With Steem and steemit code being open source we have seen a number of sites bases on Steem and Steemit launching.
New ones are launching at regular intervals.
STEEM users are familiar with the model and are, somewhat understandably, eager to get in on the ground floor hoping for lightning to strike twice.
That, however is not necessarily the best choice.
Bad actors can just as easily set themselves up with a STEEM/steemit clone in a matter of days or weeks and get up to all kinds of antics.
For instance, not many users were around when the infamous steemit "Hack" happened.
Steemit nor the STEEM protocol was actually hacked but a hacker found a loophole to bypass some of the seemit.com site security features. This enabled the hacker to upload images with malicious JavaScript, which forwarded keys stored in the browser, to the hacker.
Long story short, over 200 accounts were compromised, in a matter of hours, simply by opening one of the posts that had one of these malicious images, in one of the comments, on that page.
As a result we now have the account recovery feature implemented on the STEEM blockchain.
Right now, we are currently witnessing the meltdown of one of the newest STEEM/steemit clones.
Already it appears that keys are compromised. So far these are just bearshares keys... but what is to stop a bad actor from creating a clone, luring steemit users over to it and then having malicious key stealing code embedded somewhere in the site that steals stored keys?
STEEM users should be very aware of what sites they visit on the same device that they log in to steemit with and should be using their posting keys in most instances.
Yes there are many bad individuals out there and we should just be careful especially for sites that wants us to put sensitive steemit keys @gavvet because we really do not know the people behind some steem sites or similar.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Just to be clear, smoke.io (your first chosen image), and whaleshares.io have nothing to do with the subject matter at hand.
I know you used them as a reference for "steem forks", but it is unfortunate you decided to use these examples in this public service announcement.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I completely agree with you @intelliguy regarding smoke and whaleshares, and these communities might not exist if steemit did not have so many injustices.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thanks for the heads-up. It's of utmost importance to always check the url before entering the private keys into any site.
And never use your password unless it's absolutely necessary. The password should be stored in a safe place offline.
If you're technical capable, you can also run a local version of Steemit (condenser) on your computer.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Maybe some of these clones can become succesful like the WoW private servers?
More competition = more action = more quality in the end?
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Very instructive and, also, the making of a best selling 'cyber thriller' in there somewhere, or what? thanks gavvet.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
A lot of hackers are around and missing with people's hard efforts and money.
Few days ago my Account on C-cex ecchange was hacked and my LTC there was stolen, in the time I realised that it's better to sell those LTC and power it up on Stemit I found everything is gone.
And the exchange did not give back anything yet to me and still waiting hopefully I could get just some of it back.
This was the first time It happened to me, and was a very hard feeling honestly. However, I believe Steemit is more secured that lots of platforms around but always bad things could happen.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Luckily I decided not to use any of those shitty clones
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Every user is responsible for his account in steemit
very good post
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Great post, extremely useful and truthful 👊😊
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
What's stopping someone from creating a clone instead of a spoof? I'd say that we should be worried about spoofs not clones.
Posted using Partiko Android
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I first heard about this clones some time ago. Spreding awernes is realy important. I'm glad people are talking about it
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
The biggest pain in the steem/steemit design, to me, is that we each should be dealing straight with the chain.
Our keys should never leave our computer.
In fact, the keys should only be exposed to a program that is wholly on the computer and guaranteed/guaranteeable. That programs should sign the interactions, and then send them to the blockchain.
But, we do not have the infrastructure on computers yet.
And it would make steemit seem really weird to use.
No one has properly designed an all encompassing network security yet.
... but we are working on it.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
You're basically trusting the website/app developer to not take your keys. It's technically possible for your to run your own local copy of the steemit frontend and then audit the code to ensure your private keys stay 100% local, but yeah, not such an easy thing to do. There are efforts afoot to make the weight of the frontend you'd need to run much lighter. It'll take some time.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
keychain is a good first step
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thats why im actually very glad that keychain appeared to save our asses in the future. ;)
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
desafortunadamente en el mundo hay muchas personas malas que busca del mal en beneficiarse acosta de los demas, debemos tener mucho cuidado
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
“Bear shares”..... 🤣
Posted using Partiko iOS
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
I was there for his arrival and demise on Steemit and steemit.chat. I made a post about it long ago:
https://steemit.com/steemit/@mobbs/the-biggest-failure-on-steemit-mr-bilal-haider
Even if he did nothing wrong in the bearshare world (highly unlkely), don't sign up to sites with this kind of character running it
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Im glad i missed that
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thank you for your information Sir.We wi be very careful about this.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Hmm...very helpful tips
We see new sites popping consistently maybe clone of Steem
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
It is very interesting what you say because sometimes we do not carefully review the publications we read and enter unreliable links that end up being for malicious purposes, thanks for this information!
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Thanks for the information, when I heard about Weku and went to read their white paper on something, I could say it completely steemit clone, copy to copy system, almost everything the same, teams behind the project are Listed there as well... I was thinking many things could this be scam or what, have seen some Steemians powering down and invest on Waku because they believe in it, I don't condemn anyone opinion coz its a choice, been trying to create an account with Weku but it was not successful so I give up and focus on Steemit, this called for alarming with your warnings here I hope others could read too and be extra ordinary careful of new clone platform..
Thanks for share.
Re-steemed
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Smoke is listed as a Steem-based Dapp on Dapp.com even though it is not part of the Steem blockchain @gavvet.
I think that should be removed from Dapp.com to avoid confusion since Smoke is basically getting free promotion at the expense of @steemit and potential users @therealwolf @ned @blockbrothers.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit
Outstanding post, gavvet(77); thanks for the heads-up and information. socky(67) posted a very good article 2 months ago for us new people about the care and use of the steemit keys...Hope this helps somebody.
Downvoting a post can decrease pending rewards and make it less visible. Common reasons:
Submit