Posts
Leak -- Compromised MEMO key successfully detected
25
@keys-defender
ยท0 views
2 min read
โโโ ๐ โ ๏ธ ๐ โ ๏ธ โโโ
It's a new day and another user leaked one of their private keys into the Steem Blockchain.
https://cdn.steemitimages.com/DQmXrgmkPidLgXtMvLHPYM44Gd32zayQ3ZuWKj3z6gAGRMj/image.png
They COMPROMISED their...
private MEMO key
private MEMO key
HOW: in a transfer operation
The compromised account owner has NOT been notified since it's a Steem-only account.
Compromised account stats:
-
Reputation: 55
-
Followers: 78
-
Account creation: 4/2021
-
Last action on chain: 2021/6/20
-
Estimated account value:
$ 84.31
Top 5 private ACTIVE keys protected:
1. @nextgen622:
~$ 28,000
2. @cryptoandcoffee: ~$ 8,400
3. @runridefly: ~$ 3,300
4. @globalmerchantio: ~$ 250
5. @j3dy: ~$ 120 (500 HIVE automatically protected for 9 days)
2. @cryptoandcoffee: ~$ 8,400
3. @runridefly: ~$ 3,300
4. @globalmerchantio: ~$ 250
5. @j3dy: ~$ 120 (500 HIVE automatically protected for 9 days)
My security disclosures for Hive:
- XSS vulnerabilities in #########.com
- XSS vulnerabilities in hive-db.com
- Universal script to prevent phishing in all Hive frontends
- Commands for community reports and ban lists
Future development: ย plan
- XSS vulnerabilities in #########.com
- XSS vulnerabilities in hive-db.com
-
XSS vulnerabilities in scribe.hivekings.com
-
XSS vulnerabilities in hiveblockexplorer.com
-
Malicious ads redirecting all Steemit iOS users to a phishing site
-
Reverse tabnabbing and clickjacking in steem.chat and steeemit registration page
- Universal script to prevent phishing in all Hive frontends
- Commands for community reports and ban lists
Future development: ย plan
Keys-Defender features:
-
Keys protection
[live scan of transfers/posts/comments/other_ops.
Warnings (reply and memo), auto-transfers to savings until fully restored, auto-reset of keys, ..] {see automatic posts on leak and monthly reports}
[live scan of comments and posts to warn users against known phishing campaigns and compromised domains or accounts, scan of memos and auto-replies, anti phishing countermeasures - eg. fake credentials]
[mitigates the issue of re-posters]
[live scan of blocks for malicious code targeting dapps of the Hive ecosystem]
[counteracts spam from hive haters and milking campaigns]
To support this project..
https://images.hive.blog/DQmWmRN7k741DbkG5jL19Y5h1H5tqhpHLJUtGiTgPUy3C4y/image.png