HIVESURVEY.vercel.app = NOT Phishing. But Stay vigilant.

in LeoFinancelast year (edited)

Analysis of @hivesurvey surveys

VERDICT: at the moment it does not seem to be a security threat for Hive users.


 
image.png


If you saw this post that warned you against this Survey before I had a chance to edit it after about 10 minutes, my apologies. I am feeling a bit after the weather today so I rushed to conclusions.

Follow below the RED FLAGS that initially brought me to think that it was just another phishing wave.




  1. WALLET SPAM

The initial warning was triggered because it's sent with wallet spam that looks like this:



2. FREE MONEY

They are promising you $ 1 to complete a brief survey.

They seem to have kept their word though.
As @themarkymark said: they have been paying users, and they bought stake. It's basically asking questions about the Justin Sun take over. You can view the questions without logging in.

PS. The payments stopped briefly after this comment.


3. OUT OF NOWHERE

As @louis88 said:

  1. Why do massive spam
  2. No Introduction Post
  3. Why use a shady Vercel Application
  4. No details to the person behind it.





4. ACTIVE KEY LOGIN

Another red flag was that it asks for your ACTIVE KEY to login (with Hive Keychain). That is suspicious as usually the posting key is enough.

It also sends username and active key to their server but the latter is actually the PUBLIC active key, so not a threat.

image.png

image.png

 
NOTE: I originally thought it was the private key, but clearly that's not accessible to the website when you login with the Hive Keychain.

 
Their code responsible for submitting the survey looks like this:

image.png
 
This code is easily readable, but other scripts are not so I submitted some parts to ChatGPT and it helped me understand those parts better.

There does not seem to be any threats currently in place.

 


FINAL CONSIDERATIONS:

I would still advise to keep an eye on this domain and use some healthy skepticism.

My concern is that this could spread fast because of the promised payouts, and once many users are on it because they heard it's legit, the owner could change the login mechanism to ask for private keys instead.

 

DO YOUR PART

If the scenario described above still ends up occurring (unlikely since the payments stopped), please use my !phishing command anywhere on chain followed by the phishing url of the website.

Eg.

What this does is scan all new blocks and all blocks generated in the previous hour to detect such link and warn users that came across it by using wallet memos or replies with a warning.

This command can be used anytime you see a phishing link, you can use it anywhere (posts/comments). If you can't remember this command (or the others) just tag @keys-defender for a list of all commands.

If you are a top-40 witness, the !phishing command will immediately add the phishing link to @keys-defender database. If you're not a top-40 witness, 3 different reports from users with reputation above 50 are required for the blacklist command automation to work.




If you appreciate my contributions to the Hive chain, please
VOTE for my WITNESS
       


STAY SAFE!

@keys-defender

 


@keys-defender is sponsored by @cryptoshots.nft
play-to-earn  WEB3 Shooter on HIVE

CRYPTO SHOTS


Discord    Twitter  

Sort:  

Notice those accounts receiving funds are inactive? Notice each account receives funds then transfers it to another wallet? LOL

I received funds. I used an inactive account because I wasn't sure at the time and I was testing whether it was a scam or not. However there are also active accounts that recieved funds, such as @artgirl.

About 100 accounts all sent it to one account and that account dumped about 300 HIVE. Survey got burned.

I guess they'll have to work out sybil resistance if they want to perform their study again.

Indeed, giving away free money on the internet and making it so easy to exploit is not a good idea...
https://peakd.com/hive-167922/@keys-defender/re-nonameslefttouse-s3ub6e

I checked the researcher's details and project and it was available in the university website, but of course one can still use that as a decoy to scam. I was curious to see what the survey was about because if it's legit and helps to raise Hive awareness and shitsteem shit show it's in our interest to do it.

I was going to send an email directly to the university to verify this, but someone in Acid's email said they'd done it already so I didn't bother.

So I copied and paste the survey link from the memo and went through all the questions till it asked me for my username. Up to this point they did not ask me to log in. I quit at this point because all the questions were very subjective eg "what % of users do you think .... "

My conclusion is that the survey is based mostly on user sentiment and subjectivity which imho is difficult to generate any useful results for us as a community.

to send an email directly to the university to veri

Hi @katerinaramm, I just saw @acidyo's post about this.

Any update on that email?

Thx!

