All "free offers of free STEEM" are FAKE and you WILL lose all of your money. DO NOT go to any "free offer" URLs.
Spread the word by making your own short post to tell users not to click on any links or go to any suspicious URLs. (Do not include the actual URLs)
Warning!
- DO NOT click on any comments that promise to give away free STEEM or any free offers.
- DO NOT go to any URLs sent to you in memos about free giveaways or offers.
- THERE ARE NO FREE OFFERS.
Current Situation
- Phishing and hacking restarted on the Steem blockchain.
- Accounts are being taken over by the hackers.
- Hacker is not well-versed in how the Steem blockchain works and is able to create basic 'advanced function' bots or otherwise issue transactions
- Transactions issued are a) to change the vesting route b) to post comments c) to send memos as individual transactions d) to detect password/key leaks e) to regenerate keys
Information
https://github.com/gryter/plentyofphish/blob/master/phishing.txt
This is the current list of hacked or still compromised accounts.
https://github.com/gryter/plentyofphish/tree/master/guides
Some helpful guides regarding recovery.
What to Do
If you think your account has been compromised, let me know immediately. You can reach me on Discord at GuiltyParties [.com]#5071 or at the Steemcleaners https://discord.gg/JnvkJMV (tag me or direct message me).
- If your account was created by Steemit Inc (the free accounts) start your recovery by going to this URL https://steemitwallet.com/recover_account_step_1 and using your email that you signed up with.
- If your account was created by some other service, go to that service and ask them to recover (or contact me if you don't know how to reach them)
- Check your "vesting_routes" to see if the location your account is powering down into has been changed (the hacker can power down your SP into his own accounts)
- Follow the guides linked above
- Remove "posting authority" to any dapps or websites you have authorized using SteemConnect
SteemConnect
beta.steemconnect.com/revoke/applicationname (look on steemd.com/@youraccount to see what dapps you authorized)
This is the URL you use to remove the posting authority. You can re-authorize after.
Clean Up
- Check to see if your account posted phishing messages in comments
- Edit or delete any phishing messages posted by your account
Discussion
The only way to stop phishing on the Steem blockchain is by acting swiftly and with due care. If accounts are allowed to go unrecovered or users are wasting time by not reporting phishing to the Steemcleaners or myself, we will not have a coordinated effort at eradicating this attack. There is no glory in trying to work on it yourself and keeping information to yourself; it's a team effort that must be centrally coordinated because we are dealing with an experienced phishing/hacking group. The end goal is to prevent the devastating effects we had the last few times we came under attack like this.
There are still almost 1000 accounts under hacker control on the Steem blockchain. User awareness and an instant response are our best defense and our greatest deterrents.
You may take this post or a part of it and re-post it, translate it, or do whatever you want with it in order to help get the warning out. Phishing targets users who are trusting individuals and believe that the links they're given are genuine. Hacking targets users who accidentally share their passwords or keys without realizing. This isn't intentional on their part. Warnings help to teach people to be more vigilant.
Like what we're doing? Support us as a Witness.Go to https://steemit.com/~witnessesSelect or type in guiltypartiesClick VOTE if typed in |
Excellent information @guiltyparties, we are all involved in the security of the platform, social engineering.
Resteem!
Darlenys
Except for mine , because i do give out free money and steem and mostly steemengine tokens and dogecoin and stuff cheap enough to give out free to anyone who comes into my discord https://myfreecrypto.org
I reblogged it.
Thank you.
Upvoted and resteemed for visibility. Good job trying to protect people! :)
Thanks bud
Timely warning, @guiltyparties. Thanks for all of your hard work helping people like @blueeyes8960 recover from situations like this.
@tipu curate
Upvoted 👌
Resteemed and I despise the type of people that do these things!
Posted using Partiko Android
Resteemed so as to increase its visibility and make steemians aware of it🙂
Verry good information friends
Resteemed, seen because of @hobo.media and @apolymask resteem's
Resteemed to make people more aware thanks for all your help and hard work 👍
I not the biggest resteemed but this is one I will gladly resteem, thank for the help yesterday
Really appreciate what you are doing for the community, the amount of phishing attacks in the blockchain space has grown exponentially in the passed year, which means we NEED people and witnesses like you to keep people informed and safe, resteemed, upvoted, voted for as a witness, and letting you know you're loved by myself and the community <3
@guiltyparties
Resteemed and thank you for helping @blueeyes8960. I remain grateful for all your help when I was hacked. Thanks again.
Good advice, and I sure hope those presently compromised accounts take the actions you recommend, before what happened to me happens to them. I wish I'd seen this post before that happened =p
Also, I very much appreciate you taking the time to ascertain how my key was availed to the phishing hacker, and clearing up how it happened, as I was mystified at the time. I have improved opsec as a result of what you found, and now copy something to replace the key on the clipboard every time I login. If I ever make the same mistake again, I will not be posting my key.
Thanks!
This post has been included in the 201st edition of The Steem News - a compilation of the key news stories on the Steem blockchain.
You help was swift and invaluable - and on a weekend to boot. Again, thanks so much for helping out! I'm editing the post I made today to include this link as well - valuable information!
Posted using Partiko Android
Wow, that's a lot of affected accounts. Thanks for the important information, Resteemd.
Many thanks for creating this blog. Gestern ans upvote. Michael
Posted using Partiko Android
hello, many people are seeing that @steamengineteam is abusing others voting keys and most likely they have been compromised and is either working with @fiftysats or they were hacked and that account now has over 2000+ accounts voting on their 13+ daily posts !