You are viewing a single comment's thread from:

RE: Steemit powering down 30M Steem, and still hasn't figured out how to secure their keys

in LeoFinance4 months ago

lol. What auths do those private keys correspond to?

Sort:  

I wish I knew, but I'm not going down that legal rabbit hole to check.

No, no, keys are unrelated.
It's a common mistake for unsmart people.
The have some tokens on exchange and they want to transfer it to their "steemit wallet", so they put steemit as destination and their memo key (half of disaster if only memo). Why? Because they did similar thing while transferring to exchange account... they put name of the exchange in destination and in memo field they put some "weird code".

Well, I don't like being called unsmart but... when going through exchanges I would often have this kind of conversation with myself:

Ah time to transfer to an exchange, ah.. copy-pate the private active key for the transfer. copy paste the memo value from the exchange to the wallet for transfer. I hope I got that right...

Thank goodness for Hive Keychain, Hive Signer, and Metamask. Why isn't there one for Bitcoin?

And you are right in your inner conversation. Their error was to provide private key material to a third party (exchange) site.
For many, Hive will be their first contact with the cryptocurrency world, we have to do better when it comes to education on our way to mass adoption.

I agree that putting a memo-private key into a field definitely is a mistake and not an accident. It's a kind of mistake I had not heard of before this article.
Putting an active key into a memo field is probably an accident and a worse mistake.

As I recall there is some white-hat bot that scans the blockchain for private-active-keys to put them into a three-day lockup, and a black-hat bot that does the same in order to steal the funds.

When I posted the text of the memo keys in this discussion, @peakd warned against sharing your private keys. So good protection is possible at the interface level.

Good explanation. Seriously how dumb are these Yuchen Sun people?

So you are saying the @steemit account on Steem exposed its private memo key... haha?

No, it's users on Steemit, who tried to send their tokens to "steemit wallet".

PFUCK OFF !