How hackers are stealing your stash with no 2FA
|
Posting this here as it needs to gain more attention.
There is a a possible vulnerability in POE where a hacker can steal your account session token by initiating a trade window with you in game. Numerous reports and evidence of this support this conclusion. If you accept the trade request they can login to your character using an account pivot technique that does not trigger any 2FA and they do NOT need your password. They gain access to your stash, steal your currency/gear and then they're gone. Typical scenario that many users have reported: 1. You list an expensive item or try to buy an expensive item 2. The hacker pings you to trade 3. The hacker opens a trade window with you 4. The hacker cancels the trade and then logs off 5. They wait for you to log off and then use your hijacked security token to instantly login to your character and rob you 6. This does not trigger any 2FA since they are already "authenticated" Something that may reset the token if you suspect you are a victim of this: 1. Do not log off 2. Open a second POE client 3. Log in with the second POE client 4. You will be kicked off the other client 5. Close the other client Last bumped on Jan 7, 2025, 7:35:02 AM
|
|
" Now explain how exactly the hacker hijacks the security token. That is the part that needs looking into. 😹😹😹😹😹
I do not and will not use TFT. Gaming Granny :D 🐢🐢🐢🪲🪲🪲 @xjjanie.bsky.social |
|
"As far as I've heard the Security Token code is available inside of the player Hideout so its not important that they trade with you its important that they enter your Hideout. |
|
|
If this is true its ridiculous, replicating token used as part of login to other players clients. Absolutely indie design.
|
|
" Disclaimer: This is all assumption from my limited knowledge of game dev with unity/unreal engine. So I may be wrong or probably am lol Quick google search shows multiples tools that can inspect the contents of Content.ggpk while the game is loaded and let you inspect the active instance with overlay? I assume their using a 3rd party tool to get that information from inside the live instance of the game. Kinda like how in google chrome you can get session id token by using built in Chrome DevTools to provide 3rd party software to access your stash information to manage your item in poe1. Last edited by shootandrise92#3727 on Jan 5, 2025, 11:27:34 PM
|
|
|
deleted double post on accident*
Last edited by shootandrise92#3727 on Jan 5, 2025, 11:25:43 PM
|
|
|
Nah, such things are usually extracted from client memory or from sniffed traffic, if you got traffic encryption keys from memory. Poe is supposed to have anticheat against debugging, but anything short of denuvo grade can be bypassed by trained reverser with moderate effort
|
|
|
oof...
if true then the code is bad. probably could have been avoided if automated "online only" trade was implemented. [Removed by Support]
|
|
|
Guys, I think there is some sense to this. I just tried opening my stand alone client, and pressed login without typing in my password and i managed to login. Is this normal ? There seems to have some session cached somewhere.
Last edited by alpacalypse#1488 on Jan 6, 2025, 12:38:44 AM
|
|
" I saw a screenshot of what appears to be an POE's admin panel. Can't say if it is legit or not, but maybe people got access to dev tools. |
|
