Steemit Social Network Hacked, User Funds Stolen, DDoS Attack Ensued INCIDENTS

in #upvotes7 years ago

Steem is a new kind of technology that powers the Steemit social network and works by rewarding users who post popular content with Steem Power and Steem Dollars, a custom crypto-currency with a one-to-one ratio to the US dollar.

The network works exactly like Reddit or Hacker News, only you get the chance to earn money by curating and creating new content.
Attacker stole Steem Dollars, which he can convert to Bitcoin
Steemit user dragonslayer109 was the first to notice the attack, after reporting mysterious transactions that transferred funds from his account to another Bittrex account, a Bitcoin trading portal Steemit works with to allow users to withdraw Steem Dollars as Bitcoin.

Other users noticed the same thing, and the company took note of the incident and started an investigation after shutting down the ability to transfer funds to Bittrex, and later notifying the FBI and other authorities.

The investigation revealed that the attack affected less than 260 users but has managed to steal $85,000 worth of Steem Dollars and Steem Power.
Attack used browser-side vulnerabilities in the Steemit website
Steemit CEO Ned Scott said that all affected users created their Steemit account via Facebook or Reddit. In a later update posted over the weekend, Scott also claimed that "the Steem blockchain was never hacked. Likewise, our servers were never hacked. Instead, the hacker exploited browser-side vulnerabilities."

Scott also said they were able to contain the attack on the same day, and that Steem Dollars and Steem Power would be returned to all users, refunded courtesy of Steemit itself.

After patching the issues in the Steemit website code, the network is now asking all users to change their passwords. Steemit is different from other online services because users have three passwords, an Owner Key, an Active Key, and a Posting Key, each used for various actions.
Steemit faced a DDoS attack after fixing the issues
Coincidentally or not, right after the company made this announcement, a DDoS attack hit its servers.

Steemit used this attack to bring down its servers for maintenance and upgrade its service by adding something it called "blockchain-based multi-factor authentication," to boost account security even more.

Since the second Steemit update is not hosted on a linkable page, we have embedded it below dragonslayer109's photo, if you wish to read it.Why-Steemit-Matters-to-You.jpg

Sort:  

Hi! I am a robot. I just upvoted you! I found similar content that readers might be interested in:
http://news.softpedia.com/news/steem-social-network-hacked-user-funds-stolen-ddos-attack-followed-after-506417.shtml

Nice post