Klei account got hacked

[Mr.CrazyPotato]

My Klei account probably got hacked today, when I opened my DST today every item was destroyed for spools and then there's a lot of transactions over and over again to create and destroy same item to lose me the 2/3 of what it actually costs everytime. I left with nothing now, I wrote in the Klei Support but please, help me, there's really lot of progress over 3 years of playtime and the paid skins.

Paid characters are also gone

[Cliffford W.]

Hello!

 

You could try contacting the support

https://support.klei.com/hc/en-us/requests/new

Edited June 22, 2025 by Cliffford W.

[Mr.CrazyPotato]

12 minutes ago, Cliffford W. said:

Hello!

 

You could try contacting the support

https://support.klei.com/hc/en-us/requests/new

I wrote one, like 5 minutes ago. I attached 1 screen but I can also attach my steam account if necessery

P.S. I sent new with my Klei User ID, Player ID, my link to the Steam profile, hope this is enough. Guys, never set your passwords to the one that on your gmail with the latest leak.

Edited June 22, 2025 by Mr.CrazyPotato

[Kvetevk]

1 hour ago, Mr.CrazyPotato said:

My Klei account probably got hacked today, when I opened my DST today every item was destroyed for spools and then there's a lot of transactions over and over again to create and destroy same item to lose me the 2/3 of what it actually costs everytime. I left with nothing now, I wrote in the Klei Support but please, help me, there's really lot of progress over 3 years of playtime and the paid skins.

Paid characters are also gone

Happend the same to me, I was fortunate enough to quickly remove every mod that I had enabled and it only bought 1 high heels, so I was able to rollback all the skins (with my free time spent on rollbacks).
it mustve been a client mod

Im happy that I acted quickly but I see you were not as lucky as I was.

If you wouldnt mind showing all your client mods that you have/had enabled I would be more than happy to check if we dont have same ones.
I wont be active all the time but I will look into this during my free time.

Edited June 22, 2025 by KvetekSK

[Mr.CrazyPotato]

1 hour ago, KvetekSK said:

Happend the same to me, I was fortunate enough to quickly remove every mod that I had enabled and it only bought 1 high heels, so I was able to rollback all the skins (with my free time spent on rollbacks).
it mustve been a client mod

Im happy that I acted quickly but I see you were not as lucky as I was.

If you wouldnt mind showing all your client mods that you have/had enabled I would be more than happy to check if we dont have same ones.
I wont be active all the time but I will look into this during my free time.

Hey, thanks for commenting this out, I'm all for it, but it's air alert and 1:41 am on my clock so I'll get you with some info on that little bit later. But the problem not the client mods, I think. It's another virus spreading out in DST, don't visit public servers and you should be fine.

[Mr.CrazyPotato]

[Kvetevk]

1 hour ago, Mr.CrazyPotato said:

I had only combined status, geometric placement and gesture wheel.

If any of these 3 mods had virus, then more than half people could get the virus.

I'll  check later today.

Edited June 23, 2025 by KvetekSK

[PunkShark]

Have you joined any public servers lately? it seems to spread from person to person.
For now until it gets handled, stay away from easily accessed servers like klei pubs or non-password protected servers. Be very careful downloading any sort of new mods except for the ones that are most subscribed, verify your files on steam by: right click on DST in your library, go into properties - installed files - and press the button [Verify integrity of game files].

as for your skins, go onto https://rewards.klei.com/  and on top menu you can press transactions, which allows you to rollback all of your previous skins that you have unraveled/weaved, although it may take some time.

To be extra secure, i would also just unsubscribe from mods and re-subscribe in-case they may have been infected while being on a server with others. Although we do not know if mods are involved, it's good to be safe.

and of course tell your friends to do the same.

Edited June 23, 2025 by PunkShark

[Mr.CrazyPotato]

5 minutes ago, PunkShark said:

Have you joined any public servers lately? it seems to spread from person to person.
For now until it gets handled, stay away from easily accessed servers like klei pubs or non-password protected servers. Be very careful downloading any sort of new mods except for the ones that are most subscribed, verify your files on steam by: right click on DST in your library, go into properties - installed files - and press the button [Verify integrity of game files].

as for your skins, go onto https://rewards.klei.com/  and on top menu you can press transactions, which allows you to rollback all of your previous skins that you have unraveled/weaved, although it may take some time.

To be extra secure, i would also just unsubscribe from mods and re-subscribe in-case they may have been infected while being on a server with others. Although we do not know if mods are involved, it's good to be safe.

and of course tell your friends to do the same.

You can't reverse buying skins, only destroying them

A lot of my spools are gone because of the creating and destroying same item over and over again, loosing the value of 2/3 of the item cost each time

Edited June 23, 2025 by Mr.CrazyPotato

[Kvetevk]

39 minutes ago, PunkShark said:

Have you joined any public servers lately? it seems to spread from person to person.

Only forge and floors servers that have the same people playing on them.

