HomeAnswerNotificationsCategoriesAboutFAQ
HOMEQUESTION
If Steemit were to get hacked, would my funds be safe?
$0.11
9 ANSWERS
No, it is not possible. if anyone has your private key then you will definitely lose your funds. It will take only 0.3 seconds to get access to your account. And the hacker person will transfer all your steems and SBD in just a few seconds. Basically, people are losing their id and money by mistakes. They are mistakenly given their private or active key in the memo and whenever they send it, it went to the blockchain.
There are some people who are always looking for this opportunity. That's how many people are losing their money on steemit. However, some people are also working hard to save people money and their steemit id. "@noblebot" do you ever heard the name?. If not I am going to tell you about him and his work. He is always looking on the steemit blockchain for the private key, active key and master key. Whenever he found someone has mistakenly given their any key (master or private or active) he will immediately take that key and changed the password. After that, he will give the new password to the account owner. The account owner has to give some valid information to take his account from the noble bot. The @noblebot is providing this service free of cost.
$3.87
Reply
[edit] someone asked why am beating around the bush , but i already completed it in another reply :

https://musing.io/q/peachyladiva/p36wvarfx?r=profile-rudyardcatling

after reading the question i thought i was wrong, but i was incomplete, all info in the link or in the answer down here by @awesomeianist, thanks much

I'm not sure what you mean by hacked here.

As far as i know steemit does not store any password (or key) on its servers.

I'll try a bit of technicalities :

steemit is actually not the blockchain, steemit is an UI, short for User Interface, which takes data from the blockchain and transforms it into a visbile, readable format in .html format which can be rendered in the browser of your choice on your pc or phone (or tablet or whatever)

The underlying blockchain is accessible to anyone who cares to look and is maintained on a series of servers, which are maintained by witnesses. The witness system secures the data by making sure each and every one has a copy so no single one can alter the blockchain.
It is, in theory possible to change data in a ledger, but to do so you would have to recalculate / mine all subsequent transactions(hashes), the actual links between blocks of data

i went into this some questions earlier here : https://musing.io/q/bookoons/f33qrfhwx?r=profile-rudyardcatling

This is the main reason why you can not EVER delete any post , comment , or reply : once it is stored it sits in "a block" that only fits exactly between two other blocks and cant be moved to sit between any of the (i have no idea how many there are atm) other blocks ,

talked about that a bit here : https://musing.io/q/sagartalekar/pk4jssew5?r=profile-rudyardcatling

if you look at a chunk of the data it looks totally unreadable

its like

```
celerontcat@cerebro:/mnt/6f1cfa9e-a67f-43e5-bacd-8e60ac8ef226/steempyth$ cat steem.blockchain.json
{"block_id": "0000000109833ce528d5bbfb3f6225b39ee10086", "extensions": [], "previous": "0000000000000000000000000000000000000000", "signing_key": "STM8GC13uCZbP44HzMLV6zPZGwVQ8Nt4Kji8PapsPiNq1BK153XTX", "timestamp": "2016-03-24T16:05:00", "transaction_ids": [], "transaction_merkle_root": "0000000000000000000000000000000000000000", "transactions": [], "witness": "initminer", "witness_signature": "204f8ad56a8f5cf722a02b035a61b500aa59b9519b2c33c77a80c0a714680a5a5a7a340d909d19996613c5e4ae92146b9add8a7a663eef37d837ef881477313043"}
{"block_id": "00000002ed04e3c3def0238f693931ee7eebbdf1", "extensions": [], "previous": "0000000109833ce528d5bbfb3f6225b39ee10086", "signing_key": "STM8GC13uCZbP44HzMLV6zPZGwVQ8Nt4Kji8PapsPiNq1BK153XTX", "timestamp": "2016-03-24T16:05:36", "transaction_ids": [], "transaction_merkle_root": "0000000000000000000000000000000000000000", "transactions": [], "witness": "initminer", "witness_signature": "1f3e85ab301a600f391f11e859240f090a9404f8ebf0bf98df58eb17f455156e2d16e1dcfc621acb3a7acbedc86b6d2560fdd87ce5709e80fa333a2bbb92966df3"}
{"block_id": "000000035b094a812646289c622dba0ba67d1ffe", "extensions": [], "previous": "00000002ed04e3c3def0238f693931ee7eebbdf1", "signing_key": "STM8GC13uCZbP44HzMLV6zPZGwVQ8Nt4Kji8PapsPiNq1BK153XTX", "timestamp": "2016-03-24T16:05:39", "transaction_ids": [], "transaction_merkle_root": "0000000000000000000000000000000000000000", "transactions": [], "witness": "initminer", "witness_signature": "205ad1d3f0d42abcfdacb179de1acecf873be432cc546dde6b35184d261868b47b17dc1717b78a1572843fdd71a654e057db03f2df5d846b71606ec80455a199a6"}
{"block_id": "00000004f9de0cfeb08c9d7d9d1fe536d902dc4a", "extensions": [], "previous": "000000035b094a812646289c622dba0ba67d1ffe", "signing_key": "STM8GC13uCZbP44HzMLV6zPZGwVQ8Nt4Kji8PapsPiNq1BK153XTX", "timestamp": "2016-03-24T16:05:42", "transaction_ids": [], "transaction_merkle_root": "0000000000000000000000000000000000000000", "transactions": [], "witness": "initminer", "witness_signature": "202c7e5cada5104170365a83734a229eac0e427af5ed03fe2268e79bb9b05903d55cb965479
```
and so on for 100 or more GigaBytes , i don't know the exact current size , what you see there is already converted to.json format so you get every transaction in a nice line.

