The @keys-defender bot is LIVE in Beta mode πŸŽ‰πŸΎπŸ₯‚ πŸŽ€βœ‚οΈ

avatar
(Edited)
source

Ladies and gentlemen and honourable members of Steemit, it gives me great pleasure to introduce you tonight a new defender of this platform. Please give a round of applause to.. @keys-defender ❗ Β  Β  Β  Β 

πŸ€– πŸ€– πŸ€–

source


DEVELOPMENT UPDATE

Tonight I finished developing and testing the features that were in the works during my last development update post:

  • Recover Account when an Owner key is leaked;
  • Transfer funds to Savings when an Active key is leaked;
  • Publish a post on @keys-defender's blog when a Master or Active key is detected;
  • Automatically reply to the comment/post in which a compromised private key is detected (1x day per user to prevent abuse);
  • Send a wallet transfer when any compromised private key is detected (1x day per user to prevent malicious users from intentionally burning the scanner bot RC)

THE THREAT IS REAL

As disclosed in my previous posts, there are tons of compromised accounts credentials still stored in the blockchain.
( In case you missed it, scanning the whole STEEM blockchain I found 123 compromised keys ).

On top of that, there are malicious users (black hats) running bots to STEAL accounts and their funds. These bots are actively scanning new blocks published into the blockchain and will compromise your account within seconds from accidentally leaking a private key.

Testing my bot with real accounts made me realize that the threat is very REAL.

As I verified myself (losing a test account) if you publish an owner key, within seconds all your private keys get changed and all the funds transferred to the account of the attacker.

If you instead publish an active key, besides putting your funds at risk, your posting key will stop working after a few seconds. The only way out is to restore all your keys using your master password or master key.

Proof:
@abellame (hacked account now used to steal accounts) stole my test account @b0ts-testing: https://steemd.com/@abellame

There could be a solution for this but it will require tons of RC. I may get to it one day:
it looks like that account would run out of RC after only 7 transfers. I could get it to burn its RC intentionally leaking an active key from the same account every day so that when a real user compromises their key the malicious bot won't have enough RC to operate.

I will add this feature to my features backlog and will get to it when I have enough RC (I have a STEEM purchase in the order book but I may need more - delegations are welcome, by the way 😊).

BETA TESTING

My testing so far went great.
This is the post that I used for debugging and end to end testing: https://steemit.com/test/@b0ts-testing/tomated-posts-test-2-1580640786922

As you can see @keys-defender (after some bug fixes) replied correctly to all types of leaked keys.
And it also published a post for each active and owner compromised key.

Please help me test the bot using a test account.


Feel free to leave a private key in the comments of that debugging post or this one as well.

I do not guarantee a 100% success rate but the risk is low as a dummy test account costs only 3 STEEM ($ 0.5).

PLEASE do not post the owner key of an account with funds in it!! I do not assume responsibility in case my bot has a bug and does not recover your keys in time.
Also, if you want to test intentionally compromising an active key, make sure that most of your funds are in the savings or transferred to another account.
Same as above though, I do not assume responsibility in case something goes wrong during the test.

So, again, please only use test accounts.

If you want to create one here you can find my guide on how to create an alt account in seconds.

NOTE: the bot is slightly slower than expected because is running in debug mode (eg. verbose logs enabled).

If you intentionally compromised a private owner key please reach out to me on discord to get the new keys: gabe#5784

During normal operations instead, real accounts with funds found during the LIVE scanning will be given to @guiltyparties and proof of identity will be requested.

EXPECTED RESULTS:

These are the expected results when a private key is published in any type of operation into the STEEM blockchain:

  • Owner key: keys change, reply, memo warning, post
  • Active key: transfer to savings, reply, memo warning, post
  • Posting key: reply, memo warning
  • Memo key: reply, memo warning

I haven't tested these but they should work correctly as well (as proven in the past):

  • leaking keys in wallet transfers
  • leaking keys in other uncommon operations (eg. account update)

PLEASE LET ME KNOW IF YOU FIND ANY BUGS! Much appreaciated. Β  =]

WHAT'S NEXT:

According to my backlog :
[] Monitor leaked dead accounts and burn their RC if abused - checked though daily scheduler
[] Auto-publish weekly report with live scanning stats

After these, before moving on to the other items on the backlog, I will spend some time working on minor bug fixes, stability, refactoring, testing, etc.

Previous related articles:

  1. @keys-defender birth
  2. Results of STEEM blockchain full scan
  3. Development plan and ideas

And now finally some sleep!! =']

Take care!

blockchain steemit stem neoxian palnet hacking abuse
0
0
0.000
25 comments
avatar

According to the Bible, Why does the Bible prohibit eating hares? (Part 1 of 5)

(Sorry for sending this comment. We are not looking for our self profit, our intentions is to preach the words of God in any means possible.)



Comment what you understand of our Youtube Video to receive our full votes. We have 30,000 #SteemPower. It's our little way to Thank you, our beloved friend.
Check our Discord Chat
Join our Official Community: https://beta.steemit.com/trending/hive-182074

0
0
0.000
Reply
avatar

Cool stuff. People will get confused by Steem keys and paste them into the wrong fields. This is part of why Keychain is so useful. I hope you can help some people recover their accounts and protect their funds.

0
0
0.000
Reply
avatar

Yep, see an example in the comment above πŸ™ˆ

0
0
0.000
Reply
avatar

Great work!

!DERANGED
!COFFEEA
!shop
$trdo
!BEER

0
0
0.000
Reply
avatar

You just received DERANGED @gaottantacinque Keep up the great work. Congrats, you have been gifted 1 DerangedCoin. You can redeem 20 of them for an upvote from the deranged.coin account. Redeem your tokens by sending to deranged.coin through Steem Engine with your post URL in the memo field, view all your tokens at steem-engine.com

0
0
0.000
Reply
avatar

!BEER
Thank you for doing this.

0
0
0.000
Reply
avatar

Sorry, you don't have enough staked BEER in your account. You need 6 BEER in your virtual fridge to give some of your BEER to others. To view or trade BEER go to steem-engine.com

0
0
0.000
Reply
avatar
(Edited)

It looks like we got a new hit on a leaked active key and this may not have been for testing as the account has 700 SP.

The reply and transfer worked but somehow the post creation failed so I’ll do that manually tonight and investigate the logs.

0
0
0.000
Reply
avatar

UPDATE:

It looks like my code did not create the post announcing the leak only because it ran out of RC.

I now powerd up a bit more.

This bot can save thousand of dollars from user mistakes and the reputation of Steemit is on the plate since the threat is very real as black hats bots are always running.

A safer platform is a good investment for every steemian.

Please feel free to support @keys-defender delegating any amount here.
Β  Thx

0
0
0.000
Reply
avatar

Thanks key defender bot for recovering my account. Very helpful service.

0
0
0.000
Reply
avatar

No problem, take care! =]

@lifeskills-tv Can I ask you which app you use?
(Steemit warns you before you even try to post something that looks like a private key but other apps dont)

0
0
0.000
Reply