<html>
<p>As far as I can see this hack (rather exploit) has not been prevented, but <strong>if I'm wrong</strong> <strong>please let me know in the comments.</strong></p>
<p><br></p>
<p>I'm mentioning this hack because it was <strong>extremely effective on /r/giftcardexchange</strong></p>
<p><br></p>
<p>And <strong>people have already made this mistake.</strong></p>
<p><br></p>
<h3>The Hack</h3>
<p>1. Buy a reddit account on http://www.redditsecrets.com/buy-reddit-accounts or elsewhere</p>
<p>2. Open an account with a modification of the username bittrex, e.g. bittrrex, bitrrex which haven't yet been taken etc.</p>
<p>3. Wait for people to make mistakes, withdraw when they do, with a large enough sample size you can bet someone will.</p>
<p><br></p>
<p><em>This can be applied </em><em><strong>even more successfully</strong></em><em> with permutations of </em><em><strong>@openledger's name</strong></em></p>
<p><br></p>
<h3>How likely is this to happen?</h3>
<p><br></p>
<p>There is a user @bitrex with whom <strong>people have already apparently made the mistake</strong> and with whom <strong>they apparently continue to make this mistake:</strong></p>
<p>https://s32.postimg.org/7ov5beszp/exploit.png</p>
<p><br></p>
<p>Thanks @venuspcs for bringing it to my attention that it is probably already happening with @poloniex fake accounts.</p>
<p>@polonix @ploniex</p>
<h3>As more people use Steemit the probability of such a mistake occurring will tend to 1.</h3>
<p><br></p>
<h3>How to avoid this</h3>
<p><br></p>
<p>- <strong>Auto fill forms, or perhaps a two layered input prompting users to select whether to send to "user" or "exchange", then drop down menu for exchanges. Many possible similar approaches.</strong></p>
<p><strong>- Users can systematically copy and paste bittrex (and other exchange's names) instead of typing them from memory.</strong></p>
<p><br></p>
<p><strong>#steemit #hack #money #security</strong></p>
<p><br></p>
</html>