@r0nd0n Saves the Day - Again!

View this post on Hive: @r0nd0n Saves the Day - Again!

Comments 17

I couldn't have done it without @drakos and @ausbitbank. Stay safe out there, them streets are rough.

31.07.2019 18:43

What happened?

Posted using Partiko Android

31.07.2019 19:02


31.07.2019 19:40


Do you know how?

31.07.2019 19:43

Phished, I suspect.

31.07.2019 21:26

Curated for #informationwar (by @wakeupnd)

  • Our purpose is to encourage posts discussing Information War, Propaganda, Disinformation, and Liberty. We are a peaceful and non-violent movement that sees information as being held back by corrupt forces in the private sector and government. Our Mission.
  • Discord, website, youtube channel links here.

Ways you can help the @informationwar!

01.08.2019 00:27

Can you please elaborate on the hack? This account I was given has been upvoting posts that I never upvoted. Was not sure if I was hacked as well. I checked Steem Auto and the slate is clean there. No auto votes, or trails whatsoever.

At any rate if you don't mind explaining I would be interested in learning more about what happened. Thanks.

01.08.2019 08:51

Back in April someone accidentally posted their Owner key and their account was taken over. That account has somehow phished me, apparently by making a clone page of Steemconnect, and a page that appeared to be a post that directed me to sign in using my key.

Once they had my key, they got my liquid tokens, and there they sit. Because of @r0nd0n's help, I was able to stop the powerdown of my SP they initiated.

Note: I was not able to post, comment, or vote for a couple days, and thought it was just Steempeak acting up. Instead my keys had been changed, and had I acted quickly, I might have prevented the loss of all my liquid tokens.

Your account casting votes you did not indicates your account may be being accessed by another party.

You should change your keys immediately, so that the account cannot be used by anyone to do bad things. You don't want to be accusable of phishing or anything like that, I am sure.

01.08.2019 22:41

How can you change ur keys, while they did it already?
If they change keys, your keys are outdated and dont work on a key reset?

04.08.2019 10:17

The owner key is necessary to change keys. That was why the malicious actor was able to completely take over the account they used to take my tokens, but not mine. They only had my active key, and not my owner key, because Steempeak requires active key to login, and I do not use my owner key to login. I was able to change my keys and lock out the bad actor before the powerdown proceeded.

04.08.2019 17:35

@guiltyparties has reached out to me regarding the incident, and discovered how I enabled the attacker to change my keys. I attempted to post a link, and for some reason the copy action I tried to undertake did not work, and I didn't notice. I had just logged into Steempeak, and my active key remained in my clipboard then was pasted when I posted the link in the comment.

Since it was a link, it was not visible in the text of the comment and I did not notice it. The hacker runs a script that searches the blockchain for keys, and found mine in seconds.

Steem Keychain would have made that impossible, and I regret now that I was not using it.

02.08.2019 06:04

Only if Keychain is accepted, not if you have to copy ur key from Keychain to steemconnect, right?

04.08.2019 10:15

Unfortunately you are correct, and my browser doesn't work with Keychain, so I had to paste my key into steemconnect, which loaded it into the clipboard, from whence it was pasted for the entire world when I posted a link.

04.08.2019 17:50

:// how unlucky

04.08.2019 18:47

I don't think of it as luck. I think of it as bad opsec. In Alaska where I was raised, I learned that if it happens to you, it's your fault.

04.08.2019 20:54

hurtful truth, but as anarchist I can completely agree and have the same opinion.
people are not ready to be accountable; women are a special topic.

04.08.2019 21:31