Steemit Hacker Bounty
Ever since Binance created a bounty on the phishing hackers, a very powerful message was sent to any wanna-be hackers to stay well away from Binance.
Steemit needs to have a bounty as well. It is surprising the numbers of people that fall for the phishing scam here on Steemit.
Image reference @binanceexchange https://steemit.com/cryptocurrency/@binanceexchange/binance-hacker-bounty
Here is how it works:
Hackers set up a phishing website that copies a Steemit page except the website will have a slight difference in the URL address. (Like steemil.com instead of steemit.com). When a Steemian lured there, it will look like a steemit page. Most times, the phishing website just copies a article or page from Steemit. Sometimes the lure is a comment to your blog. The comment may lists a link stating that someone copied your blog. The only page that copied your blog is the phishing website. Once you are lured there, the page loads and then you will get the pop-up that request you to load your master key. It looks legitimate, so you enter your information.
Once the hacker has your active or master key, they drain the account of any liquid Steem or SBD.
Using the hijacked account they start spamming newly created blogs with more phishing links to lure more Steemians to click the link. After that, eventually the phishing spam gets reported to Steemcleaners abuse reporting tool. https://steemcleaners.org/abuse-report/ The abuse team goes after the hijacked steemit account and flags everything driving the reputation to a negative number.
This is a really sad thing that happens to steemit accounts. The account owners lose the control of their account and loose all the hard work to build a reputation and money earned. Sometimes when I comment to warn people not to click the posted link to a phishing attack, I get flagged from others accounts that have been hijacked to keep my comment from being viewed. It is out of control.
How should we fix this?
- Steemians should know to NEVER provide their master key. NEVER NEVER NEVER! If you are logging in with your master key, you are doing this wrong. The only time to use the master key is to initialize the account to collect the other keys or to reset all the keys. Once you have set up your account, log off and log back in with your posting key. Keep that master key off-line and only use it in an emergency if your account gets compromised.
- Steemit administrators need to be able to freeze accounts that paste a link to a phishing site. There should be a master list of all known phishing links that is constantly updated. Any time a link is used in a comment or blog, then that account should be frozen immediately. that would lessen the spread of hacked accounts and help those folks that have been hacked to keep reputation from being flagged into the negative territory.
- Steemians should never follow an untrusted link on Steemit. Furthermore, Steemians should never log in after following a link. Close the browser and reload and verify the URL address before logging in.
- Steemit should add an option to utilize 2 factor authentication for certain operations. Like transferring money or adding a link to a post or comment.
- CREATE a BOUNTY to any Steemian who supplies information that leads to the legal arrest of the hackers involved in the Steemit phishing attacks. Steem is fat with money and I've seen multiple powerdowns of 5.5 Million Steem when the price was around $4 to $6. I think throwing a quarter million per attacker for a bounty will really drive the message. Also, Steemians can have an option to place a small portion of their holdings toward this goal to pay to bring the crooks to justice. The holdings can continue to be used like SP, but cash out whenever a crook is brought to justice.
- Information or leads about the phishing hackers should be made public to support any bounty hunter effort to bring the hackers to justice.
Such a v nice post sir you share with us steem community.... We need it a lot because few days ago it happend already with me... My ac was hacked, i Was automatically loggedout from my account, but fortunately i recover it with my email id and change master key...
Thanks thanks thnaks a lot for this info...
Sorry to hear that. I hope you didn’t lose much.
Yes sir, i didn't loose any thing... Because i m new to steemit... Doing hard work to learn from you seniors... Thanks a lot
"Regulators, Mount up..." Warren G.
Could not resist using a 90's hip hop reference.
errr.. +1... I agree... keep calm and steem on. If not for one of the regulator mods I would have almost stepped in one of those spam bots BS.
Haha good one. Regulators
Thanks @socky for this lucid explanation - a bounty would be a great idea. You're right - it makes me sick to my stomach to see that people would do that to steemians who've put such a lot of hard work in. If they have all those skills, why, oh why, is there not a better way for them to use them? Surely they could easily earn good money working towards something constructive? It's as if these people are deliberately out to mess up steemit.
If a bounty was in place with an active attack on hackers, it would send a message. It would really drive the message if the hackers were caught. It is too bad that some people would use the platform to steal and instead of earning.
Indeed - it's not the total solution but it would sure hit home .
I especially liked this part... i would also love to have a my ledger store my SP and STEEM, making it so it couldn't be changed unless i plugged in my ledger...
I don’t understand why 2 factor authentication is not an option here. It would be really useful if we had it.
We should get a petition going to add 2-factor authentication on steemit... and while we are at it, i think a petition platform based on STEEM would be a cool idea...
Thanks a lot @socky for share with us Steemians.
why the heackers doing it all, there are lots of other useful things they can do with such ingenuity.
Is what they do just for fun.. thanks for share!
You post with a great topic ... Your important post, I like it very much ... hopefully post this in the future ... thanks
To listen to the audio version of this article click on the play image.
Brought to you by @tts. If you find it useful please consider upvote this reply.
Very important information! Thank you for sharing. I will resteem soon!
Thanks for sharing this post... Thank you very much...