No, and I am very disappointed about it.
I looked up that person, and there is no other email than the one provided by him.
I have received no response yet.
Maybe I should send an email to the supervising professor of the so-called 'study', I think that he is also mentioned.

Yeh worth a try. Would be good to sort this out once and for all..

I tried sending a DM on Discord.
No reply yet.

This is my update after finding the user on Discord:
https://peakd.com/hive-167922/@keys-defender/re-keys-defender-s3wdnm

I completely ignored it and forgot about it actually. Thank you for looking into it and diving into the details.

Thanks for the update.

Thank you for this analysis.
I am summoning @acidyo to check this out, because he was one of the first (or the first) to write about this.

yeah I just noticed the memo spam early since my username starts with an A and figured I'd warn people. Obviously it may not be a scammer but as someone said why not just have people enter their username for rewards at the end than have them sign a tx, no one would enter another person's username after filling in the survey to give them $1...

I just noticed several of the accounts receiving funds all sent it to one account. Just over 300 HIVE went out the door.

And probably just used a script for that.

It's enough to copy the final submit HTTP call and replace it with your username, your public active key and a signature that can easily be created programmatically by signing the "2 words" login message the website gives you.

image.png

 
Gotta make it safer if you're distributing free money on the internet.. 🙈🙈🙈

NOTE: pretty sure that it stopped giving rewards only because it was drained of all the liquid HIVE in the account.

Warning the survey from getting scammed wasn't really on my mind. :p

They got burned.

Thank you for painstakingly digging into it and present us with the information

cheers, note to self, only give public active key.

gotcha.

The public keys you actually dont need to "give" them.
Anyone can see them. Example for yours:

image.png

 
The note to self would be to always use Hive Keychain or Hive Auth and never enter your private keys on websites.
 

Roger Wilco!

What a stupid scammer, also the name of the domain, a probably junior dev making a new project for his portfolio. If he was more intellligent he hs been created an account first to test the network methods :)

I don't think we can call them scammers. We don't have proof of that.

Thank you so much for the warning! I got the memo weeks ago, but I didn't had the time to check it out and I forgot completely about it! Seriously, thank you for the warning. !PIZZA !PGM !CTP !BBH !HUESO

I dug more into it and it actually seems to be legit for now. It's worth keeping an eye on it though, in case that when it spreads more the login is changed to ask for private keys instead.

Post updated with my findings.

To be honest, and thinking carefully about it, I don't like the method. It feels suspicious. It could be something oblivious to them, but I think it's extremely weird. Especially that now InLeo Threads has polls. It doesn't make sense to me why they did it this way. Thank you for your concern and I think it's worth to keep an eye on it. !PIZZA !PGM !CTP !BBH

It has to be looked at from a study design point of view. They're going to want to minimize sampling bias as much as possible. Something like a poll on leothreads might be fun and interesting, but it's far from suitable for a rigorous study. Memo messages still have some sampling bias, but it's a major improvement over posting a poll.

I think I get it now! You are right, he is trying to design something for a study where he could have much more control for his study. I wish we could do this kind of stuff in HIVE without being extra suspicious and afraid of getting scammed. Like a platform designed specially for researchers or some useful tools. Thank you for clarifying it! !PIZZA !PGM !CTP !BBH !HUESO

SORRY, you have exhausted all the uses you had for today, try again tomorrow.

Greetings from the Virtual World Community. We send you Hueso token to support your work.
Click on this banner, to be directed to the Virtual World Discord and learn more about the curation project.

Sent 0.1 PGM - 0.1 LVL- 1 STARBITS - 0.05 DEC - 1 SBT - 0.1 THG - 0.000001 SQM - 0.1 BUDS - 0.01 WOO - 0.005 SCRAP tokens

remaining commands 9

BUY AND STAKE THE PGM TO SEND A LOT OF TOKENS!

