Author Topic: STEEM hack discussion  (Read 11268 times)

0 Members and 1 Guest are viewing this topic.

Offline xeroc

  • Board Moderator
  • Hero Member
  • *****
  • Posts: 12922
  • ChainSquad GmbH
    • View Profile
    • ChainSquad GmbH
  • BitShares: xeroc
  • GitHub: xeroc
Pretty sure this is just due to the fluctuations in the 7 day average value of STEEM. When price is down a bit, you'll see the rewards slowly decrease, also.
Exactly .. If the market cap of Steem goes down, it simply can't effort to pay a high payout .. If market cap goes up .. it can ..
This mechanism helps to make an insolvency unlikely ... otherwise you would pay out SteemDollars that you couldn't back by actual value ..

Offline nomoreheroes7

  • Hero Member
  • *****
  • Posts: 756
  • King of all the land
    • View Profile
  • BitShares: nomoreheroes7
Why is it that when I refresh a post that has the same votes, the value of the rewards keeps increasing? Assume there's a post that has $1000 in rewards and 100 upvotes. Then I refresh, it still has the same 100 upvotes but then the rewards are $1001, then I do the same and it's $1002. Is it normal?

Pretty sure this is just due to the fluctuations in the 7 day average value of STEEM. When price is down a bit, you'll see the rewards slowly decrease, also.

Offline Akado

  • Hero Member
  • *****
  • Posts: 2752
    • View Profile
  • BitShares: akado
Why is it that when I refresh a post that has the same votes, the value of the rewards keeps increasing? Assume there's a post that has $1000 in rewards and 100 upvotes. Then I refresh, it still has the same 100 upvotes but then the rewards are $1001, then I do the same and it's $1002. Is it normal?
https://metaexchange.info | Bitcoin<->Altcoin exchange | Instant | Safe | Low spreads

Offline Frodo

  • Sr. Member
  • ****
  • Posts: 351
    • View Profile
  • BitShares: frodo
Everything worked out for me. Huge thanks to the Steemit support team. Great way to handle a situation like this.

Offline BobDownlove

  • Newbie
  • *
  • Posts: 3
    • View Profile
Yes I tried this first thing this morning  and last step of recovery failed. I am in contact now and we're working on it. I surely don't envy these support guys, imagine their workload this week

Offline Frodo

  • Sr. Member
  • ****
  • Posts: 351
    • View Profile
  • BitShares: frodo
Yeah that only works if your recovery agent isn't steem, in which case,  mine is. Good link tho I got real excited when I first saw it...

Sent from my SM-G920I using Tapatalk

I'm in the same boat right now, but I'm optimistic that steem support will eventually get to us. They probably have A LOT of requests to handle currently.

EDIT: There is also a new update: https://steemit.com/steemit/@steemit3/third-update-to-july-14th-security-announcement-account-recovery-begins
« Last Edit: July 20, 2016, 08:51:29 am by Frodo »

Offline BobDownlove

  • Newbie
  • *
  • Posts: 3
    • View Profile
Yeah that only works if your recovery agent isn't steem, in which case,  mine is. Good link tho I got real excited when I first saw it...

Sent from my SM-G920I using Tapatalk



Offline BobDownlove

  • Newbie
  • *
  • Posts: 3
    • View Profile
So where do we go if our account was compromised and we've had our funds taken and been locked out? Loving the whole "enjoy the darkness" method of support this has...

Sent from my SM-G920I using Tapatalk

Offline pc

  • Hero Member
  • *****
  • Posts: 1530
    • View Profile
    • Bitcoin - Perspektive oder Risiko?
  • BitShares: cyrano
Great, thanks!
Bitcoin - Perspektive oder Risiko? ISBN 978-3-8442-6568-2 http://bitcoin.quisquis.de

Offline svk

would be good to get some information about our web wallets. Sop @svk how is the situation is bitshares save?

The openledger web wallet is less vulnerable, because BitShares doesn't have to display lots of user generated content.

The principal risk remains, however. If someone manages to sneak some JavaScript code into the site, then your keys will be compromised.

Hm, now that I think about it - the memo is user generated... @svk please confirm that the memo field is properly escaped.

There's no escaping being done but it's just rendered as a simple string of text, not interpreted as html in any way. That's why I don't parse links either in memos or in the trollbox, so if you're gonna click a malicious link at least you have to copy paste it yourself..
Worker: dev.bitsharesblocks

Offline BunkerChainLabs-DataSecurityNode

Here's my take on the hack, and possible solutions for the future:

https://steemit.com/steem/@karnal/hackmoar-hindering-attackers-coming-and-kidnapping-my-outrageously-armored-resources

So, is it possible that our bitshares private keys are shipped away by XSS program?

It's not likely because  OL hosted wallet is not designed for user input the same way Steemit is. Though I would imagine after seeing this @svk is checking to make sure the same thing can't happen.
+-+-+-+-+-+-+-+-+-+-+
www.Peerplays.com | Decentralized Gaming Built with Graphene - Now with BookiePro and Sweeps!
+-+-+-+-+-+-+-+-+-+-+

Offline yvv

  • Hero Member
  • *****
  • Posts: 1186
    • View Profile
Here's my take on the hack, and possible solutions for the future:

https://steemit.com/steem/@karnal/hackmoar-hindering-attackers-coming-and-kidnapping-my-outrageously-armored-resources

So, is it possible that our bitshares private keys are shipped away by XSS program?

Offline abit

  • Committee member
  • Hero Member
  • *
  • Posts: 4664
    • View Profile
    • Abit's Hive Blog
  • BitShares: abit
  • GitHub: abitmore
Also, does someone know the EXACT nature of the attack?

Preferably with code to study?

I was out a day, could not find anything anywhere .. very likely I missed it.
Please check posting history of account "goodgame" on Steem.

You can find it on Github. The actual compromised users seem to be 150 not 260.
Lately the team decided to not include some "small" accounts into the list.

My account is not on the list of hacked accounts but it is and is blocked. I didn't received answer from the team, even not automatic reply.
You can contact @fav
BitShares committee member: abit
BitShares witness: in.abit

Offline karnal

  • Hero Member
  • *****
  • Posts: 1068
    • View Profile
Here's my take on the hack, and possible solutions for the future:

https://steemit.com/steem/@karnal/hackmoar-hindering-attackers-coming-and-kidnapping-my-outrageously-armored-resources