As I said earlier, on July 29, 2021, a phishing attack took place on the Steemit platform.
An unknown hacker sent out comments in which he offered to receive 300 STEEM for simple actions.

Congratulations!

Message from exnihilo.witness
You Received 300 STEEM From exnihilo.witness
Anyone who vote me as witness will get 300 STEEM gift
Please claim your steem and vote for me for witness
i will randomly pick 100 users every week who voted me and send them 20% of my witness earnings.
Hope you enjoy your Steem and keep supporting me.

I also voted for @exnihilo.witness before and I know him as an honest and generous person. Someone just decided to use his good name and mislead inexperienced users.

Brief chronology

The newsletter was sent to the addresses of novice users and began at 08:35 on behalf of the user @sduttaskitchen.
The user did not know about the start of the attack and at that time he commented and responded to the comments of other users
(for example - 08:45 comment and @aasifwani- upvote, later the comment was deleted)

08:48 - 4 phishing comments and one user comment posted for @aasifwani in one minute.
This suggests that the hacker used a robotic program to carry out his attacks.
At the same time, at 08:47 the form of the comment was changed, but without changing its essence.
From the start of the hacker attack until 08:50, from 1 to 8 phishing comments per minute continued to flow.

After the end of a hacker attack (8:50) with the user's account was made a few comments, and conventional apvoutov
(@roopk97, @sumitkr27, @brahmaputra, @sampabiswas, @nainaztengra76), some of which are currently remote.

09:23 there was a change of user passwords (Block 55040404 / Transaction 55040404-0)
According to the user, she received a warning that her account was hacked, the user changed passwords and began to delete phishing comments that came on her behalf.

09:34 - Deletion or modification of comments posted on her behalf began.
11:29 the last fix is committed.
2021-06-29, 19:06 a user creates a regular post from her favorite series "Better Life With Steam | Diary Game | June 28 | People's behavior is judged by ability."

This is the chronology and content of the events that accompanied the phishing attack.

---

Support Program Participant Situation

When I received a message from @ ruta-rudens (?), A rookie support program member, I checked her page.
The page was working normally, but the owner himself could not get to it. All passwords were changed by the hacker.
SP was Download and all SBDs were stolen.

Ruta-rudens had the imprudence to follow the proposed link and, in addition, enter the owner's name and key, which was her fatal mistake.
From this user's wallet, I went to the hacker's (I think he has a lot of such wallets).
This hacker has been quietly robbing people for three years and for some reason the account has not yet been blocked.
Today the hacker transferred part of the money from the SP downgrade to another wallet

Ruta -rudens immediately contacted the support service, but apparently they could not or did not want to help her. In a week she will lose another part of her money and so far no one has helped her recover the keys.
A similar story happened with @lyon89's account, but I can't reach him.

---

The situation with the account from which occurred fishinogovaya newsletter

My next step was to check the account @sduttaskitchen from which these phishing comments came.
There were two working versions: the hacker hacked the user's account and made the mailing, or the hacker and the user are in cahoots.
I could neither deny nor approve any of the scenarios for the development of events.

Since the user in his post (a day later) reported that she was asleep during the hacker attack, and in fact I saw her comments, upvotes and answers, there was a need for some clarifications.
I published a post to warn naive newbies and mention a user to generate some reaction and get some questions answered.
In the end, I got an answer to the main question that bothered me.

The user mentioned that he was warned about the hacking, but such correspondence was not in the Stimit event stream.
The user received this warning via the Discord channel from the user @randulakoralage, who had just posted a post about a similar danger the danger 13 days ago.

Photo by Edwin Hooper from @randulakoralage post

---

The rest of the inconsistencies can be attributed to the user's concern for their reputation.
As a psychologist in the past, I understand this behavior and the attendant errors of deleting comments and delaying informing and warning other users of the platform about a phishing attack.
I understand that my post brought new inconveniences and anxiety to the user, who himself suffered,
and I sincerely apologize to him

I hope she understands the need for my actions.
In the end this post, which is the result of many hours of work clears its reputation.

Suggestions for improving the situation

Unfortunately, it is almost impossible to protect the platform from phishing attacks. After all, the victims themselves actually give their keys into the hands of the hacker when they follow external links and perform actions with their keys.
But the user on whose behalf the mailing was made did not give his keys to anyone.
Does this mean weak key posting protection?

Due to the current situation and the possibility of continuing phishing (and the continuation will surely follow), I have several suggestions to the platform developers.

-Create an intermediate page when following external links. This means that when a user clicks on an external link, he first receives a short (unfortunately no one reads large and long sentences) message warning of possible fraud and that it is not necessary to enter any keys on external sites, even if they are something similar to the Steemit platform.

Further, there will be a voluntary choice of the user and his full responsibility for what happens.
He was forewarned.

-After passing a phishing attack, block the accounts to which the stolen money was transferred.
Now these are at least wwefun and warrentto accounts.

-Developers need to create an algorithm for the prompt recovery of hacked accounts.
At present, more than a week has passed since the appeal, and there is no help for the victim. The robot on duty responds to the call and nothing happens.
This leads to the departure of newcomers and other victims from the platform and damages the reputation of Steemit.
Реальную помощь в разъяснении необходимых действий после взлома аккаунта нашему участнику программы оказала @cryptokannon, но сама она не может восстановить ключи. Нужна работа и помощь разработчиков

And I will repeat myself.

Remember, free cheese is only in a mousetrap.

Regards, @bambuka