Hello kind-hearted Steem blockchain developers
As you may be aware, we have an evil piece of code on the lookout for keys added accidentally to memo fields.
Yesterday, @surfermarly became the latest victim of this script that will use a misplaced key (with enough authority) to transfer any STEEM or SBD in your wallet to @sami100.
While @surfermarly concedes this was a 'stupid mistake' on her part, these mistakes do, and will continue to happen.
Can we do something to help?
source
Before I start with the main crux of the blog, I just wanted to check if there was not a feature in place previously on steemit.com that would check for a possible key in a memo and immediately wipe the field. I'm sure that this was present a few months back? If so, can we have this feature again please @steemit?
Beat ya!
While we are waiting for the above to be added to all applications where transfers are possible, I was wondering if someone could write a piece of code to do what @sami100's script is doing, but with the intentions of beating this evil script owner to the mark?
So far, this account has transfered somewhere in the region of 600 SBD and 50 STEEM and has not responded to the polite requests for a return of these funds - it looks as if the account is unlikely to do so.
Unfortunately this crypto looks unrecoverable, but what if there was a good bot/script doing the same thing, with the goal to return the funds to their rightful owner?
Without knowing the complexities, I assume that this script would need to sit on a steemd node to be in with a chance of being faster than the existing evil code?
The return of funds may also need to be manual - once the account holder has reset their keys (hopefully the owner key wasn't used to make the transfer and present in the memo field), but apart from this, what else is required?
I'm aware that yesterdays publicity (and this post), may give a few people the idea to copy this idea, but hopefully the good will out and we have kind coders around who opt to do the same, and then choose to try to return the funds.
And you never know, a successful recovery might mean a reward from the original account holder, or may incite some rewards to be distributed from the pool when good deeds have taken place.
What do you think? Is this worth looking at, or am I just encouraging more evil?
Cheers
Asher @abh12345 / Witness @steemcommunity