@supercomputing gxt-1080-sc Steem mining exploit - Why this is a white hat mining hack, and a suggested update to catch a black hat hacker if they try to pull the same trick

As many have noticed and pointed out, the mining queue is once again being dominated by @supercomputing. This time, he/she is using several accounts beginning with "gxt-1080-sc".

There have been several debates about whether this person is 'good' or 'bad'. The main argument that is given that they are 'bad' is that if they were 'good', they would have reported it instead of exploiting it. While there is truth to that, I do not feel that to be the case.

Why?

Because if they wanted to, they could have gone under the radar by using non-similar account names. Everyone was able to quickly/easily spot this by looking at the witness queue. It would not have been difficult for them to generate a list of 1,000 random unique account names, and just pull from that. Instead, they chose to follow a consistent pattern and use "gxt-1080-sc" in all their names - making it easily noticeable.

I had reservations about posting this, because I didn't want to give them any ideas they hadn't thought of yet - but I am 99% certain that someone who was able to figure this out - would not have overlooked something like this. They must have done it intentionally.

If @supercomputing had not chosen to use an easily noticeable pattern in their account names, would we have spotted this?

One thing that was pointed out about both of these instances, was that the user was changing their signing key. At first I was thinking that we could prevent this by rejecting the PoW if the submitting account changed their active key, but @arhag pointed out in How @supercomputing was able to dominate the mining queue and how the bug was fixed, that we can not do this - because new users creating their accounts through mining must specify their keys at the same time their PoW is submitted.

If we cannot completely block accounts that changed their active key, we should at least make it easily noticeable. In the steemd witness queue, accounts that recently changed their passwords should be highlighted red. While it will be normal and expected to see a few of these in there - as miners start up their new accounts and find PoW, we should not expect there to be many red accounts in the witness queue at any one time. If we all of a sudden see a flood of red accounts (even with non-unique account names) we should all be able to easily spot the exploit being played out.

[Edit] @letc pointed out in the comments that @supercomputing is no longer changing their active key, and the active key has not been used in POW calculation after HF13. This unfortunately makes the recommendation I have about highlighting accounts red if they change their key invalid. The first part about the article though regarding @supercomputing being 'good' vs. 'bad' is still relevant / true in my opinion though. Thanks @letc for pointing this out / correcting this!