Analysis of @hivesurvey surveys
VERDICT: at the moment it does not seem to be a security threat for Hive users.
If you saw this post that warned you against this Survey before I had a chance to edit it after about 10 minutes, my apologies. I am feeling a bit after the weather today so I rushed to conclusions.
Follow below the RED FLAGS that initially brought me to think that it was just another phishing wave.
WALLET SPAM
The initial warning was triggered because it's sent with wallet spam that looks like this:
2. FREE MONEY
They are promising you $ 1 to complete a brief survey.
They seem to have kept their word though.
As @themarkymark said: they have been paying users, and they bought stake. It's basically asking questions about the Justin Sun take over. You can view the questions without logging in.
PS. The payments stopped briefly after this comment.
PS. FOUND MORE INFO: https://peakd.com/hive-167922/@keys-defender/re-keys-defender-s3wdnm
3. OUT OF NOWHERE
As @louis88 said:
- Why do massive spam
- No Introduction Post
- Why use a shady Vercel Application
- No details to the person behind it.
4. ACTIVE KEY LOGIN
Another red flag was that it asks for your ACTIVE KEY to login (with Hive Keychain). That is suspicious as usually the posting key is enough.
It also sends username and active key to their server but the latter is actually the PUBLIC active key, so not a threat.
NOTE: I originally thought it was the private key, but clearly that's not accessible to the website when you login with the Hive Keychain.
Their code responsible for submitting the survey looks like this:
This code is easily readable, but other scripts are not so I submitted some parts to ChatGPT and it helped me understand those parts better.
There does not seem to be any threats currently in place.
FINAL CONSIDERATIONS:
I would still advise to keep an eye on this domain and use some healthy skepticism.
My concern is that this could spread fast because of the promised payouts, and once many users are on it because they heard it's legit, the owner could change the login mechanism to ask for private keys instead.
DO YOUR PART
If the scenario described above still ends up occurring (unlikely since the payments stopped), please use my !phishing command anywhere on chain followed by the phishing url of the website.
Eg.
@keys-defender !PHISHING https://somesketchysite.com
What this does is scan all new blocks and all blocks generated in the previous hour to detect such link and warn users that came across it by using wallet memos or replies with a warning.
This command can be used anytime you see a phishing link, you can use it anywhere (posts/comments). If you can't remember this command (or the others) just tag @keys-defender for a list of all commands.
If you are a top-40 witness, the !phishing command will immediately add the phishing link to @keys-defender database. If you're not a top-40 witness, 3 different reports from users with reputation above 50 are required for the blacklist command automation to work.
STAY SAFE!
@keys-defender
play-to-earn WEB3 Shooter on HIVE
Discord Twitter
Notice those accounts receiving funds are inactive? Notice each account receives funds then transfers it to another wallet? LOL
I received funds. I used an inactive account because I wasn't sure at the time and I was testing whether it was a scam or not. However there are also active accounts that recieved funds, such as @artgirl.
About 100 accounts all sent it to one account and that account dumped about 300 HIVE. Survey got burned.
I guess they'll have to work out sybil resistance if they want to perform their study again.
Indeed, giving away free money on the internet and making it so easy to exploit is not a good idea...
https://peakd.com/hive-167922/@keys-defender/re-nonameslefttouse-s3ub6e
I checked the researcher's details and project and it was available in the university website, but of course one can still use that as a decoy to scam. I was curious to see what the survey was about because if it's legit and helps to raise Hive awareness and shitsteem shit show it's in our interest to do it.
I was going to send an email directly to the university to verify this, but someone in Acid's email said they'd done it already so I didn't bother.
So I copied and paste the survey link from the memo and went through all the questions till it asked me for my username. Up to this point they did not ask me to log in. I quit at this point because all the questions were very subjective eg "what % of users do you think .... "
My conclusion is that the survey is based mostly on user sentiment and subjectivity which imho is difficult to generate any useful results for us as a community.
Hi @katerinaramm, I just saw @acidyo's post about this.
Any update on that email?
Thx!
No, and I am very disappointed about it.
I looked up that person, and there is no other email than the one provided by him.
I have received no response yet.
Maybe I should send an email to the supervising professor of the so-called 'study', I think that he is also mentioned.
Yeh worth a try. Would be good to sort this out once and for all..
I tried sending a DM on Discord.
No reply yet.
This is my update after finding the user on Discord:
https://peakd.com/hive-167922/@keys-defender/re-keys-defender-s3wdnm
I completely ignored it and forgot about it actually. Thank you for looking into it and diving into the details.
Thanks for the update.
Thank you for this analysis.
I am summoning @acidyo to check this out, because he was one of the first (or the first) to write about this.
yeah I just noticed the memo spam early since my username starts with an A and figured I'd warn people. Obviously it may not be a scammer but as someone said why not just have people enter their username for rewards at the end than have them sign a tx, no one would enter another person's username after filling in the survey to give them $1...
I just noticed several of the accounts receiving funds all sent it to one account. Just over 300 HIVE went out the door.
And probably just used a script for that.
It's enough to copy the final submit HTTP call and replace it with your username, your public active key and a signature that can easily be created programmatically by signing the "2 words" login message the website gives you.
Gotta make it safer if you're distributing free money on the internet.. 🙈🙈🙈
NOTE: pretty sure that it stopped giving rewards only because it was drained of all the liquid HIVE in the account.
Warning the survey from getting scammed wasn't really on my mind. :p
They got burned.
Thank you for painstakingly digging into it and present us with the information
cheers, note to self, only give public active key.
gotcha.
The public keys you actually dont need to "give" them.
Anyone can see them. Example for yours:
The note to self would be to always use Hive Keychain or Hive Auth and never enter your private keys on websites.
Roger Wilco!
