You are viewing a single comment's thread from:

RE: We just hacked 11 accounts on Steemit! ~$21 749 in STEEM and SBD is under our control. But we are good guys 😇 So...

in #steemit7 years ago

Technically you are right, but still I believe, that if so many users are making exactly the same mistake... something is wrong. Guys like @dollarvigilante (a guy who have the biggest number of followers on Steemit) exposed his private memo key, @virtualgrowth and my cousin - @lukmarcus accidentally exposed own passwords - those guys are experts about Steem and Steemit when you compare them to average Joe.

I believe, that we can do things a little bit better, thats why I provided a pull request with a fix :)

7 years ago in #steemit by
$4.54
  • Past Payouts $4.54
  • - Author $3.92
  • - Curators $0.62
36 votes
Reply 9
Sort:  
  • Trending
    • [-]
     7 years ago  

    I didn't... I haven't been hacked.

    $0.44
    • Past Payouts $0.44
    • - Author $0.33
    • - Curators $0.10
    2 votes
    Reply
    [-]
     7 years ago (edited) 

    there are 4 pair of keys: active, owner, posting and memo. Every pair has public key and private key. Under any circumstances, you should never expose any of your private keys.

    As I wrote in a post, right now exposing a private memo key is not very dangerous. But it was said few times, that in the future memo-keys will be used to encrypt and decrypt private messages. So basically every your conversation encrypted with your memo-key would be basically public for everyone who poses your private memo key.

    Also... even right now everyone with your private memo key could try do some kind of social-engineering atack, by pretending that attacker is you (because technically speaking only you should be able to sign messaged with your private key).

    So.. no, you account was not hacked right now, but with private memo key exposed, your account could be attacked in a moment when private-memo-keys would gain some new role in Steem ecosystem.

    [-]
     7 years ago  

    I see, ok thanks!

    [-]
     7 years ago  

    Jeff, take a break from walking your dogs and setup your avatar. Por favor.

    [-]
     7 years ago  

    ouch, you could've mentioned that in your live show yesterday !
    It took a whole day to get account access.
    Anyways cheers !

    $0.00
      Reply
      [-]
       7 years ago  

      Thanks so much for explaining the ramifications. I'll make sure to be extra vigilant when I do transfers. This is something I can see myself accidentally doing, and I'd rather avoid the headache.

      $0.00
        Reply
        [-]
         7 years ago  

        You did Steemit a massive favor Noisy! It won't be forgotten! :)

        $0.00
          Reply
          [-]
           7 years ago  

          Ale swietna robota! Ja tez raz prawie wkleilem w zle miejsce przy momencie mojej adhd nieuwagi. Dobrze ze nie ma mnie na liscie :-)

          $0.00
            1 vote
            • and 1 more
            Reply