Community Bot @Council - Security Incident August 5, 2018.

in #witness-category6 years ago (edited)

Security Incident Reports - @Council community bot account un-authorize transferred of SBD (Steem Backed Dollars) to a malicious user at @blocktrades August 5 sometime in the morning. Here's the wallet transaction.


@Council

As you can see, the malicious user is trying to drain the account by powering down the Steem Power (SP). He will not be able to instantly withdraw the SP due to the waiting period of 11 weeks. Though successfully managed to transfer 1.970 Steem to @blocktrades with the memo - 9e0fafd2-f050-46ce-ad30-1491b8e6919f.

Actions to stop this bad actor.

  1. Reset the @council community bot account password. - Completed.
  2. Report to @blocktrades to investigate this incident using the transaction memo. I will recommend to cease the account associated with this transaction. - Aug. 6, I've sent email to [email protected] regarding this Security Incident and requested to cease the recipient account related to this transaction memo - 9e0fafd2-f050-46ce-ad30-1491b8e6919f.
  3. Reviewing where @Council ACTIVE account vulnerabilities. - Review in progress.
  4. Shutdown @council community bot program at this time 'till further notice. This will not affect @Council upvoting initiatives because it is only using POSTING key to upvote, so it will continue.
I will continue to investigate this security incident. Somehow, the malicious user was able to get @Council ACTIVE password.

Security reminder, always login using your POSTING key. Keep you OWNER and ACTIVE key secured.

Please resteem so I can get @blocktrades attention to check this incident.
Best regards,
@Yehey

Image source from pixabay.

Sort:  

nice content, a great reminder to everyone

Posted using Partiko Android

Resteemed, and glad you caught this right away.

I always Power Up every week, so when I check there is nothing to power up. The malicious user is also tried to power down. lol

I only used ACTIVE account in one server for @Council. I shut it down already but still puzzle because that server is only going out, nothing going in.

I have to check my Github, maybe the @council ACTIVE key was synchronized accidentally to the server and make it public. Search continue ...