RE: Steemit powering down 30M Steem, and still hasn't figured out how to secure their keys

avatar

You are viewing a single comment's thread:

lol. What auths do those private keys correspond to?



0
0
0.000
10 comments
avatar

I wish I knew, but I'm not going down that legal rabbit hole to check.

0
0
0.000
avatar

No, no, keys are unrelated.
It's a common mistake for unsmart people.
The have some tokens on exchange and they want to transfer it to their "steemit wallet", so they put steemit as destination and their memo key (half of disaster if only memo). Why? Because they did similar thing while transferring to exchange account... they put name of the exchange in destination and in memo field they put some "weird code".

0
0
0.000
avatar

Good explanation. Seriously how dumb are these Yuchen Sun people?

0
0
0.000
avatar

Well, I don't like being called unsmart but... when going through exchanges I would often have this kind of conversation with myself:

Ah time to transfer to an exchange, ah.. copy-pate the private active key for the transfer. copy paste the memo value from the exchange to the wallet for transfer. I hope I got that right...

Thank goodness for Hive Keychain, Hive Signer, and Metamask. Why isn't there one for Bitcoin?

0
0
0.000
avatar

And you are right in your inner conversation. Their error was to provide private key material to a third party (exchange) site.
For many, Hive will be their first contact with the cryptocurrency world, we have to do better when it comes to education on our way to mass adoption.

0
0
0.000
avatar

I agree that putting a memo-private key into a field definitely is a mistake and not an accident. It's a kind of mistake I had not heard of before this article.
Putting an active key into a memo field is probably an accident and a worse mistake.

As I recall there is some white-hat bot that scans the blockchain for private-active-keys to put them into a three-day lockup, and a black-hat bot that does the same in order to steal the funds.

0
0
0.000
avatar

When I posted the text of the memo keys in this discussion, @peakd warned against sharing your private keys. So good protection is possible at the interface level.

0
0
0.000
avatar
(Edited)

So you are saying the @steemit account on Steem exposed its private memo key... haha?

0
0
0.000
avatar

No, it's users on Steemit, who tried to send their tokens to "steemit wallet".

0
0
0.000