Don't F*** with the Community - My research on the spam wave over the past few days

in #hive24 days ago

A few days ago, I observed an immense wave of spam accounts flooding the Hive ecosystem, blatantly copying older content from genuine users and reposting it as if it were fresh, original material. This wasn't an isolated incident in a single community; rather, it spanned across numerous communities within Hive, where stolen content was repackaged and posted in a coordinated attempt to rake in rewards as if it were new, valuable contributions. This surge of fraudulent activity didn’t go unnoticed, and @hivewatchers quickly uncovered a pattern: approximately 17,400 accounts involved in this scheme, predominantly linked to the Splinterlands ecosystem, either actively or historically.

From my perspective, this orchestrated content theft could very well reflect a deeper issue within Splinterlands itself. It seems plausible that declining earnings from the game may have led the individual behind this spam attack to exploit the Hive Blockchain, using these spam accounts to harvest rewards illegitimately. By recycling the work of others without authorization, they likely sought an alternative revenue stream to make up for the unsatisfactory income from Splinterlands. This situation not only underscores the challenges Hive faces in terms of content integrity and security but also highlights the lengths to which individuals will go to find financial gain in this ecosystem, often at the expense of the original creators.

After reviewing the list of the 17,400 accounts, I embarked on my research and quickly started uncovering patterns. Using Hivehub.dev, I scrutinized several transactions involving accounts from the list—granted, it was a random sampling approach, but the same operational pattern appeared consistently.

Below, I’ve included links to some of the transactions I analyzed, which have been essential in building and reinforcing my evidence that the user "aprisen" is, in one way or another, the orchestrator of this spam attack:

In this transaction, user kent0646 transferred SPS to the account anthonyyy:
https://hivehub.dev/tx/73e4198437538cbd47a38e3fb8bfb3a8b21c4fca

The following screenshot demonstrates that the kentXXXX accounts are part of the spam list:

image.png

image.png

image.png

image.png

image.png


To establish a connection with the user aprisen, I delved into the Splinterlands Discord server and uncovered several compelling links. In the screenshot below, we see aprisen ... whom I believe to be from the Philippines—successfully linking their Discord account to the blockchain account anthonyyy:

image.png

image.png

https://hivehub.dev/tx/e4d08a12c4a188e886786968d8f13344f6267af7
https://hivehub.dev/tx/faa845bdf682f0af68547ae5198ffacdd866182e

He also shared a screenshot showing that he was logged in with the user account anthonyyy on Peakmonsters.com. This detail is crucial, as it visually confirms his active use of the account in question, further strengthening the link between aprisen and the suspicious activity associated with anthonyyy.

These screenshots collectively point toward aprisen not only having access to anthonyyy but actively using it within Splinterlands-related platforms. This connection adds to the mounting evidence suggesting that aprisen is deeply involved in orchestrating or at least facilitating this spam attack on Hive.

image.png

Original Screenshot from Discord:

image.png


Here are additional screenshots I discovered and saved during my research on this spam attack. A big thanks also goes out to @markus.journey for assisting with the investigation. Given that I consider security to be paramount—and taking down malicious actors is more than just a hobby for me, as many of you on Hive already know from my other work—I wanted to share these findings with you.

Feel free to use the information in these screenshots as you see fit—they are all original screenshots from the Splinterlands Discord server. I hope this information contributes meaningfully to the broader effort to maintain integrity and protect our community from exploitative behavior.

image.png
image.png
image.png

image.png

image.png

image.png

image.png


image.png

image.png

image.png

image.png

image.png

image.png


To wrap up this article, I wanted to share some final thoughts. Several people encouraged me to publish my research, and given the clear connections I've uncovered, I can’t help but share my conclusions. While, of course, I’m only making educated guesses here, the patterns are undeniably suspicious.

My Take: I believe there’s someone out there who sees little to no future success with Splinterlands and is now looking for other avenues to generate revenue. From what I've observed, this person has enough technical know-how to put their skills to better use, rather than flipping a middle finger at the Hive community. This behavior is not only disrespectful but tramples on the pride, respect, and hard work of genuine Hive users, who craft original content. This was an intentional, calculated move, and it deserves consequences.

