Four days ago, I bravely(idiotically) publicly posted an active EOS private key on the internet and challenged the public to steal my EOS.
(
)
Spoiler alert: The results are in! I still have all my EOS!
You don't need to take my word for it... The magic of public blockchain allows you to verify for yourself by using any block explorer -- a tool designed to review historic blocks, accounts, transactions, and actions recorded on a blockchian.
yostealmyeos -- the account created for this experiment, still has all 5 EOS I started this experiment with!
What happened?
I started the experiment with 5 EOS. 2.5 were staked for bandwith, and 2.5 staked for CPU power.
Only a few minutes after posting my EOS private key publicly, I noticed unusual activity in my EOS account.
Here is a quick rundown of what ensued:
9:04 A.M. CST The majority of my tokens were undelegated(unstaked) unbeknownst to me. Luckily the process takes 3 days to complete -- and coins must be unstaked to transfer . whew!
9:07 A.M. - 9:15 A.M. Hackers accessed the account and used it to delegate CPU and Bandwidth to 3rd parties.
9:30 A.M. I've lost control of my EOS active key -- my active key was overwritten and now the holder of the private key of EOS7Yee2ZgSQLcbSc5wNjdoA9rdz1cffdwqCsLZvcV1Gys9et3X5G has taken control of my EOS active key. Now the private key in my EOS key I posted is no good for anything, and this new active key holder and myself (owner key) are the only ones with control of the account. Luckily, I still had an EOS OWNER key in my possession, linked to a different EOS public/private keypair ;-)
9:34 - 9:42 A.M. All tokens are unstaked again. Then user alepacheco11 delegates yostealmyeos some network resources, and uses it to Buy and Sell Ram -- earning the account some extra EOS (more than I started with!)
10:59 A.M. User mariusactive shakes things up by sending yostealmyeos 1EOS (unstaked!)
11:30 A.M. User alepacheco11, in control of the active key, uses it to "cash out" the unstaked EOS.
11:33-11:40 A.M. A battle over the active key ensues. I keep resetting the active key back to EOS5ueRfpHnWxbxysRpcsUkBsma7vWvZjgQYi9jU9cY7wyiSQd9Zx (linked to the private key in my steemit post), while others overwrite it to control the keys themselves.
24 hours later The 5 EOS in the account are still in the process of unstaking. The account does not have any network resources remaining for new transactions and the account hasn't seen any new activity. I decide the fun and games are over, so I first delegate some network resources tot the account and then use https://eostoolkit.io/ with my owner key to reset the active key to a keypair that only I control.
24 hours later Hacker alepacheco11 admits defeat and gives up on the challenge!
- Some of my favorite block explorers for EOSIO Mainnet (in no particular order of preference)
http://www.eosflare.com
http://www.eospark.com
http://www.eosweb.net
https://www.eosquery.com
https://eostracker.io/
http://eosnetworkmonitor.io/
Thanks to all that participated in this challenge:
If you are interested in EOS related news and projects, please subscribe to my e-mail newsletter at http://www.eosinsider.io
Should I double down on this challenge?
Should we do this again? Please leave your comments below :-)