Can someone beat @sami100 to the punch?
Hello kind-hearted Steem blockchain developers
As you may be aware, we have an evil piece of code on the lookout for keys added accidentally to memo fields.
Yesterday, @surfermarly became the latest victim of this script that will use a misplaced key (with enough authority) to transfer any STEEM or SBD in your wallet to @sami100.
While @surfermarly concedes this was a 'stupid mistake' on her part, these mistakes do, and will continue to happen.
Can we do something to help?
source
Before I start with the main crux of the blog, I just wanted to check if there was not a feature in place previously on steemit.com that would check for a possible key in a memo and immediately wipe the field. I'm sure that this was present a few months back? If so, can we have this feature again please @steemit?
Beat ya!
While we are waiting for the above to be added to all applications where transfers are possible, I was wondering if someone could write a piece of code to do what @sami100's script is doing, but with the intentions of beating this evil script owner to the mark?
So far, this account has transfered somewhere in the region of 600 SBD and 50 STEEM and has not responded to the polite requests for a return of these funds - it looks as if the account is unlikely to do so.
Unfortunately this crypto looks unrecoverable, but what if there was a good bot/script doing the same thing, with the goal to return the funds to their rightful owner?
Without knowing the complexities, I assume that this script would need to sit on a steemd node to be in with a chance of being faster than the existing evil code?
The return of funds may also need to be manual - once the account holder has reset their keys (hopefully the owner key wasn't used to make the transfer and present in the memo field), but apart from this, what else is required?
I'm aware that yesterdays publicity (and this post), may give a few people the idea to copy this idea, but hopefully the good will out and we have kind coders around who opt to do the same, and then choose to try to return the funds.
And you never know, a successful recovery might mean a reward from the original account holder, or may incite some rewards to be distributed from the pool when good deeds have taken place.
What do you think? Is this worth looking at, or am I just encouraging more evil?
Cheers
Asher @abh12345 / Witness @steemcommunity
Edit: I just read the whole post AFTER commenting like some sort of idiot LOL
Hopefully you have enough influence to actually get enough attention on this issue to get things done!!!
This is terrible!! What I used to do is transfer the funds to my account and send back a message with 0.001SBD saying that they should change their password and I'll return their funds once their password is changed.
However, this was simply too time consuming for someone like me who has a lot of things on their plate.
I suggest someone make a bot to scan through the exchange wallets, if anything like this happens just do what I did and automatically transfer the funds to the bot's account then automatically send the a 0.001SBD transaction with a memo saying "Please change your passwords! Once you have contact me on Steemit or Discord for your funds back!"
Perhaps add a 5 day lock-in to ensure it's the real user responding, and not someone else pretending to be the user.
:)
Yep, I agree with the process above. Hopefully someone can get the job done.
Why would I rather put a punch on @sami100 face, if you find him let me know! Ammm cool idea tho but I still think people need to be more careful when handling keys and stuff. Hey, maybe these dudes are behind the @sami100 acc... Major key alert:)
haha, send the boys down. Some people though, how do they come up with such evil ideas.
Deffo the first priority is to be super careful with keys, that crazy long set of characters is the most expensive thing I own, sheeeet :)
I dunno if you remember this case, it was just a few weeks after I joined Steemit. Maybe this dudes could really help, being smart and stuff :=)
https://steemit.com/steemit/@noisy/we-just-hacked-11-accounts-on-steemit-1158-sbd-and-8250-steem-is-under-our-control-but-we-are-good-guys-so
Yeah I remember that one now. Maybe he'll get a ginabot ping, and I see Taraz has mention Pharesim.
Could be done and dusted by the end of the day :)
Thanks for the link @kid4life! That is indeed very interesting.
Concerning "Why would I rather put a punch on sami100 face, if you find him let me know! "
Vigilante justice didn't worked out.
For example check the activities of the sami100 account at about 2 month ago, then if you would find "him", is it the original sami100, or the one that potentially hacked that original sami100 about 2 month ago that you would hurt.
And in case you've got the innocent one, what would that make of you?
Ammm... You went too deep :O
You can be a careful, smart person, and still make a mistake. Mistakes are just part of the human condition. Have you never lost something expensive because you had something on your mind and misplaced it? If not, I would like to know how you got your superpowers so I can get some of that.