Splinterlands, with its acceptance of botting and even its own employees reportedly running bot farms, bears a certain level of responsibility for this spam attack. Had there been stricter measures against botting and automated gameplay from the outset, I doubt we’d be facing such a wave of content theft and exploitation. This attack is yet another reminder of the massive mess that bot farms have created within the ecosystem.

And those are my two cents on this spam wave. Do with this information as you will. But just a note: many of these accounts are still actively playing in Modern / Wild. For that, we’ve hired someone who, one would hope, is aware of it.

Peace out.

untitled.gif

PS: If you’d like access to the full list of user accounts involved in this spam activity, feel free to reach out to @hivewatchers. This list has already been integrated into blacklists and is available for review.

CC-Tag List: @logic @markus.journey @oflyhigh @eddiespino @acidyo @themarkymark @gtg @danielvehe
Post-Payout at 100% Hive-Powerup.


image.png

Vote for my Hive Witness

U can vote for my Witness using Hive Keychain here: https://vote.hive.uno/@louis.witness

image.png

Vote for my Hive Engine Witness

Vote for my Witness on Hive-Engine using Primersion Tool: https://primersion.com/he-witnesses Enter your Username and search for louis.witness

Sort:  

I figured something dodgy was going on last Wednesday when I saw all those spam accounts in the Worldmappin community. The chain often gets a lot of spam, I just didn't expect it to be in this scale. They could have got away with it if they weren't so greedy and spammed so much in one go because many curators don't check the details.

Loading...

I picked up on a couple of dodgy posts in one of my communities as they recycled one of my old posts! The best thing we can do is to downvote them to a low reputation so the accounts become useless. People can coordinate on Discord to do this.

Hive is vulnerable to abuse as accounts are really very cheap to create when you consider their potential value. Anyone with a decent stake can create loads more. I think the price will have to rise eventually.

Scammers mostly use Hive on Board to create new accounts as there is no security check.
No phone and email verification. You can create an account within 20 seconds.
Most of the abusive accounts past 2 years have been created with HOB.
The creator of it vanished a while ago and it is basically a rouge service now.

Loading...


This post has been supported by @fallen.angels guild!
Delegate Tokens and HP to Fallen Angels to earn weekly rewards!
Delegate | Join to the guild

Thank you very much. You confirmed my suspicions. In one of my communities, I noted that some older posts with the same names you have in your screenshots were cut. But almost 18K accounts are too much. That's excellent work and effort from your side.

Loading...

Rather than someone who sees little to no future success with Splinterlands, I think its more of a bot operator that cannot extract profit anymore in wild due to the wild pass and the 2x SPS stake so he tries to go to hive instead to try to extract value since if the person that owns all of those account is the same guy on discord, the guy was very much active in discord and was still playing the game those his battles were also very suspicious. Regardless, this actions are very disgusting and goes back with the massive bot farming that spl has let to operate for a long time.

Thanks for sharing your research.

@oflyhigh 看来不止我们中文区有这样的问题呢。

僵尸围城!

Looks like you did really osint intelligence operation to figure out how some people try to farm and to use community resources.
Honestly I should say that couple days earlier I saw post of @ oflyhigh about this bot farming factory and I glad that people ready to share with community such issues which should be solved asap!

Loading...

Thanks for all your work @louis88 and hope we can get that dude.

YO BUDDY !!! =) damn .. this nonsense is crazy and its been a min since i stepped away from HIVE

Great investigation work, Louis! Thanks!
Good job! 💪

Loading...

@louis88 Thank you for your cooperation with your friends in conducting a deeper investigation and digging into this botnet attack and uncovering the mastermind behind it.

That's bad. Feels terrible to see those who should get involved barely move a finger to avoid all of this. But everyone is grateful for you and your work here! If only this post would reach those who should see it..

Watch out, we've got a badass detective over here :) Well done!

If there is anything i shall downvote let me know - good research @louis88

Last week in a Discord community in the news section, a Spanish speaking user warned about this phenomenon, accounts replicating old original content as new... unfortunately it is a sick practice that we have seen in other times but: “17,400 accounts involved” is a very big number! I am worried ❤️‍🩹

Thank you so much for all your effort, I'm sure it wasn't easy to compile so much information in such detail.

Thanks for sharing your research. It is sad to see Hive being exploited like this instead of the person using their talents in a more positive way.

Loading...

