You are viewing a single comment's thread from:

RE: Security/Censorship questions for steemit.com

in #steem9 years ago

Could our private keys be stolen by steemit.com?

Yes, of course.

The wallet built into this website, as it is programmed right now, runs entirely on your own computer. Your private keys do not leave your own machine. That's good - it means that if a hacker breaks into the steemit.com website he won't find a database of keys he can steal.

What a hacker can do, though, is replace the wallet software built into the website. He could modify the code so that it automatically sends all your funds to his own account, right after you log in. He could modify the code to change your account keys to his own, locking you out. He could do whatever he wants with your account.

It doesn't take much to do that. A simple XSS injection would be sufficient. I believe there was an injection bug in the early days of the site, but AFAIK no damage was caused.

9 years ago in #steem by
$0.00
    Reply 1
    Sort:  
  • Trending
    • [-]
     9 years ago  

    Is someone working to fix this?
    That sounds bad long term

    $0.00
      Reply