Leak -- Compromised MEMO key successfully protected

@keys-defender 69

almost 3 years ago

abuse

❗❗❗ 💀💀 ⚠️⚠️
It's a new day and another user leaked one of their private keys into the ~~Steem~~ Blockchain.

They COMPROMISED their...

private MEMO key

HOW: in a transfer operation

The compromised account owner has NOT been notified since it's a Steem-only account.

Compromised account stats:

Reputation: 48
Followers: 8
Account creation: May 2021
Last Post: 11 days ago
Estimated account value: $ 5.34

Top 5 private ACTIVE keys protected:

_{1. @nextgen622:}~$ 28,000 _{2. @cryptoandcoffee:}~$ 8,400 _{3. @runridefly:}~$ 3,300 _{4. @globalmerchantio: ~$ 250}
_{5. @j3dy: ~$ 120 (500 HIVE automatically protected for 9 days)}

_{My security disclosures for Hive:}
_{- _{XSS vulnerabilities in #########.com}}
_{- _{XSS vulnerabilities in hive-db.com}

- _{XSS vulnerabilities in scribe.hivekings.com}

- _{XSS vulnerabilities in hiveblockexplorer.com}

- _{Malicious ads redirecting all Steemit iOS users to a phishing site}

- _{Reverse tabnabbing and clickjacking in steem.chat and steeemit registration page}}

_{Other contributions:}
_{- _{Universal script to prevent phishing in all Hive frontends}}
_{- _{Commands for community reports and ban lists}} _{Future development: _plan}

Keys-Defender features:

- _{Keys protection_{[live scan of transfers/posts/comments/other_ops.
Warnings (reply and memo), auto-transfers to savings until fully restored, auto-reset of keys, ..] {see automatic posts on leak and monthly reports}}}
- _{Phishing protection
_{[live scan of comments and posts to warn users against known phishing campaigns and compromised domains or accounts, scan of memos and auto-replies, anti phishing countermeasures - eg. fake credentials]}}
- _{Re-posting detection
_{[mitigates the issue of re-posters]}}
- _{Code injections detection
_{[live scan of blocks for malicious code targeting dapps of the Hive ecosystem]}}
- _{Anti abuse efforts
_{[counteracts spam from hive haters and milking campaigns]}}

_{_{Discord chat}}

To support this project..

- _Delegations:
_{10, 50, 100, 200 HP,
500 HP, 1000 HP}

- _{Curation trail}
_{_{Follow my curation trail on hive.vote to upvote all my posts with a fixed weight.}}

abuse hacking stem tech neoxian palnet leo

0.000

7 comments

@ecency 76

almost 3 years ago

Your content has been voted as a part of Encouragement program. Keep up the good work!

Use Ecency daily to boost your growth on platform!

Support Ecency
Vote for Proposal
Delegate HP and earn more

0.000

@igormuba 71

almost 3 years ago

Hi, @keys-defender I am reaching to you because I am afraid I might have a security comprimise when using https://3speak.tv and you seem knowledgeable about Hive blockchain security.

The SSL certificate seems to be invalid, I have made a post about it to see if I can get some help, or even to know if it is just me:
https://hive.blog/hive-181335/@igormuba/issue-with-3speak-ssl-ceritificate-careful-with-phishing

I am waiting to use the platform when the issue is solved, but I am reaching out to you to see if you can help me understand what happened, if it is just me, or it is indeed a security compromise, or anything else or in between.

Thank you.

0.000

@keys-defender 69

almost 3 years ago

It was a temporary issue with their certificate, it likely expired. All good now.

0.000