EOSCommunity.org Forums

Unable to recover account ower key has been changed, certificate no longer valid

Two questions for you:

  1. Is this the same device you created the account with?
  2. Do you still have the account imported on a device?

no, not the same device, as i cannot make transaction thru the device i create yuan.gm, so i tried to import to another device

yes, the ios device i used for account creation still imported the account

Further, i can’t make any transaction thru the device i used for acc creation. when try to make transaction, i will ecounter this error. pls find below user journey i tried to send out wax thru the device i used for creating yuan.gm


then i slide to sign, telling me as below

@aaron mai i hv ur help?

Alright awesome. So, on the device you created the account on, I want to walk you through trying to look for the appropriate key, since it seems like multiple keys have been created and potentially the wrong one imported.

On the device you created the account on, try the following:

  1. Go to the home screen of the Anchor iOS app.
  2. Tap the Anchor logo 5 times fast, which should open up the developer tools.
  3. Select the “Keychain Viewer” option.
  4. A list of public keys will appear, you are looking for the one that matches your account.
  5. Check to see if either of these two public keys are in the list:



Based on what I see in the block explorers for your account, those are the public keys associated and in control of your account and what we need to find.

If you find those public keys, export the private keys by clicking on them from the keychain viewer and select “Export private key”. There’s a “Copy key” button in the upper right you can use to copy them, and you can also scan these keys from another device using the QR code to import them.

All of the above should allow you to manually backup those keys, provided they exist in the keychain, and give you access to the account and its assets. It’s not a certificate backup like the app tried to create, but it’s something for now while we work through this problem.

Now for an explanation: it looks like somewhere in our process there’s a bug that generated multiple sets of keys for your account. The account was created using one set of keys, while Anchor imported a different set of keys and prompted you to create a backup using the wrong ones. We’re investigating how this bug could have occurred on our end.

follow the instructions from u, i can c that the key on my ios device is different from block explores, what should i do now? @aaron
@aaron may i have your quick response on this, as i have transfered some usd into yuan.gm, and this acc got problems. it is urgent.

Looks like my initial thoughts of this being a bug might not be the case.

So is this the device you originally created the account on?

yes, it is the device originally created the yuan.gm. how can i move my money out of yuan.gm?

@aaron any update?

This is not something we would normally ask - but if the certificate is invalid for the account and you’re certain of that, it might help us further determine what exactly is happening here. For all other situations where the certificate is valid, we’d never recommend sharing it with anyone.

If you’re willing, send it over to team@greymass.com and we will look to see if maybe there’s some information we can gather from this situation.

Sent an email thru my Gmail account 35915647neo@gamil.com attached with owner certificated and encryption words to team@greymass.com. Please help and keep me posted. Many thanks @aaron

Received, we’re investigating on our end to try and see how this is possible.

One question for you, do you have two accounts on the forums? Did you also create this post?

yes, this is post by me as well

Alright thanks - we were just trying to determine if we had two open issues or one, since if you did post both we know that the cause of both issues is the same thing.

One of our developers spent the day yesterday looking into this and is continuing still to investigate. The random questions we are asking are just to help look into the situation. Sorry to keep you, it’s just a pretty odd situation and we’re trying to gather as much information as possible.

thx @aaron , we may communicate timly on this, no matter thru email or forum.

how is the progress? any findings?

Lots of weird findings, which result in weird questions like this: do you remember the date you created this account, and have you ever played Farmers World on WAX?

i created yuan.gm on 20th NOV 2021 china time zone. i planned to use yuan.gm to play farmersworld, so i transfered some wax to yuan.gm to buy tools of farmerworld, but i cannot buy anything now.

Alright - here’s where we are at and why we have been looking into this for so long.

The account yuan.gm was created on Nov 14th - but you tried to create it on Nov 20th. If that wasn’t you on the 14th, it means that someone else created an account with that name before you and controls that account. This we believe explains why you can’t access that account or perform any transactions.

We have done an extensive review of our systems and identified three bugs that, if all occurred at the same time, could have resulted in a situation like this. This is a situation where both the checks in Anchor and on our servers could have been bypassed, and allowed you to seemingly create the account, even though it already existed on chain. This however requires very specific network conditions and having all that happen at once is ridiculously improbable, like winning the lottery and being struck by lightning at the same time improbable, but since we believe your story and you have a backup sheet for that account - it’s the only explanation we can come up with.

