^source

Over the last two weeks we've had a pretty good run with @plentyofphish and generally the fight against phishing.

Typically the hackers will work in waves -- meaning, they'll do a mass-spam campaign, grab the accounts, drain what they can, and then either take a break or slowly spam the links here and there. Then, they lay low for a while and power down the accounts, before restarting again. This last week was the power down week so we're either going to see a resurgence of new phishing links via comment spam or they'll keep powering down for a bit longer.

Originally we determined that these hackers are the same ones responsible for similar phishing scams in other crypto and non-crypto communities, so chances of them temporarily reducing activity here to target another platform are high.

Account Usage

Since receiving its delegation, @plentyofphish has carried out targeted downvoting of 18 users, either to hide phishing links or remove payouts that would otherwise go to the hackers: @danielsamcity @whalez @eyasinarafat2 @faisal003 @fybiography @abdullahalamsher @girlgeneration @adewunmif @ashaaaq @aneurirc @christonawba @jrsteem @lento02 @aulia.rahman21 @goldbaba1 @soufianezelmimi @muslemmina @cryptomarks

Where possible or relevant, these were then un-voted.

The purpose of downvoting to remove post payouts is to deprive the hackers from as much money as possible. We don't want them getting one extra red cent from the reward pool.

In some cases the Steemd log may look confusing with multiple 'ignore' and 'unfollow' for each user. For the record, 'ignore' = 'mute' and 'unfollow' = 'unmute'. That's because sometimes it's hard to tell if the account is still under hacker control or has been restored.

General Information

Accounts Spawned by Hackers

If you see transfers to any of these on your account or another account, it has been compromised.

Charts

A couple of charts current to a few days ago with an error margin of 10% to account for accounts hacked in 2017.