You are viewing a single comment's thread from:

RE: Fake Proposal Scam! 8700+ Accounts Involved

in Ecency5 days ago (edited)

Hello.
The accounts were created with Hive on Board.
Thank you for finding the remaining ones and breaking down how Eceny Points farming worked.
The report for 25th December was missing so I suppose that I did not get them because of that.

image.png

5 days ago in Ecency by
$0.00
    15 votes
    Reply 5
    Sort:  
  • Trending
    • [-]
     5 days ago  

    I have the data involved in this with more info on accounts creation date. I have it in an excel sheet here https://filebin.net/bn1hyysx0ea5denn

    The major finding were.... most of the accounts involved were created in Dec 2024 but many hundreds were from before (likely stolen or compromised).


    Only December Data ^^

    That's like 90% of the accounts involved here.

    All the acccounts invovled ^^

    But there is a slight problem with some part of the data, the ones which are old accounts. Some of those old accounts have likely transfered Ecency Points to someone whose accounts got compromised in the past. This might introduce some false positives to the early records (before December).

    So, I would not blanket blacklist all the accounts created before December.... they are not many anyways. One example of this is the user @olgavita who sends Ecency Points weekly as a contest prize in their community.

    $0.00
      Reply
      [-]
       5 days ago (edited) 

      Thanks @opravesh0.
      I whitelisted olgavita.

      It would be great if you to find out which accounts exactly do not fit in that group so there will not be unnecessarily blacklisted.
      It is unlikely that this scammer has stolen or compromised any accounts. All he seems to be doing is creating new accounts that exploit HOB vulnerability.

      What was most important was to find out which account creation service the scammer used on 25th December if it was not HOB.

      [-]
       4 days ago  

      I am unfamiliar with the process for claiming free accounts and creating them through Hive on Board. When claiming an account token and creating the account a record of the transaction is preserved on the blockchain, is it not? It seems the perpetrator of this attempted scam was well staked enough to claim >8700 accounts, which should narrow down the potential suspects quite a bit.

      $0.00
        Reply
        [-]
         4 days ago (edited) 

        Hi.
        I had already found the scammer.
        The abuser is bgmoha / albro / brook.dev (identity theft)
        The vulnerability was the bug with a referral code that was allowed to be endlessly re-used for account creation.

        [-]
         4 days ago  

        This is excellent news!

        Thanks again.

        $0.04
        • Pending payout amount: $0.04
        • Breakdown: 0.02 HBD, 0.04 HP
        • Payout in 3 days
        2 votes
        Reply