Steemit Hacked for ‘$85,000’ as Users Complain of Weak Security

in #steemit8 years ago (edited)

Steemit Accounts, Wallets ‘Not at Risk’

Steemit Accounts, Wallets ‘Not at Risk’

In an official statement released today, CEO Ned Scott said that a maximum of $85,000 worth of the site’s currency, the Steemit dollar, “may have been stolen.”Stating the hack had since “been contained,” Scott said,

“USER ACCOUNTS AND WALLETS ARE NOT AT RISK, AND WE HOPE TO SOON REACTIVATE THE STEEMIT WEBSITE TO NORMAL ORDER. ANY USERS WHOSE ACCOUNTS WERE COMPROMISED WILL BE COMPLETELY REIMBURSED.”

The number of affected accounts is around 260.Bittrex, Steemit’s partner exchange, also halted orders of the platform’s currency.

“USER ACCOUNTS AND WALLETS ARE NOT AT RISK, AND WE HOPE TO SOON REACTIVATE THE STEEMIT WEBSITE TO NORMAL ORDER. ANY USERS WHOSE ACCOUNTS WERE COMPROMISED WILL BE COMPLETELY REIMBURSED.

The cause of the hack has not been made public. However, complaints from the Steemit’s Slack chatpoint to a lack of security features, specifically two-factor authentication, frustrating users. “A lot of chat traffic is going on in the Steemit slack of accounts being hacked,” one Steemit user wrote in apost earlier today. “Maybe It’s time for my newest proposal. Two factor authentication! I think that with a simple configuration of the Google Authenticator app you can secure your account a whole lot better!” The alarm was seemingly sounded by users such as ‘dragonslayer109,’ who uploaded screenshots of unauthorized transactions seemingly being made on their account. The user claimed that over $300 had been drained. Steemit: A Rollercoaster Ride Scott meanwhile maintained the situation was under control and that an investigation was being instigated with law enforcement. “Though only a relatively small amount of Steemit was stolen, we take any form of criminal activity against our community extremely seriously,” he wrote. “We have reported the hack to police and other cyber crime authorities, including the FBI. A full, internal investigation is currently being conducted and we are working on an immediate solution.” The sentiment was echoed by Steemit’s PR intermediary, who in an email to Bitcoin.com wrote that “[Scott] and his team are busy working on the investigation and developing an immediate solution.” The event adds a biting realism to what has been a whirlwind month for Steemit. A week ago, the platform had announced membership increases of 1600% and users rewarded with $1.3 million dollars through posting popular material. “The community and the blockchain together power a system that gets better and better every day,” Scott said at the time. The platform’s website is inaccessible while the immediate investigation remains ongoing.

Sort:  

If there was a better option like client side signature to confirm site operations (pgp or bitcoin's ecdsa) then we would be using this and there would be no problem.
I have the cli wallet installed

Interesting post. Well done :)