The blockchain social media Steemit was hacked on 14 July. Its cryptocurrency, however, rallies reaching one of its highest levels just after the attack. CoinFox tries to figure out, why.

As the publishing platform is gaining popularity beyond the borders of the crypto community, STEEM, the cryptocurrency it uses, has reached third place after BTC and ETH in terms of market capitalisation. At the press time, it is trading at $3.80 on Bittrex, having reached its highest level on 20 July, leaving behind the pre-attack peak of 13 July. Moreover, according to, the highest number of accounts created in one day was recorded on 13 July with 2790 new signups. The hack led to a rapid decrease in new registrations, but even so, on 19 July, 1353 new users started “steeming”.

Price graph for Steem (July 2016)

In sum, even though a week ago around 260 accounts were compromised and nearly $85,000 worth of Steem Dollars and STEEM stolen, today both STEEM and Steemit are doing great. In what follows, we are trying to sort out the how's and why's of the most notable July hack.

Back to Steemit 101

In an analysis published earlier in July, CoinFox referred to the ebook Steemit 101: Discover How to Make Money and Haven Fun on the Social Media Site that Pays YOU to post and Vote on Content authored by four of the most active users of the publishing platform. At that time, the feature that caught our attention was the strong sense of community and its utopian pathos:

“Imagine a social media site that rewards people and not greedy shareholders. …Steemit is controlled ONLY by its community members. There is no agenda. Most certainly, there is no large corporation or government calling the shots. …We still believe in the free and open market place of ideas. We believe that when differing opinions are allowed to compete against one another, everybody learns more about those issues and perspectives. Everybody has a chance to discuss and debate ideas. May the best idea win, and may everyone treat each other with respect and understanding.”

And indeed, while Steemit is still running in beta, its community of early adopters is not only growing bigger, it is also becoming more and more committed to the cause of making the platform successful and sustainable. However, when the hack began on 14 July and the Steemit community faced its first serious challenge, no one really knew how this would play out. Were people going to sell in a panic, thus facilitating the dumping scenario? Were they going to quit the platform and just give up? Were they going to stay and carry on?

Just before being hacked herself, a top Steemian and co-author of Steemit 101 @stellabelle called out in a post the rise of “incidents of hate speech, victim blaming and psychopathy in the comments”. She wrote:

“Then the hacker came in draining funds, propelling our fantasy-turned-reality community into a short-lived doom vortex. Many of us, though proclaimed that we'd gladly buy any sort of panic-selling Steem, as we are committed to the dream of Steemit. I for one would buy more Steem if the price started to drop. The dream of Steem is now a reality that I don't ever want to lose.”

After her account was compromised, @stellabelle reflected on the experience of losing control over her profile and funds:

“Well, I got officially freaked by my account being hacked. I'm not going to lie. I realize the funds will be returned, but still, it does make one feel vulnerable.”

While many users had to wait until now to regain access, others chose simply to create new profiles. User @pinkisland, whose initial account @qamarpinkpanda was hacked, expressed her frustration at the time of the attack:

“After the attack that happened by the hacker, I couldn't access my account anymore. Yes, I felt a little sad and fear possess me, but I already knew that Steemit team will be able to get back our accounts as they were before. Thanks for the whole hard work the team is doing. I keep watching since that day all posts and interactions. When I go ahead to vote; I remind myself again that I actually can't contribute for now. I really felt isolated a little bit since I was happy being here every day.”

Feelings aside: Focus on security

As it was explained a few days after, the DDoS attack on Steemit did not target the Steem blockchain nor its servers:

“As some of our users have mentioned, the Steem blockchain was never hacked. Likewise, our servers were never hacked. Instead, the hacker exploited browser-side vulnerabilities, a challenge that every Fortune 500 company faces as well. After patching the problem, we are now at work on a new multi-factor authentication solution that would prevent similar attacks from happening again.”

Thus, users, even those unable to access their accounts, could see all transactions in the Steem blockchain through the read-only monitoring tool This also motivated a number of users, like for instance @redexi, to propose “making the entire source of available on GitHub, to allow for backup hosting by the community,” – the idea supported by the lead developer Dan Larimer in an adjacent comment.

The hack also pushed Steemit developers to reconsider blockchain security and come up with a novel way of protecting user accounts. In two consecutive posts, Dan Larimer, whose original account @dantheman also suffered from the attack, talked about the problems of cryptographic security and identity proofs. In this context he emphasised that the private keys used to authenticate transactions on the blockchain are not the same thing as an identity. “They are mere evidence. Disputes can still arise when two people both have access to the same private key.” Larimer has also pointed out the important role of the community in cases of security breach as with The DAO previously and now with Steemit:

“We have seen with The DAO, Bitcoin, and Steem hard forks that in the event of a bug, exploit, or theft that the community can and will take action to get justice.”

“On a social network we have a new kind of proof, social proof. We know who people are and generally know when someone was hacked. Unlike money, posts and votes made by an attacker are often clearly out-of-character for someone. This makes it very obvious to everyone in the social network that an injustice has occurred.”

Moreover, Larimer concluded that “social media is the key to blockchain security,” claiming that:

“Having a social platform is the best and easiest way to get all of your friends and family online and available to secure your account. Imagine Facebook friends on steroids. Your most trusted friends and family become the source of your identity and their collective word (active key) secures your identity and account.”

Not surprisingly, his account recovery solution proposed on 17 July introduced the element of “the trusted individual” or “someone who can identify you independently of your key.” In its essence, the new recovery system re-establishes, in digital form, the age-old institution of sureties, once a crucial element of communal life.


And so it seems that the key to the success of Steemit and STEEM, even when faced with a hacker attack, is their philosophy and their community. In the words of user @senseiteekay, “we’ve been hacked, exploited, left in the dark a little, and yet no one seems to really care. Why? Because this sites too good to let die!”

Alex Fortin, the author of the Business To Freedom podcast, expressed the same opinion through his YouTube channel. Reporting on the hack, Fortin noted that, as he was waiting for the price of STEEM to drop due to the attack, “the exact opposite happened, the price started climbing… What I believe is that people were just so confident. I think that’s a proof; it’s a vote of confidence into the platform, into the developer, into the community… That really makes me believe a lot more into the future potential and the future growth of the platform.”

While Steemians appear to support the project wholeheartedly, criticism comes from the competition. On the first day of the hack, 14 July, the founder of the incentivised blockchain- and bitcoin-based social media platform Yours, Ryan X. Charles, published an article, where he argued that “Steem can’t last.”

“The burden of building not just a community and a technical platform, but also a novel cryptosystem and supporting economy, is extremely high. Security and scaling problems with their blockchain have a smaller team of experts incentivized to solve them, so solutions will come slower. Companies and services such as wallets and exchanges will be fewer in number and less featureful. When they encounter regulatory issues, they will have fewer allies.”

Interestingly, in an addendum to the article, Charles mentioned his previous post, in which he explained why Yours is not using ether, but bitcoin. Referring to the subsequent hack of The DAO, he noted that “the timeliness of my article was an accident, but it reassures our stance. Like any good scientific theory, the bitcoin theory has not yet been nor can ever be proven, but so far has withstood every attack.” One thing is for certain, his criticism of Steemit and its own cryptocurrency published on the very day of the Steemit hack was also quite timely. Irrespectively of Charles’ criticism, however, Steemit is indeed introducing a new element in the sphere of incentivised publishing platforms, namely a strong focus on community-building and engagement. This community may seem for the moment naïve and over-enthusiastic. Nevertheless, we are looking forward to seeing it mature and surprise us even further.


Diana Bogdan