Steemit users need to be extra careful.
With Steem and steemit code being open source we have seen a number of sites bases on Steem and Steemit launching.
New ones are launching at regular intervals.
STEEM users are familiar with the model and are, somewhat understandably, eager to get in on the ground floor hoping for lightning to strike twice.
That, however is not necessarily the best choice.
Bad actors can just as easily set themselves up with a STEEM/steemit clone in a matter of days or weeks and get up to all kinds of antics.
For instance, not many users were around when the infamous steemit "Hack" happened.
Steemit nor the STEEM protocol was actually hacked but a hacker found a loophole to bypass some of the seemit.com site security features. This enabled the hacker to upload images with malicious JavaScript, which forwarded keys stored in the browser, to the hacker.
Long story short, over 200 accounts were compromised, in a matter of hours, simply by opening one of the posts that had one of these malicious images, in one of the comments, on that page.
As a result we now have the account recovery feature implemented on the STEEM blockchain.
Right now, we are currently witnessing the meltdown of one of the newest STEEM/steemit clones.
Already it appears that keys are compromised. So far these are just bearshares keys... but what is to stop a bad actor from creating a clone, luring steemit users over to it and then having malicious key stealing code embedded somewhere in the site that steals stored keys?
STEEM users should be very aware of what sites they visit on the same device that they log in to steemit with and should be using their posting keys in most instances.
Yes there are many bad individuals out there and we should just be careful especially for sites that wants us to put sensitive steemit keys @gavvet because we really do not know the people behind some steem sites or similar.
Just to be clear, smoke.io (your first chosen image), and whaleshares.io have nothing to do with the subject matter at hand.
I know you used them as a reference for "steem forks", but it is unfortunate you decided to use these examples in this public service announcement.
I completely agree with you @intelliguy regarding smoke and whaleshares, and these communities might not exist if steemit did not have so many injustices.
Maybe some of these clones can become succesful like the WoW private servers?
More competition = more action = more quality in the end?
But we should also be aware of bad actors here on steemit . industrial scale flagging done by some users in order to increase their own profits is major fraud that is happening as we speak . Steemit audit is well overdue
I hope my proposal of a forum-like landing page for Steemers with divisions as
will make it in the end. That way these abusers can no longer hide from the masses, as their names are there for everybody to see and more important, WHY these abusers are being reported.
Once such a feature is introduced, the spambot vermin will quickly crawl back into their dark crevices.
Malicious and abusive witnesses, would very quickly get thrown out of the Steemit-eco-system.
Very instructive and, also, the making of a best selling 'cyber thriller' in there somewhere, or what? thanks gavvet.
A lot of hackers are around and missing with people's hard efforts and money.
Few days ago my Account on C-cex ecchange was hacked and my LTC there was stolen, in the time I realised that it's better to sell those LTC and power it up on Stemit I found everything is gone.
And the exchange did not give back anything yet to me and still waiting hopefully I could get just some of it back.
This was the first time It happened to me, and was a very hard feeling honestly. However, I believe Steemit is more secured that lots of platforms around but always bad things could happen.
Luckily I decided not to use any of those shitty clones
Thanks for the information, when I heard about Weku and went to read their white paper on something, I could say it completely steemit clone, copy to copy system, almost everything the same, teams behind the project are Listed there as well... I was thinking many things could this be scam or what, have seen some Steemians powering down and invest on Waku because they believe in it, I don't condemn anyone opinion coz its a choice, been trying to create an account with Weku but it was not successful so I give up and focus on Steemit, this called for alarming with your warnings here I hope others could read too and be extra ordinary careful of new clone platform..
Thanks for share.
Re-steemed
Every user is responsible for his account in steemit
very good post
What's stopping someone from creating a clone instead of a spoof? I'd say that we should be worried about spoofs not clones.
Posted using Partiko Android
Great post, extremely useful and truthful 👊😊