The @keys-defender bot is LIVE in Beta mode ๐ŸŽ‰๐Ÿพ๐Ÿฅ‚ ๐ŸŽ€โœ‚๏ธ

in #steem โ€ข 5 years ago (edited)

Ladies and gentlemen and honourable members of Steemit, it gives me great pleasure to introduce you tonight a new defender of this platform. Please give a round of applause to.. @keys-defender โ— ย  ย  ย  ย 

๐Ÿค– ๐Ÿค– ๐Ÿค–


DEVELOPMENT UPDATE

Tonight I finished developing and testing the features that were in the works during my last development update post:

  • Recover Account when an Owner key is leaked;
  • Transfer funds to Savings when an Active key is leaked;
  • Publish a post on @keys-defender's blog when a Master or Active key is detected;
  • Automatically reply to the comment/post in which a compromised private key is detected (1x day per user to prevent abuse);
  • Send a wallet transfer when any compromised private key is detected (1x day per user to prevent malicious users from intentionally burning the scanner bot RC)

THE THREAT IS REAL

As disclosed in my previous posts, there are tons of compromised accounts credentials still stored in the blockchain.
( In case you missed it, scanning the whole STEEM blockchain I found 123 compromised keys ).

On top of that, there are malicious users (black hats) running bots to STEAL accounts and their funds. These bots are actively scanning new blocks published into the blockchain and will compromise your account within seconds from accidentally leaking a private key.

Testing my bot with real accounts made me realize that the threat is very REAL.

As I verified myself (losing a test account) if you publish an owner key, within seconds all your private keys get changed and all the funds transferred to the account of the attacker.

If you instead publish an active key, besides putting your funds at risk, your posting key will stop working after a few seconds. The only way out is to restore all your keys using your master password or master key.

Proof:
@abellame (hacked account now used to steal accounts) stole my test account @b0ts-testing: https://steemd.com/@abellame

There could be a solution for this but it will require tons of RC. I may get to it one day:
it looks like that account would run out of RC after only 7 transfers. I could get it to burn its RC intentionally leaking an active key from the same account every day so that when a real user compromises their key the malicious bot won't have enough RC to operate.

I will add this feature to my features backlog and will get to it when I have enough RC (I have a STEEM purchase in the order book but I may need more - delegations are welcome, by the way ๐Ÿ˜Š).

BETA TESTING

My testing so far went great.
This is the post that I used for debugging and end to end testing: https://steemit.com/test/@b0ts-testing/tomated-posts-test-2-1580640786922

As you can see @keys-defender (after some bug fixes) replied correctly to all types of leaked keys.
And it also published a post for each active and owner compromised key.

Please help me test the bot using a test account.


Feel free to leave a private key in the comments of that debugging post or this one as well.

I do not guarantee a 100% success rate but the risk is low as a dummy test account costs only 3 STEEM ($ 0.5).

PLEASE do not post the owner key of an account with funds in it!! I do not assume responsibility in case my bot has a bug and does not recover your keys in time.
Also, if you want to test intentionally compromising an active key, make sure that most of your funds are in the savings or transferred to another account.
Same as above though, I do not assume responsibility in case something goes wrong during the test.

So, again, please only use test accounts.

If you want to create one here you can find my guide on how to create an alt account in seconds.

NOTE: the bot is slightly slower than expected because is running in debug mode (eg. verbose logs enabled).

If you intentionally compromised a private owner key please reach out to me on discord to get the new keys: gabe#5784

During normal operations instead, real accounts with funds found during the LIVE scanning will be given to @guiltyparties and proof of identity will be requested.

EXPECTED RESULTS:

These are the expected results when a private key is published in any type of operation into the STEEM blockchain:

  • Owner key: keys change, reply, memo warning, post
  • Active key: transfer to savings, reply, memo warning, post
  • Posting key: reply, memo warning
  • Memo key: reply, memo warning

I haven't tested these but they should work correctly as well (as proven in the past):

  • leaking keys in wallet transfers
  • leaking keys in other uncommon operations (eg. account update)

PLEASE LET ME KNOW IF YOU FIND ANY BUGS! Much appreaciated. ย  =]

WHAT'S NEXT:

According to my backlog :
[] Monitor leaked dead accounts and burn their RC if abused - checked though daily scheduler
[] Auto-publish weekly report with live scanning stats

After these, before moving on to the other items on the backlog, I will spend some time working on minor bug fixes, stability, refactoring, testing, etc.


Previous related articles:

  1. @keys-defender birth
  2. Results of STEEM blockchain full scan
  3. Development plan and ideas

And now finally some sleep!! =']

Take care!

Sort: ย 

It looks like we got a new hit on a leaked active key and this may not have been for testing as the account has 700 SP.

The reply and transfer worked but somehow the post creation failed so Iโ€™ll do that manually tonight and investigate the logs.

Update: he was able to recover his account ๐Ÿ˜Ž ๐Ÿ‘๐Ÿ‘

https://steemit.com/cesky/@garygeo1/q54jqq

UPDATE:

It looks like my code did not create the post announcing the leak only because it ran out of RC.

I now powerd up a bit more.

This bot can save thousand of dollars from user mistakes and the reputation of Steemit is on the plate since the threat is very real as black hats bots are always running.

A safer platform is a good investment for every steemian.

Please feel free to support @keys-defender delegating any amount here.
ย  Thx

A new hit. It looks like someone leaked their private posting key today:

https://steemitwallet.com/@keys-defender/transfers

Thank you for doing this! โค๏ธ
!Tip

โค๏ธ

Cool stuff. People will get confused by Steem keys and paste them into the wrong fields. This is part of why Keychain is so useful. I hope you can help some people recover their accounts and protect their funds.

And one more hit today..

Yep, see an example in the comment above ๐Ÿ™ˆ

Looks like great work you're doing!

@tipu curate

Thanks ย  =}

Thanks key defender bot for recovering my account. Very helpful service.

No problem, take care! =]

@lifeskills-tv Can I ask you which app you use?
(Steemit warns you before you even try to post something that looks like a private key but other apps dont)

!BEER
Thank you for doing this.

Great work!

!DERANGED
!COFFEEA
!shop
$trdo
!BEER

Congratulations @eii, you successfuly trended the post shared by @gaottantacinque!
@gaottantacinque will receive 0.04708125 TRDO & @eii will get 0.03138750 TRDO curation in 3 Days from Post Created Date!

"Call TRDO, Your Comment Worth Something!"

To view or trade TRDO go to steem-engine.com
Join TRDO Discord Channel or Join TRDO Web Site


Hey @gaottantacinque, here is a little bit of BEER from @eii for you. Enjoy it!

Learn how to earn FREE BEER each day by staking.

Sorry, you don't have enough staked BEER in your account. You need 6 BEER in your virtual fridge to give some of your BEER to others. To view or trade BEER go to steem-engine.com