How I easily discovered more than $160,000 worth of private keys in one day on Steemit

in #steemit7 years ago (edited)


Good morning everyone!

Recently, I stumbled upon a transaction that seemed very strange to me.

Then I realized that the beginning of this memo (P5) was the beginning of my Steemit password!
I asked a few steemiens to validate this fact, and it turns out that our passwords all start with P5 (unless you chose a custom password).

So I took a look at the @bittrex and @poloniex pages to see if there were a lot of people making this mistake. What was not my surprise...

I was able to find a dozen passwords, and an incredible number of private keys!

I even found a password accidentally distributed during an exchange between @bittrex and @blocktrades!

Imagine for a second that someone had noticed before @blocktrades that their private key was compromised! Let me remind you that today, this account has approximately $148,000 in cash!

While writing this article, I realized that @noisy and @lukmarcus are already interested in this subject and managed to gain access to several accounts (including @virtualgrowth, @dollarvigilante).

Even @jerrybanfield, a few times ago, wrote an article to warn as many people as possible to be careful when making transfers on Steemit.

These keys are not all valid, and most are "only" private keys of the memo.

These memo private keys are harmless, in the sense that you cannot lose your funds if this key is shared. However, it is possible that it can be used to encrypt/decrypt memos, so it still has an interest (and then anyway, I'm sure no one would like to have someone log into their account).

But it seems that despite the notification that appears when you are about to send a private key, many people still make this mistake.

I have already used Bittrex myself to receive money on my Steemit account, and I used my public memo key.

You'll tell me,"Well, at least it's not the private key."

Yes, but in fact, it's completely unnecessary to add any key.

On bittrex, simply enter your account name in the "Registered Acct" box, the memo is useless! (Except if you want to send yourself a funny message)

It's simple, and we'll never tell you enough: NEVER exchange your private keys, even at an exchange, it's not worth it!

If you think you have made this mistake, I strongly urge you to change your password.

To do this, go to your Wallet and click "Password".

Enter your current password in Current Password and click on Click to generate a new password.

Save your new password at the risk of losing access to your account!

Enter your new password in the Re-enter generated password box, then check the two boxes below before clicking Update password.

I hope to have informed you about the use of your private keys, and that Steemit users will pay a little more attention.

If you are comfortable with French, I invite you to read my previous publications. If not, subscribe now and don't miss my future posts in English! ;)

Other articles you might be interested in

Who are you really? Episode #1: Attitudes

A fun video game to fight effectively Alzheimer's

Sort:  

Thanks for the info! We need to be careful!

This wasn't one of our keys, it's some key by a customer of bittrex that sent funds to us: "Imagine for a second that someone had noticed before @blocktrades that their private key was compromised! Let me remind you that today, this account has approximately $148,000 in cash!"

Well, fortunately! I got scared thinking it was yours!
Anyway, I hope that this publication will allow people to make less mistakes!

Thank you for your comment !

Hello from getonthebus

While checking my wallet I saw a transfer of 81 steem to blocktrades that i did not initiate- can you kindly send back my steem?

omg, this is really good that you reacted fast.. I hope you also want to checkout my daughters creation for steemfest..
https://steemit.com/steemfest/@rival/art-for-steemfest-2-my-daughter-made-a-wonderful-contribution-please-check-this-out

Hi,I want to point out that you voted for witness.svk. He is not active for a long time. I think you could reuse this vote.. I hope for me.. You can make dreams come true. I would be so happy. Thank you so much

Oh good lord, that's just horrible. Glad to see such important information shared.

Upvoted and re-steemed... for the good of our community :U

Will exchanges like Bittrex and Poloniex help warn users against sending a private key in a memo because Steem users are accidentally sharing the posting, active, and even master passwords out in the open almost every day with transfers from exchanges with no ability to undo the mistake outside of changing the master password? We have been talking about this a lot already and I hope my post contributes alongside of those listed below! I took the time to share this today because when I originally read the posts below, I thought it was not that easy for the average user to find and exploit. I wrong! It turns out finding these keys and then using them is incredibly easy and in the comments readers are reporting Steem being stolen within minutes of leaking a key out in memos!

This is very saddening.
People should be security conscious in the virtual world.
A lot of publicity has been done and people have been showed how to secure their account on steemit, but I don't know why people keep giving out their keys.

Please don't put your keys in memos when making transactions

Please always use your posting key to login

Remember,
There's no patch for human stupidity