The tokens that the command sends are: 0.1 PGM-0.1 LVL-0.1 THGAMING-0.05 DEC-15 SBT-1 STARBITS-[0.00000001 BTC (SWAP.BTC) only if you have 2500 PGM in stake or more ]

5000 PGM IN STAKE = 2x rewards!

image.png
Discord image.png

Support the curation account @ pgm-curator with a delegation 10 HP - 50 HP - 100 HP - 500 HP - 1000 HP

Get potential votes from @ pgm-curator by paying in PGM, here is a guide

I'm a bot, if you want a hand ask @ zottone444


@demotruk! Your Content Is Awesome so I just sent 1 $BBH (Bitcoin Backed Hive) to your account on behalf of @cpol. (4/50)

@keys-defender! Your Content Is Awesome so I just sent 1 $BBH (Bitcoin Backed Hive) to your account on behalf of @cpol. (3/50)

Sent 0.1 PGM - 0.1 LVL- 1 STARBITS - 0.05 DEC - 1 SBT - 0.1 THG - 0.000001 SQM - 0.1 BUDS - 0.01 WOO - 0.005 SCRAP tokens

remaining commands 7

BUY AND STAKE THE PGM TO SEND A LOT OF TOKENS!

The tokens that the command sends are: 0.1 PGM-0.1 LVL-0.1 THGAMING-0.05 DEC-15 SBT-1 STARBITS-[0.00000001 BTC (SWAP.BTC) only if you have 2500 PGM in stake or more ]

5000 PGM IN STAKE = 2x rewards!

image.png
Discord image.png

Support the curation account @ pgm-curator with a delegation 10 HP - 50 HP - 100 HP - 500 HP - 1000 HP

Get potential votes from @ pgm-curator by paying in PGM, here is a guide

I'm a bot, if you want a hand ask @ zottone444


Greetings from the Virtual World Community. We send you Hueso token to support your work.
Click on this banner, to be directed to the Virtual World Discord and learn more about the curation project.


Uses: 1/2
!PIZZA

Sent 0.1 PGM - 0.1 LVL- 1 STARBITS - 0.05 DEC - 1 SBT - 0.1 THG - 0.000001 SQM - 0.1 BUDS - 0.01 WOO - 0.005 SCRAP tokens

remaining commands 8

BUY AND STAKE THE PGM TO SEND A LOT OF TOKENS!

The tokens that the command sends are: 0.1 PGM-0.1 LVL-0.1 THGAMING-0.05 DEC-15 SBT-1 STARBITS-[0.00000001 BTC (SWAP.BTC) only if you have 2500 PGM in stake or more ]

5000 PGM IN STAKE = 2x rewards!

image.png
Discord image.png

Support the curation account @ pgm-curator with a delegation 10 HP - 50 HP - 100 HP - 500 HP - 1000 HP

Get potential votes from @ pgm-curator by paying in PGM, here is a guide

I'm a bot, if you want a hand ask @ zottone444


@keys-defender! Your Content Is Awesome so I just sent 1 $BBH (Bitcoin Backed Hive) to your account on behalf of @cpol. (1/50)

PIZZA!

$PIZZA slices delivered:
@cpol(4/15) tipped @demotruk
cpol tipped keys-defender (x2)

Thanks for right information

Is certain that most of those an experienced scammers do start very soft to present themselves legit enough for people. Of which once they are able to meet their target , then those who happens to be their victims would know that everything from them was nothing but a well planned heist.

An excellent one on your end quite security conscious. Thank you so much for sharing.

Thanks for passing by! We cant call them a scammer without proof, but defo quite a few red flags.

Gracias por la información, pero a pesar de no tener mucho capital mi clave activa no sé la doy ni a mi mamá, mucho esfuerzo para yo conseguir los 52 HP que he logrado.

Good. Give you ACTIVE key to NO ONE 🙂

https://inleo.io/threads/lordshah/re-lordshah-jwgehxjd
The rewards earned on this comment will go directly to the people ( lordshah ) sharing the post on LeoThreads,LikeTu,dBuzz.

Loading...

Hello keys-defender!

It's nice to let you know that your article will take 12th place.
Your post is among 15 Best articles voted 7 days ago by the @hive-lu | King Lucoin Curator by polish.hive

You receive 🎖 1.6 unique LUBEST tokens as a reward. You can support Lu world and your curator, then he and you will receive 10x more of the winning token. There is a buyout offer waiting for him on the stock exchange. All you need to do is reblog Daily Report 111 with your winnings.

2.png


Invest in the Lu token (Lucoin) and get paid. With 50 Lu in your wallet, you also become the curator of the @hive-lu which follows your upvote.
Buy Lu on the Hive-Engine exchange | World of Lu created by szejq

If you no longer want to receive notifications, reply to this comment with the word STOP or to resume write a word START