I did lose stuff before, but not online. Here, you really need to be extra cautious. I guess the superpowers are just checking what the hack your doing at least twice hahha
It just drives me cuh-raaazy when people on Reddit (or whatever) get all like, "STOP TRADING CRYPTO YOU DESERVE TO BE POOR YOU IDIOT." It happens Every. Single. Time someone gets hacked and posts a warning about what happened or asks for assistance. I've gotten that one before when I asked a simple question about security measures--in that case I hadn't even been scammed or lost anything; I was actually asking for advice in preventing that. Ugh, crypto bro traders are the absolute worst. It's the cultural intersection of Reddit + 4chan + finance bros + tech bros. Not specifically accusing you or anyone in this thread about being aligned with that faction of the crypto world--in fact, the civility is the number one reason that I really appreciate having this place to discuss crypto--was just throwing in there that this could really happen to any of us no matter how careful we are. Though of course it wouldn't hurt to give people a run down about what the different keys do.
High five for bringing more attention to this! Mistakes happen. If someone leaves their leather wallet on a table in a restaurant we would not find if a thief grabs it, but a warning from the restaurant owner or anyone else would be appreciated, right? To precent thieving is a community responsibility, the more we can automate this the better.
Yeah, nice analogy. It seems we don't have the good people in the restaurant looking out for this at present.
Cheers.
I like it, a kind of whitehat Robin Hood...
I'm not to sure who this sami character operates, however as far as I'm aware his bot gains access to the keys, but then doesn't he have to manually steal the money?
I think how this could work is if the Robin Hood-bot saw the keys, and then changed the active key automatically, and then sent the owner a message or wallet transfer to contact for the new password.
Then maybe via email a verifying code could be given which the original owner would have to repeat in a wallet transfer back to the RH-bot, then the bot emails the new password.
I think this might work, and I remember seeing the script for the memo-key steal and thinking it didn't look that complicated.
I'm not sure this is within my capabilities and I'm busy as hell trying to write an Ethereum Dapp at the moment, but I hope someone takes you up on this, it's a great idea.
Everytime I paste my password somewhere on Steem by accident, I change it! I'm on my 4th one!! :-)
Cg
lol, 4th :)
Yeah the basic idea is there I think, changing the active/owner key could be part of the process, and then some kind of verification - email sounds like an option.
Cheers, let's see what comes of it...
That sounds like a challenge, I’m in!
Nice!
Are you running a full node? Could be a race against time and being 'closer' to the action might help?
You know more than me though, good luck! :D
You are just the best!!!
Thank you so much for spreading the word. The idea is absolutely brilliant - I've always been a huge fan of peaceful fights :-)
Smartness will beat him - yeah!
I'm curious to know if someone's gonna be able to code such a counter-bot.
Of course I resteemed this now :-)
:D
Well we've had a Dev who likes a challenge (and is a witness) comment here in the past hour, so you never know, it could be game on and bye bye Sami (you &^%$$!#)
Thank you!
I think it's a great idea, as long as it truly did good.I wish I knew how to build a bot. I'd make a good one right now. That REALLY sucks. It is NOT ok. This person should go to jail. @surfermarly I'm SO SO sorry this happened to you. If I didn't just get a phone stolen I'd transfer sbd to help.
Thanks, and me too.
Luckily for Marly she didn't do this with her house funds, and has made the crypto back in one blog calling this guy out.
Hopefully though, some measures can be put in place to try help when mistakes are made.
You're too cute! I'm all good - just very angry :-)) But thanks for your kindness.
Now we'll need to make sure that not many more people step into the same trap.
Excuse me if this is a dumb suggestion but surely the initial fix would be to stop him getting the stolen funds out of the steem blockchain? I guess @blocktrades handles all movements of funds in which case cant they put a block on the accounts ability to do transfers, either from someone elses account or from Steem to an exchange ? This would negate requiring a bot being written that was faster than his bot.
Perhaps that step is already in place yeah. But in that case the funds are just sitting in the account. I was thinking of trying to grab them before he does and return them.
One single mistake and there we have a bot stealing people's money.
I hope this gets fixed soon because the scammer account's has already 600sbd, and I bet the majority of those were stolen.
Yeah almost all were taken as soon as the mistake was made. What a heartless soul he is.
You're a good egg @abh12345 :) I love your idea a lot; instead of griping about bad things, you are proactive and find a solution. My kind of guy! And thank you for bringing attention to this...I hadn't heard about this guy before.
Aww thank you :)
Yeah might as well think about solutions - there are many problems to solve.
What a punk he is though, disgraceful.