How I easily discovered more than $160,000 worth of private keys in one day on Steemit
Good morning everyone!
Recently, I stumbled upon a transaction that seemed very strange to me.
Then I realized that the beginning of this memo (P5) was the beginning of my Steemit password!
I asked a few steemiens to validate this fact, and it turns out that our passwords all start with P5 (unless you chose a custom password).
So I took a look at the @bittrex and @poloniex pages to see if there were a lot of people making this mistake. What was not my surprise...
I was able to find a dozen passwords, and an incredible number of private keys!
I even found a password accidentally distributed during an exchange between @bittrex and @blocktrades!
Imagine for a second that someone had noticed before @blocktrades that their private key was compromised! Let me remind you that today, this account has approximately $148,000 in cash!
While writing this article, I realized that @noisy and @lukmarcus are already interested in this subject and managed to gain access to several accounts (including @virtualgrowth, @dollarvigilante).
Even @jerrybanfield, a few times ago, wrote an article to warn as many people as possible to be careful when making transfers on Steemit.
These keys are not all valid, and most are "only" private keys of the memo.
These memo private keys are harmless, in the sense that you cannot lose your funds if this key is shared. However, it is possible that it can be used to encrypt/decrypt memos, so it still has an interest (and then anyway, I'm sure no one would like to have someone log into their account).
But it seems that despite the notification that appears when you are about to send a private key, many people still make this mistake.
I have already used Bittrex myself to receive money on my Steemit account, and I used my public memo key.
You'll tell me,"Well, at least it's not the private key."
Yes, but in fact, it's completely unnecessary to add any key.
On bittrex, simply enter your account name in the "Registered Acct" box, the memo is useless! (Except if you want to send yourself a funny message)
It's simple, and we'll never tell you enough: NEVER exchange your private keys, even at an exchange, it's not worth it!
If you think you have made this mistake, I strongly urge you to change your password.
To do this, go to your Wallet and click "Password".
Enter your current password in Current Password and click on Click to generate a new password.
Save your new password at the risk of losing access to your account!
Enter your new password in the Re-enter generated password box, then check the two boxes below before clicking Update password.
I hope to have informed you about the use of your private keys, and that Steemit users will pay a little more attention.
Thanks for the info! We need to be careful!
Oh good lord, that's just horrible. Glad to see such important information shared.
Upvoted and re-steemed... for the good of our community :U
Will exchanges like Bittrex and Poloniex help warn users against sending a private key in a memo because Steem users are accidentally sharing the posting, active, and even master passwords out in the open almost every day with transfers from exchanges with no ability to undo the mistake outside of changing the master password? We have been talking about this a lot already and I hope my post contributes alongside of those listed below! I took the time to share this today because when I originally read the posts below, I thought it was not that easy for the average user to find and exploit. I wrong! It turns out finding these keys and then using them is incredibly easy and in the comments readers are reporting Steem being stolen within minutes of leaking a key out in memos!
This is very saddening.
People should be security conscious in the virtual world.
A lot of publicity has been done and people have been showed how to secure their account on steemit, but I don't know why people keep giving out their keys.
Please don't put your keys in memos when making transactions
Please always use your posting key to login
Remember,
There's no patch for human stupidity