Leak -- Compromised ACTIVE key successfully protected
āāā š ā ļø š ā ļø āāā
It's a new day and another user leaked one of their private keys into the Hive Blockchain.
They COMPROMISED their:
private ACTIVE key
HOW: in a TRANSFER operation
The compromised account owner has now been notified in multiple ways. The identity of the user will be disclosed only in the monthly report in order to give them time to address the issue.
Compromised account stats:
Reputation: 57
Followers: 20
Account creation: 5/2021
Last social action on chain: 2022/10/17
Estimated account value: $ 43.25
Top 5 private ACTIVE keys protected:
1. @nextgen622: ~$ 28,000
2. @cryptoandcoffee: ~$ 8,400
3. @runridefly: ~$ 3,300
4. @globalmerchantio: ~$ 250
5. @j3dy: ~$ 120 (500 HIVE automatically protected for 9 days)
2. @cryptoandcoffee: ~$ 8,400
3. @runridefly: ~$ 3,300
4. @globalmerchantio: ~$ 250
5. @j3dy: ~$ 120 (500 HIVE automatically protected for 9 days)
My security disclosures for Hive:
- XSS vulnerabilities in #########.com
- XSS vulnerabilities in hive-db.com
- XSS vulnerabilities in scribe.hivekings.com
- XSS vulnerabilities in hiveblockexplorer.com
- Malicious ads redirecting all Steemit iOS users to a phishing site
- Reverse tabnabbing and clickjacking in steem.chat and steeemit registration page
Other contributions:
- Universal script to prevent phishing in all Hive frontends
- Commands for community reports and ban/mute lists
Future development: Ā plan
Last (bi)monthly report: https://peakd.com/@keys-defender/monthly-report-june-july-august-2021-hive-13323
- XSS vulnerabilities in #########.com
- XSS vulnerabilities in hive-db.com
- XSS vulnerabilities in scribe.hivekings.com
- XSS vulnerabilities in hiveblockexplorer.com
- Malicious ads redirecting all Steemit iOS users to a phishing site
- Reverse tabnabbing and clickjacking in steem.chat and steeemit registration page
Other contributions:
- Universal script to prevent phishing in all Hive frontends
- Commands for community reports and ban/mute lists
Future development: Ā plan
Last (bi)monthly report: https://peakd.com/@keys-defender/monthly-report-june-july-august-2021-hive-13323
Keys-Defender features:
- Keys protection [live scan of transfers/posts/comments/other_ops.
Warnings (reply and memo), auto-transfers to savings until fully restored, auto-reset of keys, ..] {see automatic posts on leak and monthly reports}
- Phishing protection [live scan of comments and posts to warn users against known phishing campaigns and compromised domains or accounts, scan of memos and auto-replies, anti phishing countermeasures - eg. fake credentials]
- Re-posting detection [mitigates the issue of re-posters]
- Code injection detection [live scan of blocks for malicious code targeting dapps of the Hive ecosystem]
- Anti abuse efforts [counteracts spam from hive haters and milking campaigns]
- Phishing protection [live scan of comments and posts to warn users against known phishing campaigns and compromised domains or accounts, scan of memos and auto-replies, anti phishing countermeasures - eg. fake credentials]
- Re-posting detection [mitigates the issue of re-posters]
- Code injection detection [live scan of blocks for malicious code targeting dapps of the Hive ecosystem]
- Anti abuse efforts [counteracts spam from hive haters and milking campaigns]
To support this project..
- Curation trail:
Follow my curation trail on hive.vote to upvote all my posts with a fixed weight.
Ā
This project is sponsored by @cryptoshots.nft
First-Person-Shooter, play-to-earn, 3D game, for browsers. Ā Powered by Wax and Hive.
https://crypto-shots.com/discord Ā
https://twitter.com/cryptoshots_nft Ā
First-Person-Shooter, play-to-earn, 3D game, for browsers. Ā Powered by Wax and Hive.
https://crypto-shots.com/discord Ā
https://twitter.com/cryptoshots_nft Ā
0
0
0.000
Recovered ā
You keep putting spam on my post. I've said "OFF FURL". It has not stopped your automation. Please cease. Feel free to check the shortened link manually that you keep flagging. It is not harmful. It is descriptive.
You replied with that less than a day ago. Please leave some time for reviews. Whitelisted now.
Shortened links are not flagged (downvoted), only phishing is.
Thanks for the whitelisting. I first asked for the service to be turned off 24 days ago: https://peakd.com/hive-164166/@improv/re-keys-defender-antiunsafelinks-keys-defender-bot-1663875682735-20220927t025606022z
I appreciate what you're doing with the keys defender, but I think any automation that posts comments needs to target only bad actors or else it just becomes noise on the blockchain.
Missed the initial request, sorry about that.
Yes I understand that I should only target bad actor, but that's possible only with the help of the community.
The goal with (throttled) auto-replies to shortened links is that when there is a phishing campaign going on, some of the phisher spam comments will get my reply with the preview of the domain. That will increase the chances that someone will notice "hey, that link preview says h1vesigner.com.. better report it with the !phishing command".
Thank you for your report but I was not able to process it: LINK MISSING.
Expected format: "@keys-defender !command https://somelink.com"
Ok. I think there's something not working with your throttling, then, because I'd gotten it on 3/5 of the posts where I used a shortened link.
Will double check, from memory it's higher for comments since that's where the phishing spam usually occurs
Makes sense. These were all on posts, though.