EOSCommunity.org Forums

Unable to recover account ower key has been changed, certificate no longer valid

Alright - here’s where we are at and why we have been looking into this for so long.

The account yuan.gm was created on Nov 14th - but you tried to create it on Nov 20th. If that wasn’t you on the 14th, it means that someone else created an account with that name before you and controls that account. This we believe explains why you can’t access that account or perform any transactions.

We have done an extensive review of our systems and identified three bugs that, if all occurred at the same time, could have resulted in a situation like this. This is a situation where both the checks in Anchor and on our servers could have been bypassed, and allowed you to seemingly create the account, even though it already existed on chain. This however requires very specific network conditions and having all that happen at once is ridiculously improbable, like winning the lottery and being struck by lightning at the same time improbable, but since we believe your story and you have a backup sheet for that account - it’s the only explanation we can come up with.

If you aren’t the person who created yuan.gm on the 14th your only recourse is to try to contact them and ask to transfer the tokens back to one of your other accounts. The account has been active on chain as of the 14th, so someone is in possession of the key the account was created with.

Contacting another account holder can be difficult, since there’s no personally identifiable information involved in account creation or on the blockchain. You basically have to send a very small amount of tokens to the account with a memo attached, explaining the situation, but even then there’s no way for that user to know you truly are the person who deposited those tokens.

point from me, i created yuan.gm in success without any blocker from IOS Anchor APP that notified me yuan.gm was already created on 14th Nov 2021, and further IOS Anchor APP did generated the owner certification and the 6 encryption words and this made me believe yuan.gm is belong to me.

will greymass take the responsibility on my lose? Point from me, all the money lost on me is all because of the bugs from the greymass product.

Are you 100% sure it wasn’t you that created the yuan.gm account on the 14th? Two different users signing up for the same account name from the same country to play the same game within a week of each-other and running into 3 different bugs that require very specific conditions to trigger that no-one else has run into just doesn’t compute…

If it was you that created the account on another device and you still have that device it’s a good chance the keys are still there and the account can be recovered.

@johan @aaron
let me make it clearly, I am 100% sure that I have never performed any account creation on 14th Nov 2021.

The fact is I created yuan.gm on 20th Nov 2021 which passed all the validation and the system generated the onwner key certification and the 6 encrytion words to me on 20th Nov 2021.

With the owner key certification and the 6 encrytion words generated by greymass product-IOS Anchor Wallet, I believeed that I am the owner of yuan.gm.

Then I transfered 7664 wax into yuan.gm, tried to play FarmersWorld, then I found out I cannot authorize any transactions thru my device which I created yuan.gm on 20th Nov 2021.

It is really frustrated that greymass IOS Anchor Wallet generated account with fake owner key certification which made me into this bad situation.

What is happening right now already proved that the greymass product - IOS Anchor Wallet has some critical issues which leads end user to lose money. Definitely greymass should take the responsibility on my lost and provide a reliable product all the end users.

I understand the frustration and wish we could help more.

Unfortunately it’s just something that comes with these new emerging technologies. Anchor is provided by Greymass on a best-effort basis, meaning we do our best to provide services - but can make no absolute guarentees anything will work as expected.

This includes situations where users fall for phishing scams losing their tokens/accounts, times when users lose all of their backups and access to their accounts, and situations like this where seemingly something in Anchor causes a user to make a mistake. It’s the sad nature of the blockchain space that we exist within and one of the most heartbreaking parts of our jobs having to deliver messages like this.

We cannot do anything though - especially reimburse anyone when things happen.

There’s a few reasons for this, first and foremost is that we would be out of business if we were responsible for every action users take. Anchor is a non-custodial wallet, with a privacy focus, where the user bears the responsibility of how it’s used.

The second reason is because we don’t have concrete proof that this actually happened. We had to ask you many questions simply because we don’t have information that this situation actually played out the way you described it. Being both privacy-focused and non-custodial, what happens in your wallet is unknown to us.

Because of this, even if we were responsible, there’s no way for anyone except you to know what happened in this situation. We don’t have any sort of proof of what actually happened on our end. We would have to take your word on nearly all of it. I am not implying any of the following is true - but everything in this situation could have been an elaborate plot to try and scam Greymass.

The reason for this include:

  • The screenshots of Anchor could be faked (you can import any account if you know what you’re doing)
  • The owner key certificate could be faked by creating manually (all that code is open source)
  • The keys to the actual yuan.gm could be under your control and we would never know.

Again, to emphasize, I’m not accusing you of these things, but there’s no way to prove that those things aren’t true. Since we can’t prove anything, there’s no way to tell who is making a legitimate claim and who’s not, leaving us in a position where we simply cannot help anyone.

We have to protect Greymass in order to continue working on projects like Anchor. We have hundreds of thousands of users that benefit from our products and unfortunately things like this happen.

This kind of stuff hits us hard and is really sad to see. The only thing we can do is take what happened and improve upon it, so it doesn’t happen to someone else. We spent nearly a year working on account creation before it was released for the public to use because we wanted it to be a solid experience. Unfortunately you are the first, after tens of thousands of successful users, who has ran into this potentially new issue - and for that we’re sorry.