Dao hackers still at large, hackers now targeting Steemit community?, could this be the same hackers? Steemit developers have some security issues to improve

in steemit •  8 years ago  (edited)

The hackers responsible for the Dao hack might have stole $85,000 worth of Steem.

Did the hackers responsible for Dao hack just hack Steemit now? Looks like a very possible scenario.

Steemit developers need to increase security features after cyber attack. Steemit’s security team was able to catch this attack quicker then Dao it seems.


Revamp security

This attack is an eye opening moment for Steemit developers who need to revamp security and make it more challenging to get into anyones account. It didn’t come across my mind until this attack that security is one of the many features that Steemit is lacking in comparison to Coinbase and Bittrex. This might be the same hackers responsible for the Dao hack.

I think Coinbase has about the best security out of all the sites I use almost daily and I hope Steemit developers really pay close attention and come up with the same model of security as Coinbase has. I love that every time I use Coinbase it has a 2-step verification, I have to enter a code that they text to my phone every single time that I log on, this is a second layer of protection that makes me feel more safe about doing business with Coinbase. I would love to see this second layer of protection come to Steemit so that every user has to authenticate who they are, especially if you are withdrawing money out of your account you want this added layer of protection so that someone can't get on and steal your money.

Also Coinbase and Bittrex use an identity verification system and require you to submit a valid drivers license or ID in order to use certain features and I hope this is also something that Steemit developers will consider implementing as well.


Could have been worse

It could have been a lot worse. This attack is nothing in comparison to the Dao hack that had more then $50,000,000 million worth of Ethereum stolen. At least this wasn’t a much bigger attack that could have devastated the entire community. At least this was only a compromise on accounts and not on the entire Steem code. We could have been D.O.A (dead on arrival) if this would have compromised the entire Steem code, and we would be talking about how we lost everything on Steemit right now and how it was such a heist.


Mt. Gox


Worse then the Dao attack this could have been Mt. Gox part 2 and we could have lost all Steem coin and be talking about this being a scam right now. If we were going to have an attack I am sure glad it was only this tiny fraction of the currency and not all coins being lost in the hack. Attacks are always bound to happen eventually, if there are large amounts of money involved then hackers will always find a way to cheat the system and steal our hard earned money that we worked hard for. Look at Target, Mt. Gox, The Dao, T.J. Maxx back in 2007. Where there is money, there is a way to steal that hard earned money.


Thief’s no longer need to rob a bank they can steal from the comfort of there computer at home

This is the new form of bank robbery folks. The thief’s no longer need to get a gun and go rob a bank. They can just sit at home and find weaknesses in corporate security systems and breach the firewall.


We can take steps to make our accounts more secure

As a community we all need to increase the security on our accounts.

  • We need to make our passwords longer make them 20 to 25 combo if we can, a combo of upper case, lower case, numbers, and symbols to increase our security.
  • Never save your password onto a computer.
  • Have a phyisical copy of your password written down in a safe place at home, do not put what website it is for on the paper or someone can steal that and get into it super easy.
  • Always log off on public computers.
  • And try to avoid public wifi anyone can steal data off your device if they know what they are doing.

How it went down

Here is how I believe the Steemit hack went down. Ethereum decided to hard fork just last week in a unanimous vote the hacker took to social media about a month ago posting on virtually every message board about how a soft fork and hard fork would hurt the reputation of the entire Ethereum currency and his argument is that a hardfork would make the currency crater and go down in value because it is a decentralized currency so he made it sound like a fork hard or soft would hurt the reputation of Ethereum as a whole and make it less viable as a currency. His argument was to force Ethereum to not do anything. They played their cards and it did not work out so they or whoever it is has decided to hack certain accounts on Steemit with a passcode generator to make up for their lost Ethereum that they are not going to get. I don't believe in coincidence's and it is sure no coincidence that exactly a week after the hard fork vote we have a another hack in a different currency. Also it makes sense that they took less money then the Ethereum hack because part of the reason Ethereum decided to hard fork is because it was such a large amount of money, so maybe they decided if they try for a small amount of money they can get away with the theft.


Lesson learned

I hope this will be a good lesson to the entire community to increase our security and not take it for granted. I hope Steemit developers will implement some good security features to secure all of our accounts. This is minimal damage. $85,000 is nothing compared to what it could have been, we could have been talking about Steemit being bankrupt right now.

#steemit #steem #money #security

sources: wikipedia, and https://daowiki.atlassian.net

All views expressed in this article are my opinion only this is not meant to harm the Steemit community or Dao community at all.

