Leak -- Compromised OWNER key successfully protected [ $ 232 ]
(Edited)
āāā š ā ļø š ā ļø āāā
It's a new day and another user leaked one of their private keys into the Hive Blockchain.
They COMPROMISED their:
private OWNER key
HOW: in a transfer operation
The compromised account owner has now been notified in multiple ways. The identity of the user will be disclosed only in the monthly report in order to give them time to address the issue.
Compromised account stats:
Reputation: 55
Followers: 409
Account creation: 9/2016
Last social action on chain: 2022/4/5
Estimated account value: $ 232.74
Top 5 private ACTIVE keys protected:
1. @nextgen622: ~$ 28,000
2. @cryptoandcoffee: ~$ 8,400
3. @runridefly: ~$ 3,300
4. @globalmerchantio: ~$ 250
5. @j3dy: ~$ 120 (500 HIVE automatically protected for 9 days)
2. @cryptoandcoffee: ~$ 8,400
3. @runridefly: ~$ 3,300
4. @globalmerchantio: ~$ 250
5. @j3dy: ~$ 120 (500 HIVE automatically protected for 9 days)
My security disclosures for Hive:
- XSS vulnerabilities in #########.com
- XSS vulnerabilities in hive-db.com
- XSS vulnerabilities in scribe.hivekings.com
- XSS vulnerabilities in hiveblockexplorer.com
- Malicious ads redirecting all Steemit iOS users to a phishing site
- Reverse tabnabbing and clickjacking in steem.chat and steeemit registration page
Other contributions:
- Universal script to prevent phishing in all Hive frontends
- Commands for community reports and ban/mute lists
Future development: Ā plan
Last (bi)monthly report: https://peakd.com/@keys-defender/monthly-report-june-july-august-2021-hive-13323
- XSS vulnerabilities in #########.com
- XSS vulnerabilities in hive-db.com
- XSS vulnerabilities in scribe.hivekings.com
- XSS vulnerabilities in hiveblockexplorer.com
- Malicious ads redirecting all Steemit iOS users to a phishing site
- Reverse tabnabbing and clickjacking in steem.chat and steeemit registration page
Other contributions:
- Universal script to prevent phishing in all Hive frontends
- Commands for community reports and ban/mute lists
Future development: Ā plan
Last (bi)monthly report: https://peakd.com/@keys-defender/monthly-report-june-july-august-2021-hive-13323
Keys-Defender features:
- Keys protection [live scan of transfers/posts/comments/other_ops.
Warnings (reply and memo), auto-transfers to savings until fully restored, auto-reset of keys, ..] {see automatic posts on leak and monthly reports}
- Phishing protection [live scan of comments and posts to warn users against known phishing campaigns and compromised domains or accounts, scan of memos and auto-replies, anti phishing countermeasures - eg. fake credentials]
- Re-posting detection [mitigates the issue of re-posters]
- Code injection detection [live scan of blocks for malicious code targeting dapps of the Hive ecosystem]
- Anti abuse efforts [counteracts spam from hive haters and milking campaigns]
- Phishing protection [live scan of comments and posts to warn users against known phishing campaigns and compromised domains or accounts, scan of memos and auto-replies, anti phishing countermeasures - eg. fake credentials]
- Re-posting detection [mitigates the issue of re-posters]
- Code injection detection [live scan of blocks for malicious code targeting dapps of the Hive ecosystem]
- Anti abuse efforts [counteracts spam from hive haters and milking campaigns]
To support this project..
- Curation trail:
Follow my curation trail on hive.vote to upvote all my posts with a fixed weight.
Ā
This project is sponsored by @cryptoshots.nft
First-Person-Shooter, play-to-earn, 3D game, for browsers. Ā Powered by Wax and Hive.
https://crypto-shots.com/discord Ā
https://twitter.com/cryptoshots_nft Ā
First-Person-Shooter, play-to-earn, 3D game, for browsers. Ā Powered by Wax and Hive.
https://crypto-shots.com/discord Ā
https://twitter.com/cryptoshots_nft Ā
0
0
0.000
Its a good thing, the account was recovered. I would like to hear the rest of the story so we can all learn not to make similar Mistake in the future.
Don't copy and paste your private keys, ever.
You never need you owner key except for changing all your keys, so it should not be stored in the same place as your posting and active key if you really want to keep copying them.
I suggest the keychain extension, no more copy & pasta.
Okay.. Thank you!
How do I use the keychain extension please?
Here you go:
Thank you!
This is a great service. I have seen some of your comments over my time on HIVE. This is the first time I'm reading one of your reports.
!PIZZA
Posted Using LeoFinance Beta
Thanks for passing by š
PIZZA Holders sent $PIZZA tips in this post's comments:
@vimukthi(2/5) tipped @keys-defender (x1)
Join us in Discord!