• Countries with many victims:
The tracking data shows that the attackers are mainly from Iraq, but the victims are from all over the world. The tracking data shows that these are the countries most affected by this crisis: Vietnam, Nigeria, Pakistan, India, Indonesia, Bangladesh, Turkey, Philippines.

IF YOU ARE A VICTIM!

Since the number of victims seen is in the hundreds, we consider this a serious crisis! Please check your account now and let us know if you are being attacked by Phishing! Providing more information will help us trace faster and resolve this crisis soon.

How to check:
Go to your account and check for any unusual signs:
• See if there are any new wallets created that were not created by you.
• See if there are any mining Rubies transferred that were not created by you.

Enhanced protection:
If your account doesn't show any unusual signs then you're safe, but to make it even safer, here's what you need to do.
• Change your account password (whether you have KYC or not, this is still necessary).
• Since thieves target KYC accounts, you should stop requiring KYC until things are under control.
• If you passed KYC, create the maximum number of wallets allowed to link to the mining account, taking carefully to store the private key.

How to report:
If you have been visited by a thief, first of all, we would like to express our condolences for your bitter loss, so please be wise and send us a notification about your attack by commenting as instructed in this article. This will help us track down and fix the problem.

Please let us know how many Rubies you have stolen, and copy the strange wallet address that the thief created to steal your Rubies!

Here is an example of how to comment!
"
I've lost: 986 RBL
The thief created wallet: 0x2866e76c6dfe3dd6c66d620db4d916d2db623d3b
" ​

Please comment according to the instructions and submit your comment right in this article! Please make an honest report because it is helpful for supporting the recovery!

WHAT ACTIONS OF THE RUBI TEAM?

We immediately convened an emergency meeting, assessed the situation, and discussed appropriate solutions! After several days of tracing and taking appropriate measures to stop the flow of stolen assets, by the afternoon of the 18th we were still recording the phenomenon of stolen assets. Although many thieves were controlled, the thieves continued to create new accounts and new wallets to continue stealing. 

The thieves claimed that they had controlled more than 1000 miner accounts, since it was impossible to know for sure how many more victims there were, we immediately took stronger actions, even somewhat extreme, but it would ensure that the "bleeding of assets" was stopped. Here's what we've done.

Measures for thieves
• Update the new source code version with tracking support tools.
• Filter, identify thieves or those involved, mark them for investigation.
• Red-flag wallets that violate the rules and will show the red-flag in the future.

Preventing "asset bleeding"
• Limit the maximum number of RBL move orders to limit consumption.
• Temporarily suspend the Migration service to stop theft activities.
• Pause KYC service, as un-KYC accounts are a safe way to avoid theft.

If there is any inconvenience caused by our crackdown, you know, "when you are seriously ill, you will need strong medicine, although strong medicine often comes with side effects".

THE RUBIMILY ACT TOGETHER

Rubimily with a mechanism of distributing 100% of assets to mining activities, 100% of assets to miners, which means 100% of digital asset benefits belong to the Rubimily mining community. Rubi belongs to the community, this is a special project. So this attack is not simply aimed at an individual, a project group, but is a direct attack on the rights and interests of the entire community..

You are a patience miner, you know that what you spend is not just clicks, it is perseverance over years. Attackers are targeting your assets, it is a crime against the Rubimily community!

As a united Rubimily community, we declare that "Thieves are attacking the interests of all miners" ⚠︎.

Therefore, we call for action from the mining community, to ensure that the fraudsters will realize the price of attacking the legitimate assets of the Rubimily community.

The Rubimily community should support us in taking the following measures:

● Strongly condemn the attackers!
● Be cautious with cheap, bargain transactions, because the attacker is likely trying to sell for money.
● Check your account immediately, follow the safety instructions and send this warning to others.

IF THIEVES WANTS TO COMPROMISE!

The Rubimily community can grow and become the basis for a public economy where reputation and kindness will bring real benefits. The attackers are not aware that fighting the community will deprive them of their rights and long-term benefits!

But perhaps not all of them are the same, some of the attackers have begun to feel that attacking the community is like "shooting themselves in the foot", they have received more damage than what they have earned. So some attackers may want to compromise!

In Vietnam we have a saying "Hit the one who runs away, not the one who runs back"!

So we accept this compromise and give him back his freedom if he commits to returning 90% of what he stole, the remaining 10% will be considered a reward to warn about the consequences of phishing. If the compromise happens, he will receive the reward, his freedom and be restored as a Rubimily member.

OVERCOME TOGETHER

During this crisis, the solidarity of the Rubimily mining community was tested, and the challenges only made the community stronger, more mature and more united. The consequences of these attacks led to the loss of assets of many miners, with an estimated amount of more than 100,000 RBL stolen and consumed by thieves.

So one of the proposed plans to overcome the consequences is based on the solidarity of the Rubimily mining community!

We propose a vote to establish a support fund on the traditional day of the Rubi community (May 1st)

If the vote passes, here is the plan: 

" Call for donations from the whole community with each KYC miner, donate 1% of the balance in your wallet, and we will create a huge support fund, then based on the list of victims of the theft, the damage will be counted, and the victims can receive support up to 50% of what they lost. "

If this community event is successful in overcoming the consequences, it will create the premise for other community fundraising activities in the future. From there, create the necessary support for many public goals.

(Please note! This is just a proposal from Team Rubi, the donation activity has not been voted on yet and it has not happened yet)

CONCLUSION!

Although crypto assets and blockchain technology have been known for just over a decade, throughout its history there have always been attacks, vulnerabilities have been continuously discovered and abused. Attacks in one way or another will appear, even on leading blockchains or leading exchanges.

In the past, attacks with losses of hundreds of millions of dollars, even billions of dollars have not been uncommon in the blockchain asset market, so the risk of being attacked has always been one of the potential risks.

This crisis, for Rubi Network, is the first major attack, but perhaps not the last attack that the community will encounter. What we need to do is to overcome these attacks firmly. We will turn risks into practicing, for maturity with the solidarity of the Rubimily mining community growing stronger every day.

Once again!

From a more positive perspective, the story of "Rubimily and the Forty Thieves" can be one of the necessary training events for all of us!

RUBI TEAM

Crypto assets are inherently risky! include Rubi!
Take the time to read the article about ⚠️ RISK ⚡️ No RISK