your account history, unformatted looks more like

'```
celerontcat@cerebro:~/Documents/steemUX/history$ cat fullhist_rudyardcatling
{"jsonrpc":"2.0","result":[[0,{"trx_id":"da5654724f6a0b35886d8173072148a8c1ca54f8","block":16163657,"trx_in_block":12,"op_in_trx":0,"virtual_op":0,"timestamp":"2017-10-08T23:49:03","op":["account_create_with_delegation",{"fee":"0.500 STEEM","delegation":"57000.000000 VESTS","creator":"steem","new_account_name":"rudyardcatling","owner":{"weight_threshold":1,"account_auths":[],"key_auths":[["STM7HigTEkCNePTR1QHHTaMX5kqPB2omaDcpY5RKs1zH2cG8mAweS",1]]},"active":{"weight_threshold":1,"account_auths":[],"key_auths":[["STM82DwaTnZrNNCU4eCm2FLCRWmZaMCz63BXDhtaYKNzUrgyf4aHm",1]]},"posting":{"weight_threshold":1,"account_auths":[],"key_auths":[["STM6bSVB2LUguK5wKNKE6i33ADmDBKh9mWw2oya1xTHkDCepbNHJb",1]]},"memo_key":"STM8G87DXb8cCBbimvkvfb9zAajGYzJX5kkVoQYhkJJUNGt88hxaW","json_metadata":"","extensions":[]}]}],[1,{"trx_id":"e125d4fe88eea6a6c82a38c7e9cff24106fb8d2a","block":16168890,"trx_in_block":32,"op_in_trx":0,"virtual_op":0,"timestamp":"2017-10-09T04:10:42","op":["comment",{"parent_author":"","parent_permlink":"introduction","author":"rudyardcatling","permlink":"a-story-an-introduction-mhh-well-what-s-in-a-name","title":"A story ? an introduction ? mhh ... well, what's in a name ?","body":"one might say the original question was, like ... like my google account closed by the name +retorica t ... lots of people thinking that i'm good with words since i'm not a native english speaker but sometimes somewhat punny ..
```

if you had to get your posts like this it would take quite some time to figure out who is saying what , lol, so UI's (user interfaces) like steemit, or busy, or musing, or dlive or any of the others take all that data and bring it to your browser in a nice, readable format, as you see here

if you have a pc, for instance, what you can do (i would recommend firefox for that) is take your account , in my case
https://steemit.com/@rudyardcatling

and add .json to the end so https://steemit.com/@rudyardcatling.json

you will get a formatted overview of all things and variables related to your account

you can do the same to a post :

https://steemit.com/religion/@rudyardcatling/p3q7y8af5.json

and you will get an overview of about everything related to the post, including voters, the weight they voted with, the amount of vests every vote is worth and so on, you could for instance exactly calculate what every vote is worth, compare it to the voters current steempower and see if their 100% vote is a 100/100 vote or a 100/10 vote (voting weight comes from the slider but as you see on steemd or steemnow you have voting "power" which goes down about 2% for each consecutive vote, unless you waitt 2.5 hours (i think its more like 2hours24minutes)

Now the thing is : NOWHERE in all those gigs and gigs of data will you find any password or any key from any of the 1099352 number of accounts (at time of writing), they're not stored inthere.

So basically its not possible to "hack" steemit since steemit is only a translating tool for the data in the blockchain, and the blockchain, visible to anyone anywhere who cares to look

*there are no secrets on the blockchain*


does not contain any sensitive information (unless you accidentally post a naked selfie hahah)

several reasons for this :
1) they dont have to provide storage
2)they have no liability
3) they have full deniability , if you're a supervillain and uncle fed wants you, they can't even give them the password, simply because they don't have it :)
4) no one up there has access to your account (but everyone on the planet can see the data that's included, thats just how present-day blockchain works , hyperledger (linux foundation) and banca (wallstreet) provide options for separate "zones" if you like that don't involve confirmation from the whole chain so its basically possible to have private transactions there, it hasnt lifted off yet, but seeins as linux foundation probably is the worlds biggest ultrageek collection i'm sure it will, after all : all supercomputers in the world run linux , not windows, not iOS, they ALL run linux (look that up if you dont believe it)

and then some

So the only who has your masterpassword is you

the only one who has your keys is you (unless you give them to someone)

