Security Incident Reports – @Council community bot account un-authorize transferred of SBD (Steem Backed Dollars) to a malicious user at @blocktrades August 5 sometime in the morning. Here’s the wallet transaction.
As you can see, the malicious user is trying to drain the account by powering down the Steem Power (SP). He will not be able to instantly withdraw the SP due to the waiting period of 11 weeks. Though successfully managed to transfer 1.970 Steem to @blocktrades with the memo – 9e0fafd2-f050-46ce-ad30-1491b8e6919f.
Actions to stop this bad actor.
- Reset the @council community bot account password. – Completed.
- Report to @blocktrades to investigate this incident using the transaction memo. I will recommend to cease the account associated with this transaction. – Aug. 6, I’ve sent email to firstname.lastname@example.org regarding this Security Incident and requested to cease the recipient account related to this transaction.
- Reviewing where @Council ACTIVE account vulnerabilities. – Review in progress.
- Shutdown @council community bot program at this time ’till further notice. This will not affect @Council upvoting initiatives because it is only using POSTING key to upvote, so it will continue.
I will continue to investigate this security incident. Somehow, the malicious user was able to get @Council ACTIVE password.
Security reminder, always login using your POSTING key. Keep you OWNER and ACTIVE key secured.
August 7, 2018. The malicious user is search and identified.
Image from pixabay.