Leak -- Compromised MEMO key successfully detected
βββ π β οΈ π β οΈ βββ
It's a new day and another user leaked one of their private keys into the Steem Blockchain.
They COMPROMISED their...
private MEMO key
private MEMO key
HOW: in a transfer operation
The compromised account owner has NOT been notified since it's a Steem-only account.
Compromised account stats:
-
Reputation: 55
-
Followers: 78
-
Account creation: 4/2021
-
Last action on chain: 2021/6/20
-
Estimated account value:
$ 84.31
Top 5 private ACTIVE keys protected:
1. @nextgen622: $ 28,000
2. @cryptoandcoffee: $ 8,400
3. @runridefly: $ 3,300
4. @globalmerchantio: $ 250
5. @j3dy: ~$ 120 (500 HIVE automatically protected for 9 days)
My security disclosures for Hive:
- XSS vulnerabilities in #########.com
- XSS vulnerabilities in hive-db.com
- XSS vulnerabilities in scribe.hivekings.com
- XSS vulnerabilities in hiveblockexplorer.com
- Malicious ads redirecting all Steemit iOS users to a phishing site
- Reverse tabnabbing and clickjacking in steem.chat and steeemit registration page
Other contributions:
- Universal script to prevent phishing in all Hive frontends
- Commands for community reports and ban lists
Future development: Β plan
Keys-Defender features:
- Phishing protection [live scan of comments and posts to warn users against known phishing campaigns and compromised domains or accounts, scan of memos and auto-replies, anti phishing countermeasures - eg. fake credentials]
- Re-posting detection [mitigates the issue of re-posters]
- Code injections detection [live scan of blocks for malicious code targeting dapps of the Hive ecosystem]
- Anti abuse efforts [counteracts spam from hive haters and milking campaigns]