if you don't know where to find those, open up a browser, click the icon with the profile picture, from the drop down menu select wallet , then select permissions, this will allow you to show your four keys on screen, the master key is needed to login , and to change the others, the posting key is (well....) for posting lol and the active key is used for financial transactions, sending sbd or steem from and to wallets. I assume the master can be used for all three ? (not 100% sure but since the other keys are generated from the master key i assume (again not 100% sure) the other keys can be calculated when needed if you enter that one

It's imperative that you keep a backup of at least your master key in cold storage (cold storage means offline) , wether that's a piece of paper or an encrypted flash drive is up to you and your financial situation i suppose, i wouldnt pin in on a sticky note on your desk at work in any case.

If you lose that , then there is NO WAY EVER you can recover your account, no one can help you , the keys are strictly private (althoug if you make an account @blocktrades as an alt you get the option to store your original key with them, probably for a fee but PLEASE NOTE : the backup they have is only valid until you change your password, once you change that, they have no way of recovering it for you)

Now, about the hacking, where's the vulnerability ?

hacking is romanticized a lot and the word has also lost much of its original meaning .. a hack actually refers to creative use of resources, finding ways of doing things within any given system in a way it wasn't meant to be used originally ... you could call steem a hack of the original satoshi whitepaper if you like lol or maybe the [popcorn robots](https://www.futurity.org/popcorn-robots-1823052-2/) ... (
$2.54
Reply
12 Comments
The question you asked is a nice one, after signing up with steemit you were advice to keep your private code, if misplaced you loose your acct and funds. Loosing your password to someone else is like loosing your atm attached with your pin. You know your funds are not save anymore. Someone else can jst take your atm after having your pin and withdraw all your money. So if you loose your steemit pin to someone else or it has been hacked. Someone can just withdraw all fund but it will be seen in your transaction history. It is not safe because the person cannot be traced since we have many users on steemit.
$0.54
Reply
Steemit is one of the best secured blockchain sites. There is tendency of you carelessly misplacing your password to scammers or hackers which enables them to have access into your wallet and account. They can easily transfer your funds into their account because they have your account key. Always make sure you keep your account key or password very secure such that no one will have access to it except you.

Also be very careful about the type of links you click on. I once read an article about some people creating links with their knowledge of coding such that after clicking on the link, you may get scammed. I don't really know how true this I but you just have to be very careful.


Always make sure your account key is secured and safe without hackers getting access into your account or wallet.


Thanks for reading.
$0.19
Reply
4 Comments
Yes, your funds would be safe even if Steemit got hacked. You have to remember that Steemit is just an interface that let's you connect to the Steem blockchain easily, and it's not Steemit Inc. that controls any accounts or passwords.
$0.11
Reply
I don't funds will be safe if this happens, the motive of the hackers will be to steal funds of course!
I think the question here is "how secured is Steemit from hacker"?
Reply
1 Comment
As long as your account and funds are still tied to the Steem blockchain, there is every possibility that your funds wouldn't be safe if Steemit were to get hacked.
Reply
Depends on the kind of hack.

If steemit were hacked and user passwords were compromised; a lot of users would lose their funds. Transactions on the steem blockchain are lightening quick, so it'll take a couple seconds or minutes for a hacker to clear your liquid STEEM and SBD.

Your SP would probably be intact thanks to the 13 week power down setting.

A good option to avoid such a scenario is to transfer your tokens to savings. It's more secure.
Reply
Steemit has a password that is different from other social media, steemit password has 50 numbers and upper and lower case letters in an integrated algorithm the goal is to complicate tracking passwords that are tried to hack, that's why steemit gives the password from the server not from our own password. And if you are able to remember the steemit password, that means steemit is still not safe to use. and so far no one has been able to remember steemit passwords.
Reply