Riveting. Thanks. So to clarify, one could stealth hack an account.
If a noob investor wanted help opening an account, the 'helper' could set up the account, noting the keys, wait for the dust to settle and the money to move in, then delegate most of that voting power to his own account, enjoying the large curation rewards, undetected.
The inexperienced investor wouldn't know he's losing out on curation rewards, and everything would look correct in his steemit account.
Trying to power down would ring alarm bells, but if he's holding long term that may be years away.
You are viewing a single comment's thread from:
Well if someone is creating an account for you, hopefully you would trust them to some extent..
It would be advised to change your keys as soon as you get the account. They would have 30 days after that to 'recover' the account and steal it back, but you would notice that. Assuming you changed the keys as soon as you took ownership of the account, then that is all they could do.
If you are assuming that someone has your keys, then there are quite a few things they could do at that point. If they did what you were describing though, you would probably notice, since every time you upvoted it would not add anything to the rewards.
True. Careful who you trust.
I'm just thinking with the current delays and the numerous options for jumping the queue.
A clever operator could offer to set up accounts for lots of people, fail to remind them to change passwords, and keep an eye on their balances, consistently delegating himself half their voting power.
I think I saw someone offering to register account names en masse for $15/each.
Caveat Emptor.
These scammers are just finding more and more ways right. Gotta be extra careful.
p.s this post deserves a resteem
Hopefully people don't fall for those types of scams. If they have, I think they probably have a lot bigger worries than someone delegating some of their SP.
Danke Mann
I realize this is quite old. However, after reading this 'thread' of thinking I wonder how many have come across this and see it as a "how to" instruction for some of the scammer types to get 'ideas'.
Trust is as much human nature as is distrust...depends on the human. The cryptosphere is based on trustlessness is it not? So I don't see how these sort of conversations can be kept from the blockchain...or hidden for the protection of the more vulnerable Steemians here.
Just my perspective from what I've read. Dotting I's and crossing Ts is far from an exact process. I came here by way of a link from a currently active post from a struggling artist, of which there are multitudes here at Steemit. I'm just pointing out this potential exploit-ability because I can.
I'm not much of a name/link dropper but I feel something is needed so those who doubt what I say can check backwards from here.
Protect your treasures here at Steemit, do not allow them to be exploited if you possibly can. If they find Steemit is also a den of vipers...well we can all lose our passions as quickly as we find them...can't we?
https://steemit.com/minnowsupport/@isaria/attention-fellow-struggling-artists-help-has-arrived-in-the-form-of-minnow-support-project-the-msp-creative-bot-and-the-steemit ...and yes...the link that brought me here is there. And the artist is certainly worth checking out, supporting and encouraging...with words...not just a lot of Steem.
~may all hatred cease...let there be peace~
I'm not sure what you are seeing as far as potential exploits / avenues of abuse.
FYI, just followed your instructions, and it worked beautifully. Appreciate it, Tim.
Glad to hear!
You don't need delegation to steal money if you have someone's Active key.