RE: Looking into bid-bot/exchange look-alike accounts, finding a 460 account botnet
Recently, I saw the post on Golos.io (the Russian fork of Steem) about the consequences of one vulnerability, which allows you to register accounts directly to the blockchain, bypassing any checks of phone numbers or e-mail. https://golos.io/ru--golos/@investigator/s-golos-io-vsyo-v-proyadke - the article is in Russian.
In short: User with nickname worthless-man has spammed the network with millions of new registrations in just a few days. According to him, in such a creative way he is trying to show Golos developers the hidden bugs and vulnerabilities of the blockchain. From June 2018 (What a coincidence!) user with the same nickname is on Steemit.
And since the Golos is a fork of Steemit, it would be nice to make sure that we do not have the same vulnerability.
Oh, that's very interesting, thanks for the information! I tried the Golos signup a few weeks ago and it looked quite different from the Steemit one, but maybe under the hood there's still the same code? That could indeed explain things, but I guess without Steemit internal data or official statements this cannot be confirmed for Steem...