Wow, close to 18,000 accounts! That's pretty crazy!

extraordinary research, I congratulate you, thank you.

Loading...

holy smokes, that's a lot of spammage. Good detective work. Don't think I would say splinterlands is partly to blame. The bot problem in splinterlands as bad as it was, was a different issue in my opinion.

Loading...

Thank you for this info and your work! I had two bots repost content from my alt account in this way. 😡
!BEER

Well we are lucky to have people like you that works behind the scenes for all Hive population! Respect 💪🏻

This post has been supported by @Splinterboost with a 15% upvote! Delagate HP to Splinterboost to Earn Daily HIVE rewards for supporting the @Splinterlands community!

Delegate HP | Join Discord

Loading...

PIZZA!

$PIZZA slices delivered:
@danzocal(3/10) tipped @louis88

Great research!


Hey @louis88, here is a little bit of BEER from @phoenixwren for you. Enjoy it!

Learn how to earn FREE BEER each day by staking your BEER.

That's crazy and there are more farms like this thanks for sharing the information very useful 🤝🏾

Thanks for the hardwork. It was pretty annoying to see them on multiple communities.

Are some of the accounts owned by Filipino Splinterlands users? Sold account to Aprisen?

Great work! Thanks for keeping and eye on these things that are not in line with our community codex. 👍🏻

Greetings @louis88 ,

Amazing work...thank you so much....Well done!

Kind Regards,

Bleujay

Wow, that is such a high number. I cannot imagine the resources you need to process that amount. Also, even 1 Hive profit each, made it to 18K hive. Crazy! Good work, man!

P.S. Added your 2 witnesses to my list.

Impressive deduction. Thanks for your efforts involved, hope it would benefit Hive eventually. 😘

thanks for the effort!

Congratulations @louis88! You received a personal badge!

You powered-up at least 10 HIVE on Hive Power Up Day!
Wait until the end of Power Up Day to find out the size of your Power-Bee.
May the Hive Power be with you!

You can view your badges on your board and compare yourself to others in the Ranking

Check out our last posts:

Hive Power Up Month Challenge - October 2024 Winners List
Be ready for the November edition of the Hive Power Up Month!
Hive Power Up Day - November 1st 2024

Congratulations @louis88! You received a personal badge!

You powered-up at least 50 HP on Hive Power Up Day! This entitles you to a level 2 badge
Participate in the next Power Up Day and try to power-up more HIVE to get a bigger Power-Bee.
May the Hive Power be with you!

You can view your badges on your board and compare yourself to others in the Ranking

Check out our last posts:

Hive Power Up Month Challenge - October 2024 Winners List
Be ready for the November edition of the Hive Power Up Month!
Hive Power Up Day - November 1st 2024

thankfully you were able to noticed it. what would happened to his accounts? is it possible to ban those accounts?

It's not in my Power... but as of right now, it's just getting ignored in Splinterlands Side of things...

Are we going to put up with this crap on HIVE?
NEIN NEIN NEIN NEIN NEIN

Wow you're like my new hero! 💪 Like a real life super hero. Awesome!

Splinterlands, with its acceptance of botting and even its own employees reportedly running bot farms, bears a certain level of responsibility for this spam attack. Had there been stricter measures against botting and automated gameplay from the outset, I doubt we’d be facing such a wave of content theft and exploitation. This attack is yet another reminder of the massive mess that bot farms have created within the ecosystem.

Only bumped into this now, but do subscribe this paragraph; unfortunately, it seems the team is still encouraging bot use. It's a shame that wild league is basically unplayable for any human player. Thanks for the detective work! !BEER


Hey @louis88, here is a little bit of BEER from @pardinus for you. Enjoy it!

Did you know that <a href='https://dcity.io/cityyou can use BEER at dCity game to buy cards to rule the world.

Hello louis88!

It's nice to let you know that your article will take 4th place.
Your post is among 15 Best articles voted 7 days ago by the @hive-lu | King Lucoin Curator by hallmann

You receive 🎖 3.1 unique LUBEST tokens as a reward. You can support Lu world and your curator, then he and you will receive 10x more of the winning token. There is a buyout offer waiting for him on the stock exchange. All you need to do is reblog Daily Report 467 with your winnings.

