Steal my EOS -- An experiment on the EOS.IO Mainnet

in #eos7 years ago

Would you like to steal 5 EOS?

Ok.. go ahead and try! Here is the private key for yostealmyeos
5K5V1MY4iPBvT1vZ8rdX89JVDMJXosmRqKGoUxCfYaVck69qNU2

So why am I posting a private key publicly on Steemit?

This is an experiment! EOS.IO blockchain was developed with account recovery in mind.

With EOSIO blockchain, #codeisnotlaw. So if somebody gains control of your account maliciously, there are methods to protect users and recover stolen funds thru an arbitration process.

However, in the case of this experiment, I may not even need arbitration.

Accounts on the EOS.IO blockchain were designed to include both an Active Key and an Owner Key permissions. The private key posted above is for the Active Key permission of the account.

The owner key can be used to "reset" the Active Key permission.

The 5 EOS.IO in the account are all "staked." In order to transfer EOS, the tokens must be unstaked. The EOS can be unstaked with the active key, but the process takes 3 days (by design). Within this time frame, I should be able to update my active key to prevent the loss of funds.

So if you would like to participate in this experiment, go ahead and try to steal the 5 EOS.IO and we will see what happens!

Good luck! :-)

Sort:  

Lol this is the kind of show-off I love

But where is Private Key ?

Did steemit filter it out for some reason? 5K5V1MY4iPBvT1vZ8rdX89JVDMJXosmRqKGoUxCfYaVck69qNU2

That's not a Private Key

Hahaha and what is it? Yes, it is a private key of EOS

Youre an idiot

Good experiment... you could give me the 5 EOS and see if you can take them back lol

haha - cool idea - I just sent you another 1 EOS to make the experiment more interesting ;-) - will you stake it before anyone else takes it?

I just reset the active key again and your 1 EOS is unstaked so that may disappear quickly!

Bummer!I left your EOS unstaked hoping someone else would stake it for you..! But someone got greedy! Don't worry Ill get you back at the end of this.. thanks for participating:-)

Great idea and a fun little game that will teach people about account security features of EOS! :)
btw,
Active key can and should be different from owner. Initially all accounts come with same owner and active key. For better security before starting to use EOS account people should update their active accounts and use them when logging into wallets. Owner key should be left offline in storage and only be used to update active key and serve as a "recovery" key.
Generate new key with:
cleos create key

Here is a cleos command that can be used to update active key for an account

cleos -u https://eos.greymass.com:443 set account permission < accountname > active '{"threshold": 1, "keys": [{"key": "< new active public key >", "weight": 1}],"weight":1}]}' owner

You're so smart....

It looks like the private key you published belongs to this public address
EOS5ueRfpHnWxbxysRpcsUkBsma7vWvZjgQYi9jU9cY7wyiSQd9Zx
which is not on the main chain, meaning there is no account associated with it.

cleos get accounts EOS5ueRfpHnWxbxysRpcsUkBsma7vWvZjgQYi9jU9cY7wyiSQd9Zx
{
  "account_names": []
}

It is linked to yostealmyeos. Someone changed it.. But I changed it back!

cleos get account yostealmyeos
permissions:
owner 1: 1 EOS6ka7tgmPJGEAPnNsxxeSNQUwqLMu44gZhnHY8RtXwPPKGFadak
active 1: 1 EOS6ka7tgmPJGEAPnNsxxeSNQUwqLMu44gZhnHY8RtXwPPKGFadak

Your private key is for this public key EOS5ueRfpHnWxbxysRpcsUkBsma7vWvZjgQYi9jU9cY7wyiSQd9Zx
It is not associated with any EOS account.

cleos get accounts EOS5ueRfpHnWxbxysRpcsUkBsma7vWvZjgQYi9jU9cY7wyiSQd9Zx
{
"account_names": []
}

Again, I changed the key back to my possession to prevent any loss of funds since somebody unstaked the tokens. You can check the history in a block explorer for eos to see for yourself!

So far EOS7Yee2ZgSQLcbSc5wNjdoA9rdz1cffdwqCsLZvcV1Gys9et3X5G keeps taking control of the active key and is buying and selling RAM, the fees of which goes into the eosio.savings pool.

Can whoever controls the active key buy and sell ram with staked tokens? I didn't think this was the case.

I really like your approach! Certainly hope you will follow up with more on this as the story develops. Keep us posted, very curious to find out to which extent, with EOS, #codeisnotlaw

Love this demonstration of confidence! :)

@eosinsider Is this over? I had some ideas to try :(

The key is now EOS6ka7tgmPJGEAPnNsxxeSNQUwqLMu44gZhnHY8RtXwPPKGFadak so i cannot try anything