Cyber Attack

From Steem Center
Jump to: navigation, search

Cyber Attack in Steemit context refers to a steal attack suffered on Steemit weeks after the official launch and first tokens distributions in July 4th, 2016.

In the attack, as annouced by Steemit, Inc CEO Ned Scott in July 14th, 2016, fewer than 260 accounts were compromised, and less than $85,000 worth of Steem Dollars and Steem may have been stolen.[1]

According Softpedia News who first noticed the attack was steemian The Dragon Slayer (@dragonslayer109). He reported mysterious transactions that transferred funds from his account to another Bittrex account, one of the Steem Exchanges that allow users to withdraw Steem Dollar (SBD) as Bitcoin.[2]

The hack was quickly contained. Users whose accounts were compromised were completely reimbursed. Ned Scott updated the situation in July 15th, 2016: “Within the next 48 hours, Steemit will begin to allow all newly secured accounts to reset their passwords simply by logging in with the same Facebook or Reddit credentials that were used to register in the first place. This easy process will work for the vast majority of the potentially compromised accounts. All of these account holders will regain full access to their funds and their original account name.”[3]

Steemian @steemed commented that the Steem protocol itself (the "coin") was not hacked, nor was any smart contract running on top of the Steem protocol. It was a website hack where a hacker stole funds and account credentials.[4]

An attractive target

At that time Steemit had seen an explosive growth over the previous two months with the number of users increased by record-breaking 3,200%. According to the estimations in July 13th, the Steem Tokens had reached the third place in market capitalisation after Bitcoin and Ether, jumping from $13 to over $250 million in only 10 days.[4]

Distributed Denial-of-Service Attack (DDoS)

Coincidentally or not, right after the company made the fixing announcement, a DDoS attack hit its servers. Steemit, Inc used this attack to bring down its servers for maintenance and upgrade Steemit service by adding something it called "blockchain-based multi-factor authentication," to boost account security even more.[2]

In July 21st, 2016, an article published in The Merkle annouced that Steemit platform resumed operations and compared with a similar issue faced by Ethereum community when managed to hard fork and refund the extra Ether sent in the last days of The DAO creation period.[5]


References

  1. Important Security Announcement: Steemit CEO Ned Scott Signed by Ned Scott and published in @steemitblog profile on Steemit in July 14th, 2017
  2. 2.0 2.1 Steemit Social Network Hacked, User Funds Stolen, DDoS Attack Ensued Written by Catalin Cimpanu on Softpedia News in July 18th, 2016
  3. First Update to July 14 Security Announcement from Steemit CEO Ned Scott Signed by Ned Scott and published in @steemit3 profile on Steemit in July 15th, 2017
  4. 4.0 4.1 Steem is hacked! $85,000 reportedly stolen Written by Diana Bogdan and Svetlana Nosova on Coinfox in July 14th, 2017
  5. Steemit Platform Resumes Operations Written by Eduardo Gómez on The Merkle in July 21st, 2016

Links

Related articles

External links

In other languages




Help keep this wiki page updated. Register, click in edit, add or modify the text and save.
If you're already a steemian you can be rewarded with STEEM, see how in @steemcenterwiki.