2.png


Invest in the Lu token (Lucoin) and get paid. With 50 Lu in your wallet, you also become the curator of the @hive-lu which follows your upvote.
Buy Lu on the Hive-Engine exchange | World of Lu created by szejq

If you no longer want to receive notifications, reply to this comment with the word STOP or to resume write a word START

It is sad that things like this happens here, 'cause a lot of people is being damaged because of this. I'm amazed that you can do this kind of research work.

Also, I was victim of another kind of attack. I was absent from Hive for a couple of years and when I came back recently I found out that all my Hive, HBD and HP was stolen. Everything was sent to a single account and when I looked at it I found out I wasn't the only victim.

Do you know about this kind of attacks too?

Thanks for sharing. Yes, im already working and checking things like the transfers to wallets with friends. How far we are on this we are not sharing but a chat maybe on Discord would be nice.

Sorry, I didn't understand the last thing you said.

Would like to have a Chat with you on Discord.

Ohh, sure. How can I contact you there?

Out of curiosity - did you discover how did that happen? It's not easy to just guess or bruteforce the keys needed to perform the transfers. Did you do something stupid like posting the keys or sending master key somewhere 'trusted', or had other accident, idk, laptop/mobile stolen with keys on it, etc?

Well, I have the theory that I 'saved it' in my Google Account's Password Administrator and there was a security breach. Someone was able of getting the information and the rest is history.

Thank you. This actually makes it much more possible/probable course of events than someone cracking the keys.. ..on your, or anyone's account. I mean, I don't know how much you've lost, but if someone has the resources/etc to actually crack the keys, ehy go after people's wallets instead of the bigbot/pools/etc.. so some kind of a key leakage seems orders of magnitude more likely. I try to keep ears open and inquire to learn how I can leak my keys. So.. here was (probably) a security breach in a safe keystore. Ouch..

Funny thing from last week or two - someone threw out quite a lot of furniture, all not so neatly stacked under a tree near local waste containers. Pretty common thing lately, probably they had their room rebuilt or something - and there was this one desk lying flipped up side down. There was a long piece of paper, scoth-taped to its underside, now on top of it. I thought, wow, someone stuck a note there? What, "please take what you like" or something? -nobody- does that. I came closer and I saw:

"XMR WALLET
private key: blah blah blah blah...."

and there's goes a run of random 13 english words. Typical way of preserving a recovery seed. I later checked, it was actually valid, 0.0 balance, not a single transaction ever. Someone must have generated it, saved the key for later, then never used it. For fun, using their key, I ran a miner for a moment and left them ~$0.25, I wonder if they'll ever withdraw :) but just as likely I could have witnessed someone losing a whole bag of money just because their family wanted to make them a suprise over the weekend while they're away and the renovation team happily tossed their old desk.. (oO)

What would you have done if there were money on that wallet? Just curious.

And yes, I think that is what happened. I was very lazy to store the password in a safe place and I just saved it in my Google account. Now I've changed all my keys and secured them in a safe place outline. I've learned the lesson.

Btw, I don't even remember how many did I have before I got stolen, but I think I would have near 1500 HP now.

What would you have done if there were money on that wallet? Just curious.

At first, I've had a 'very smart' idea to generate a new address, send them there, then find&contact the owner somehow and pass them the new keys or just transfer to a new account/wallet.. but a quick sanity check proved that finding the owner might be next to impossible. I could put a note on the desk, but then any passer-by could try to claim to be them if I include too many details in the message. I could generate some tx to let them know, but I didn't find any message/text/note on transfers in XMR like here in Hive, bummer. I could somehow embed a message in the amounts (1337 and so on), but heh good luck for them figuring it out. And assumption they still can access that account is pretty weak. Best way to get to them is traceback via garbage locality.. Stick some posters to the doors in 100-150m area. People are lazy, they wouldn't carry furniture to a waste container further away.

Of course, if there was a figure high enough lying there, greed could kick in, finder's keeper's, and so on. I'm still a human not a saint :P But the primary plan was like I said before.

I'm actually very relieved that the account was absolutely fresh and empty. No balance to worry about, no recent sus tx to suspect theft. It's weird to find a private key, but even weirder that it had blank tx history. I actually fully re-synced the wallet two times, and also did that tiny mining mostly to see if the XMR wallet I used really worked and displayed the balance and past txs properly.

Loading...