STEEM chain scanning part 2 --> 79 leaked Private Keys found and turned in // A new defender

in #steemlast month (edited)

In this article that I published a few days ago I announced that I found and turned in 44 compromised private keys.

Today I finished scanning the STEEM Blockchain (the remaining 30 million blocks) and these are the results:

  • -
    1x PRIVATE ACTIVE KEY
    .
  • -
    55x PRIVATE POSTING KEYS
    .
  • -
    13x PRIVATE MEMO KEYS
    .

One of the private posting keys belongs to a user that leaked his key years ago and is still active. They have almost...

10 K Steem Power

!!

  • 9,695.373 STEEM POWER
  • 165.304 STEEM
  • $9.845 SBD
    Estimated Account Value: $1,933.81

Most of the other accounts are fully inactive and have nearly nothing but some instead have a few thousand SP, others more than 2 thousand followers, reputation up to 70, savings up to 600 STEEM, etc.

An interesting aspect of these findings is that the private active key that my blockchain scanner detected was compromised by his owner in an account_update operation (eg. updating the link to his website or his location on their Steemit profile). That is very uncommon as most of the accidental leaks occurred in transfer/comment/post operations.


Having my bot not limiting its private keys detection to the latter operations has proven itself as a good idea!   ; )




As I did the last time, I just sent all these private keys to @guiltyparties (IMO one of the most reputable Steemit Witnesses) and I am going to notify all these users through wallet transfers, telling them that they compromised their accounts and need to reset them asap using their master key or password.   PS. Done!



Some additional stats collected after my whole scanning activity:

  • Total private keys found and turned in: 123

  • Sum of all compromised accounts' Steem Power: 26,277.857
    - Excluding liquid STEEM and SBD
    - With today's (low) price of STEEM the sum of their 100% upvotes would be $ 0.21 / $ 30 a month (+ downvotes re-use on platform abusers?)

  • Sum of all compromised accounts' followers: 27,832

Note: accounts with compromised private Memo keys are excluded from the calculation of the total funds and followers.




UPDATE on my STEEM blockchain scanner that will keep scanning new operations published into the STEEM blockchain in order to prevent the leak of new keys: ((long phrase, take a breath! XD ))

...the bot is currently under development and looks very promising based on the average detection time and its stability.


One important additional feature that I am going to add (besides the ones mentioned in my previous post): the bot is going to monitor those compromised inactive accounts and if they ever start getting abused, I'm going to burn all their Resource Credits upvoting burn posts so that no one else will be able to use them.

I will start doing so only on detection of abuse of the dead accounts though. Otherwise if the rightful owner ever comes back to the platform, they likely won't be able to reset their keys or notify their return due to the lack of RC.

Note: Steempeak is set as 10% beneficiary of all my @gaottantacinque's posts. Some automation is in progress to set as 50% beneficiary also my bots @cribbio @gasaeightyfive and @marcocasario (their update V2.0 has been under development for a while now). For the time being I'll send manual wallet transfers instead.




Take care! =]

Sort:  

ayyyyyy, that's pretty impressive.
and commendable. Maybe one day you can show us the scanner in action?
I love overdosing on data

Once I'm done with the development I can post screenshots or a video. Or even some raw json extracts from the results. I will publish all the status updates on this blog.

I won't share the code for security reasons though. The risk is that black hats could try and race my bot.

The tech stack is currently the following: nodeJs, Docker, RabbitMQ, (Cloud services).

With every spam or phishing thing I hear about I think "But noone here would be so stupid or negligent!" - only to realize afterwards that yes, such things can happen to the most improbable people. Don't ask me why. Doing such things too late in the evening? Being distracted by Steemmonsters? It happens to the best of us ;)

Wow great job in finding those Keys. The accounts could call themself lucky that you are one of the good actors here on Steem. Otherwise they would have lost all their funds.

Posted using Partiko Android

Well, only the compromised active keys allows for transfers and luckily those accounts didn't have much in their wallet.

The risk comes from an attacker using the posting keys to mass upvote or downvote some users (eg. SDL).

My bot will will keep scanning new operations published into STEEM blockchain in order to save (almost) at runtime compromised keys (including owner keys). It will also keep an eye on those known compromised accounts in order to make them unusable if they get abused.

Thanks, take care.   =]

!giphy thanks :)




giphy is supported by witness untersatz!

You do very useful activity for the platform.

!DERANGED
!COFFEEA
!shop
$trdo
!BEER
for you

deranged You just received DERANGED @gaottantacinque Keep up the great work, view all your tokens at steem-engine.com

Sorry, out of BEER, please retry later...

Thanka for the informtion... Yiu are doing a good work for thw community...
Thanks
!trdo

!giphy superman




giphy is supported by witness untersatz!

你好鸭,gaottantacinque!

@eii给您叫了一份外卖!

@wongshiying 老王 迎着台风 开着巴士 给您送来
新年快乐!

吃饱了吗?跟我猜拳吧! 石头,剪刀,布~

如果您对我的服务满意,请不要吝啬您的点赞~
@onepagex