If you detect unusual behaviour in your EOS account the first thing to do is verify if your owner or active key has been changed.
You can do so following below instructions but if you do not feel comfortable with the procedure simply join eos911 channel on telegram where people can help (Scammers may PM you, DO NOT SHARE ANY OF YOUR PRIVATE KEYS).
- Go to https://eospark.com (Other valid EOS explorer websites exist such as eosflare.io, bloks.io, etc.)
- Type your EOS account name in the search field
- Unfold the section "Permissions" (This may differ on other EOS explorer websites)
- Compare your valid owner and active keys to those displayed in the website "Permissions" section
- If keys are different from yours, somebody has changed them. If not, you are all good.
Note: Either way you should have a look to the following document created by Eugene Luzgin that overview a secured setup of EOS keys, it's a simple and instructive presentation.
Your EOS account has been compromised, what to do now ?
There is no short term recourse, ECAF (arbitration forum) is definitely closed after "EOS User Agreement" governance model being approved.
At that point there is a few things we think you should do:
- Find the 1st transaction that updated your owner key, search for "eosio::updateauth" in your history
- Register on https://eospatrol.com, confirm account ownership with your telegram id (We will contact you through telegram before activating your account)
- Fill SCAM case
- Generate police report and Submit it to local Police
- Contact Exchanges if stolen funds were processed via any