If you aren’t the person who created yuan.gm on the 14th your only recourse is to try to contact them and ask to transfer the tokens back to one of your other accounts. The account has been active on chain as of the 14th, so someone is in possession of the key the account was created with.

Contacting another account holder can be difficult, since there’s no personally identifiable information involved in account creation or on the blockchain. You basically have to send a very small amount of tokens to the account with a memo attached, explaining the situation, but even then there’s no way for that user to know you truly are the person who deposited those tokens.

point from me, i created yuan.gm in success without any blocker from IOS Anchor APP that notified me yuan.gm was already created on 14th Nov 2021, and further IOS Anchor APP did generated the owner certification and the 6 encryption words and this made me believe yuan.gm is belong to me.

will greymass take the responsibility on my lose? Point from me, all the money lost on me is all because of the bugs from the greymass product.

Are you 100% sure it wasn’t you that created the yuan.gm account on the 14th? Two different users signing up for the same account name from the same country to play the same game within a week of each-other and running into 3 different bugs that require very specific conditions to trigger that no-one else has run into just doesn’t compute…

If it was you that created the account on another device and you still have that device it’s a good chance the keys are still there and the account can be recovered.

@johan @aaron
let me make it clearly, I am 100% sure that I have never performed any account creation on 14th Nov 2021.

The fact is I created yuan.gm on 20th Nov 2021 which passed all the validation and the system generated the onwner key certification and the 6 encrytion words to me on 20th Nov 2021.

With the owner key certification and the 6 encrytion words generated by greymass product-IOS Anchor Wallet, I believeed that I am the owner of yuan.gm.

Then I transfered 7664 wax into yuan.gm, tried to play FarmersWorld, then I found out I cannot authorize any transactions thru my device which I created yuan.gm on 20th Nov 2021.

It is really frustrated that greymass IOS Anchor Wallet generated account with fake owner key certification which made me into this bad situation.

What is happening right now already proved that the greymass product - IOS Anchor Wallet has some critical issues which leads end user to lose money. Definitely greymass should take the responsibility on my lost and provide a reliable product all the end users.

I understand the frustration and wish we could help more.

Unfortunately it’s just something that comes with these new emerging technologies. Anchor is provided by Greymass on a best-effort basis, meaning we do our best to provide services - but can make no absolute guarentees anything will work as expected.

This includes situations where users fall for phishing scams losing their tokens/accounts, times when users lose all of their backups and access to their accounts, and situations like this where seemingly something in Anchor causes a user to make a mistake. It’s the sad nature of the blockchain space that we exist within and one of the most heartbreaking parts of our jobs having to deliver messages like this.

We cannot do anything though - especially reimburse anyone when things happen.

There’s a few reasons for this, first and foremost is that we would be out of business if we were responsible for every action users take. Anchor is a non-custodial wallet, with a privacy focus, where the user bears the responsibility of how it’s used.

The second reason is because we don’t have concrete proof that this actually happened. We had to ask you many questions simply because we don’t have information that this situation actually played out the way you described it. Being both privacy-focused and non-custodial, what happens in your wallet is unknown to us.

Because of this, even if we were responsible, there’s no way for anyone except you to know what happened in this situation. We don’t have any sort of proof of what actually happened on our end. We would have to take your word on nearly all of it. I am not implying any of the following is true - but everything in this situation could have been an elaborate plot to try and scam Greymass.

The reason for this include:

  • The screenshots of Anchor could be faked (you can import any account if you know what you’re doing)
  • The owner key certificate could be faked by creating manually (all that code is open source)
  • The keys to the actual yuan.gm could be under your control and we would never know.

Again, to emphasize, I’m not accusing you of these things, but there’s no way to prove that those things aren’t true. Since we can’t prove anything, there’s no way to tell who is making a legitimate claim and who’s not, leaving us in a position where we simply cannot help anyone.

We have to protect Greymass in order to continue working on projects like Anchor. We have hundreds of thousands of users that benefit from our products and unfortunately things like this happen.

This kind of stuff hits us hard and is really sad to see. The only thing we can do is take what happened and improve upon it, so it doesn’t happen to someone else. We spent nearly a year working on account creation before it was released for the public to use because we wanted it to be a solid experience. Unfortunately you are the first, after tens of thousands of successful users, who has ran into this potentially new issue - and for that we’re sorry.