What a stupid scammer, also the name of the domain, a probably junior dev making a new project for his portfolio. If he was more intellligent he hs been created an account first to test the network methods :)
I don't think we can call them scammers. We don't have proof of that.
Thank you so much for the warning! I got the memo weeks ago, but I didn't had the time to check it out and I forgot completely about it! Seriously, thank you for the warning. !PIZZA !PGM !CTP !BBH !HUESO
I dug more into it and it actually seems to be legit for now. It's worth keeping an eye on it though, in case that when it spreads more the login is changed to ask for private keys instead.
Post updated with my findings.
To be honest, and thinking carefully about it, I don't like the method. It feels suspicious. It could be something oblivious to them, but I think it's extremely weird. Especially that now InLeo Threads has polls. It doesn't make sense to me why they did it this way. Thank you for your concern and I think it's worth to keep an eye on it. !PIZZA !PGM !CTP !BBH
It has to be looked at from a study design point of view. They're going to want to minimize sampling bias as much as possible. Something like a poll on leothreads might be fun and interesting, but it's far from suitable for a rigorous study. Memo messages still have some sampling bias, but it's a major improvement over posting a poll.
I think I get it now! You are right, he is trying to design something for a study where he could have much more control for his study. I wish we could do this kind of stuff in HIVE without being extra suspicious and afraid of getting scammed. Like a platform designed specially for researchers or some useful tools. Thank you for clarifying it! !PIZZA !PGM !CTP !BBH !HUESO
Click on this banner, to be directed to the Virtual World Discord and learn more about the curation project.
BUY AND STAKE THE PGM TO SEND A LOT OF TOKENS!
The tokens that the command sends are: 0.1 PGM-0.1 LVL-0.1 THGAMING-0.05 DEC-15 SBT-1 STARBITS-[0.00000001 BTC (SWAP.BTC) only if you have 2500 PGM in stake or more ]
5000 PGM IN STAKE = 2x rewards!
Discord
Support the curation account @ pgm-curator with a delegation 10 HP - 50 HP - 100 HP - 500 HP - 1000 HP
Get potential votes from @ pgm-curator by paying in PGM, here is a guide
I'm a bot, if you want a hand ask @ zottone444
@demotruk! Your Content Is Awesome so I just sent 1 $BBH (Bitcoin Backed Hive) to your account on behalf of @cpol. (4/50)
@keys-defender! Your Content Is Awesome so I just sent 1 $BBH (Bitcoin Backed Hive) to your account on behalf of @cpol. (3/50)
Articles:
- !phishing command and universal script
- !scam, !unsafe and !info commands
_ Vote for our WITNESS to support this FREE service!
- !phishing {link}
- !scam {link}
- !unsafe {link}
- !hacked @{user}
- !recovered @{user}
- !info
BUY AND STAKE THE PGM TO SEND A LOT OF TOKENS!
The tokens that the command sends are: 0.1 PGM-0.1 LVL-0.1 THGAMING-0.05 DEC-15 SBT-1 STARBITS-[0.00000001 BTC (SWAP.BTC) only if you have 2500 PGM in stake or more ]
5000 PGM IN STAKE = 2x rewards!
Discord
Support the curation account @ pgm-curator with a delegation 10 HP - 50 HP - 100 HP - 500 HP - 1000 HP
Get potential votes from @ pgm-curator by paying in PGM, here is a guide
I'm a bot, if you want a hand ask @ zottone444
Click on this banner, to be directed to the Virtual World Discord and learn more about the curation project.
!PIZZA
BUY AND STAKE THE PGM TO SEND A LOT OF TOKENS!
The tokens that the command sends are: 0.1 PGM-0.1 LVL-0.1 THGAMING-0.05 DEC-15 SBT-1 STARBITS-[0.00000001 BTC (SWAP.BTC) only if you have 2500 PGM in stake or more ]
5000 PGM IN STAKE = 2x rewards!
Discord
Support the curation account @ pgm-curator with a delegation 10 HP - 50 HP - 100 HP - 500 HP - 1000 HP
Get potential votes from @ pgm-curator by paying in PGM, here is a guide
I'm a bot, if you want a hand ask @ zottone444
@keys-defender! Your Content Is Awesome so I just sent 1 $BBH (Bitcoin Backed Hive) to your account on behalf of @cpol. (1/50)
$PIZZA slices delivered:
@cpol(4/15) tipped @demotruk
cpol tipped keys-defender (x2)
Thanks for right information
Is certain that most of those an experienced scammers do start very soft to present themselves legit enough for people. Of which once they are able to meet their target , then those who happens to be their victims would know that everything from them was nothing but a well planned heist.
An excellent one on your end quite security conscious. Thank you so much for sharing.
Thanks for passing by! We cant call them a scammer without proof, but defo quite a few red flags.
$WINE
Gracias por la información, pero a pesar de no tener mucho capital mi clave activa no sé la doy ni a mi mamá, mucho esfuerzo para yo conseguir los 52 HP que he logrado.
Good. Give you ACTIVE key to NO ONE 🙂
https://inleo.io/threads/lordshah/re-lordshah-jwgehxjd
The rewards earned on this comment will go directly to the people ( lordshah ) sharing the post on LeoThreads,LikeTu,dBuzz.
Hello keys-defender!
It's nice to let you know that your article will take 12th place.
Your post is among 15 Best articles voted 7 days ago by the @hive-lu | King Lucoin Curator by polish.hive
You receive 🎖 1.6 unique LUBEST tokens as a reward. You can support Lu world and your curator, then he and you will receive 10x more of the winning token. There is a buyout offer waiting for him on the stock exchange. All you need to do is reblog Daily Report 111 with your winnings.
Buy Lu on the Hive-Engine exchange | World of Lu created by szejq
STOP
or to resume write a wordSTART