You are viewing a single comment's thread from:

RE: UPVU's Exploit Technical Post-Mortem Report

in #upvu2 years ago

We do not believe that the cause of this hack was a design flaw in the Steem blockchain. We should always be careful about Hive's attacks, but we shouldn't create FUD by ourselves. Perhaps the biggest problem is that many tools and apps created by Hive's developers or witnesses are still available on Steem. We believe that Steemit Inc needs to focus on building Steem's infrastructure from zero base through DIP.

Sort:  

We believe that Steemit Inc needs to focus on building Steem's infrastructure from zero base through DIP.

That would be very desirable.

After hacking the @upvu account, the hacker changed the private key and recovery account,

I find it very disturbing that someone was able to "hack" your keys. The changes you mentioned require at least the private owner key. If these keys were not stored somewhere in your systems and were nevertheless grabbed, this means that the key could be determined from the system! And that is very worrying!
You absolutely have to clear this up so that all users are aware. We may also have to bring forward changes on the code side....

Nothing has been clearly identified yet, but as already mentioned, it is neither a code-wise problem nor a Steem blockchain design problem. It is presumed that security issues may occur in tools or apps that existed before the fork of Steem and Hive, and unfortunately, it seems impossible to determine the exact cause at this time.

I hope you can still determine the cause. It could be only such tools or apps in question, which you also use. Or would libraries like dsteem or steem-python also be critical here?

Damn. Crazy shit.

Coin Marketplace

STEEM 0.24
TRX 0.22
JST 0.037
BTC 98245.75
ETH 3430.51
USDT 1.00
SBD 3.35