Authors get paid when people like you upvote their post.
If you enjoyed what you read here, create your account today and start earning FREE STEEM!
Sort Order:  
  ·  8 years ago (edited)

I'm sorry, but as important as proper account security is, throwing around accusations and wild guesses without any concrete evidence is really not a culture we should endorse. The five points you suggest towards the end of your post are good however, but whilst upper- and lowercase, numbers and symbols undeniably proves a lot harder to be socially engineered, the most important aspect of any strong password is its length.

  ·  8 years ago (edited)

For sure good points. I didn't want to say that they for sure did do it but raise the question that it might be the same hackers. Maybe they are mad about the Ethereum hard fork.

  ·  8 years ago (edited)

Could the DOA hacker be you? Oh Snap! It's hard to tell .....so lets not point fingers yet. The FBI will get them or he, her or you. 😁

For sure the digital world leaves traces everywhere so they might very well find them unless they are expert hackers and know how to cover there tracks. I am no hacker haha thanks for the compliment though, I had dreams of being a computer programmer a long time ago but it did not work out..........

Thanks for taking the time to reply back. Your dreams can now become a reality. With the funds you’ll make from here you can now invest in your future. Never stop learning. Cheers!

Do you think that the hacker hack Steem and then wrote this article?

No i was just goofing/joking around.. oh yeah whats that word..... oh yoh sarcastic. :)

Wow, very misleading headline and probably a good example of the kind of content creation that should be discouraged around here. You've provided no evidence or link that it is even remotely the same person as the DAO attack - it's pretty much a click-bait title.

There's some useful information in there but I think you've given an example of what I fear this place will become - Buzzfeed on steroids - no real quality content just sensationalism in order to pump up one's earnings.

It did say it is possible that it could have been the Dao hackers I didn't say it was for sure them that did it. Sorry if you thought it was misleading. I am still new to the Steemit community. I don't want anybody to be mad. I was just trying to get word out to Steemit developers that they need to revamp security and come up with some better measures to protect against future attacks. I am not a cyber criminal detective so the only way I could have concrete evidence is with digital signatures pointing to exactly who it was. It does raise a good question though it could have been the Dao hackers they still have not been caught from what I have heard so they are still out there maybe hacking away.

Sure it could be them, but it COULD BE ANYONE... but what you've done here is deliberately make an implication that it was the DAO hacker by posing it as a question. This is called Betteridge's Law of Headlines and it is a very sloppy and disingenuous journalism tactic:

https://en.wikipedia.org/wiki/Betteridge%27s_law_of_headlines

For example, I could write a headline as the following: "Could @acassity be the Steem hacker?"

Of course, I have absolutely zero evidence of this but you could be the hacker right? Hopefully this illustrates the point about this style of headline writing to be very misleading.

For all we know it could be the same hackers that hacked Target and stole millions of credit card numbers. Only cyber criminal investigators can know for sure and I hope this gets investigated properly and security measures put into place to stop future attacks.

I did update the title I don't want anyone to think this is misleading.

Ugh, I think you've made it even worse.

Sorry you feel that way. You are supposed to make your headlines stand out or else they get lost and no curration is rewarded for your work. Read the white paper https://steemit.com/steem/@liondani/steem-whitepaper-download what you are doing is the crab bucket mentality it describes in the white paper. You are saying just because I make a good headline that I should not be rewarded for my work? I saw you marked my post as spam. It says specifically in the white paper not to have the crab bucket mentality. I still worked hard on this post so if you don't like it there is nothing I can do. Sorry for not making up to your standards. All this came from my mouth and work go mark someone else's post as spam someone who actually cheated the system and is using plagiarism material.

I think this is one of the fundamental problems of this platform, it incentives people to create sensational headlines at the expense of integrity and objective writing.

You are saying just because I make a good headline that I should not be rewarded for my work?

No, he's saying not only is the headline not good, but potentially harmfully, so is the post.

Steemit just announced today that they will be implementing some security features that I went over in the article.

All right, the problem exists - join discuss about the necessity of adding 2FA to STEEMIT
https://steemit.com/security/@on0tole/on-the-need-add-2fa-to-steemit

Two factor authentication is a reasonable solution to this problem. Also, forcing proper security on passwords by requiring uppercase, lowercase, numeric and symbol characters, combined with a reasonable minimal length, is a very good idea.

Yep I hope this word gets to developers and they implement some good security measures.

I think it was a big problem for Steem and I hope it does not happen again. In my opinion, one of the way to solve this problem is two factor authentication.

Not sure if I would say it is the same hacker/attacker. One thing I do know is that as some of these projects start to shine there will be people/organizations that would rather have them not succeed. The DAO was an interesting and extremely innovative concept and Steemit is no longer a concept, it is real!

"All views expressed in this article are my opinion only this is not meant to harm the Steemit community or Dao community at all."