 

41 minutes ago, PunkShark said:

To be extra secure, i would also just unsubscribe from mods and re-subscribe in-case they may have been infected while being on a server with others. Although we do not know if mods are involved, it's good to be safe.

and of course tell your friends to do the same.

Will do, thanks.

[AliceShiki]

43 minutes ago, Mr.CrazyPotato said:

You can't reverse buying skins, only destroying them

A lot of my spools are gone because of the creating and destroying same item over and over again, loosing the value of 2/3 of the item cost each time

You already contacted support, so don't worry too much about it. They'll fix it.

They're already aware of the issue and that a malicious mod exists and they are working on the fix.

They also said everything related to skins transactions is logged, so they should be able to restore stuff in your acc to what it was.

So... Just wait for now. You already contacted support, so you already did your part.

[nome]

Yes, as @AliceShiki said (thanks!) we're prioritizing stopping more people from being harmed. Every skins action is audit logged (as you can see on the Klei Accounts website's transaction history page) so we can make the affected users whole once that's sorted. In the mean time we're genuinely sorry for the inconvenience people are suffering. Giving modders lots of power means lots of cool mods but also opens the door to situations like this. 

[Cliffford W.]

Mods are fun tools, but a dangerous toy

[Mr.CrazyPotato]

Everything is back now!

 

Thank you, Klei!!

 

P.S. I've got hell of a spools on my account, not that I mind, just to let it been known

[PeterA]

2 hours ago, Mr.CrazyPotato said:

P.S. I've got hell of a spools on my account, not that I mind, just to let it been known

All good, as expected.   The malicious code affected different accounts differently, and the quickest way to ensure that everyone got back what they deserved was to account for the worst case scenario.

[gaymime]

hi, i am not sure if this is the place to ask but i have been playing solo and with friends. i have NOT been doing pubs at all since this started happening, could i ask if anyone has an estimation(in weeks) of when they think we could safely go back to pubplay? i do so miss it and while i dont use skin mods for dst(ds is another matter, lol) i do understand that that is not enough to keep me safe

[stardust qwq]

30 minutes ago, PeterA said:

All good, as expected.   The malicious code affected different accounts differently, and the quickest way to ensure that everyone got back what they deserved was to account for the worst case scenario.

Just wondering, has the data for all affected players been restored, or does it still take some more time? I noticed my skin data hasn't been recovered yet.  

[nome]

31 minutes ago, stardust qwq said:

Just wondering, has the data for all affected players been restored, or does it still take some more time? I noticed my skin data hasn't been recovered yet.  

Have you contacted support yet? We took care of people who turned all their skins into stiletto high heels, but those who interrupted the process part way through will just look like they were turning a lot of skins into spool so we need a message from you letting us know that those unravellings were not something you initiated so we can undo them. Alternatively if the number of skins you lost is small you can self-serve through the Klei Accounts website's undo function.

[Littlefat1213]

happy to saw PeterA still working here

[Gashzer]

Removing the ability to use client mods on Klei official servers would be a win-win. It would give players a safe place from things like this and a public server that has completely vanilla gameplay.

[stardust qwq]

28 minutes ago, nome said:

您是否联系了支持人员？我们照顾过那些把所有皮肤都变成细高跟鞋的人，但那些中途打断这个过程的人看起来就像他们把很多皮肤变成了线轴，所以我们需要你的消息，让我们知道那些解开不是你发起的，这样我们就可以撤销它们。或者，如果您丢失的皮肤数量很少，您可以通过 Klei Accounts 网站的撤消功能进行自助服务。

我联系了支持人员，但我的数据仍未恢复。当这个问题发生时，我注意到很多皮肤都丢失了——我怀疑这是由 Mod 引起的。禁用所有模组后，我成功阻止了病毒。然而，大约 400 张皮肤仍然被废弃。

Edited June 27, 2025 by stardust qwq

[nome]

22 minutes ago, stardust qwq said:

我联系了支持人员，但我的数据仍未恢复。当这个问题发生时，我注意到很多皮肤都丢失了——我怀疑这是由 Mod 引起的。禁用所有模组后，我成功阻止了病毒。然而，大约 400 张皮肤仍然被废弃。

We know that we haven't finished remediation work on every account yet, but if you have an open support ticket with us then your account is on our todo list. Thank you for your patience.

[gaymime]

35 minutes ago, Gashzer said:

Removing the ability to use client mods on Klei official servers would be a win-win. It would give players a safe place from things like this and a public server that has completely vanilla gameplay.

you know, that is actually something i think would be a good idea! it might not fit klei's ethos though as pubs are for the freedom of play

[AliceShiki]

6 hours ago, gaymime said:

hi, i am not sure if this is the place to ask but i have been playing solo and with friends. i have NOT been doing pubs at all since this started happening, could i ask if anyone has an estimation(in weeks) of when they think we could safely go back to pubplay? i do so miss it and while i dont use skin mods for dst(ds is another matter, lol) i do understand that that is not enough to keep me safe

This vulnerability was fixed in the game update 676312.