You are viewing a single comment's thread from:
RE: UPVU's Exploit Technical Post-Mortem Report
We believe that Steemit Inc needs to focus on building Steem's infrastructure from zero base through DIP.
That would be very desirable.
After hacking the @upvu account, the hacker changed the private key and recovery account,
I find it very disturbing that someone was able to "hack" your keys. The changes you mentioned require at least the private owner key. If these keys were not stored somewhere in your systems and were nevertheless grabbed, this means that the key could be determined from the system! And that is very worrying!
You absolutely have to clear this up so that all users are aware. We may also have to bring forward changes on the code side....
Nothing has been clearly identified yet, but as already mentioned, it is neither a code-wise problem nor a Steem blockchain design problem. It is presumed that security issues may occur in tools or apps that existed before the fork of Steem and Hive, and unfortunately, it seems impossible to determine the exact cause at this time.
I hope you can still determine the cause. It could be only such tools or apps in question, which you also use. Or would libraries like dsteem or steem-python also be critical here?
Damn. Crazy shit.