After getting some sleep and thinking on the issue a bit more, it's pretty easy to see what happened here. There was no hack.
Here's what happened:
The Koreans used @anonsteem to create an account.
Why they would do this is anyone's guess. Perhaps they need to brush up on their English. @anonsteem is run by @someguy123
I got into multiple arguments yesterday as to why @someguy123 would never store private keys of the accounts he creates on his node, yet his own service admits transparently that this is exactly what he does.
click Destroy Password below to remove the old password from our servers.
It is truly more fascinating to me that people here at Hive would be so blind to the obvious fact that a website used to create a Graphene account can store that account's password on their servers. This is why everyone should be worried that Steemit Inc themselves was doing the same thing secretly. It might not even be known to Justin Sun or even Ned.
The only way to keep your account 100% secure is to generate the public/private key pairs for your account on an offline device that never has access to the Internet ever again. This is exactly why I am trying to do this with my Raspberry Pi Zero.
https://peakd.com/hextech/@edicted/the-day-of-milestones
Now a lot of people are telling me to keep my mouth shut and to stop blowing up @someguy123's spot. They also make the claim that the Koreans were very flagrant with the private keys for account @community321 and it was probably an inside job betrayer.
No.
Steem witnesses literally tried to steal from Hive witnesses and they gave a Hive witness the private keys. It's not hard to do the math here. The password to @community321's account was changed 10 minutes before the hardfork. That's quite a gambit for an inside job. You know who it wouldn't be risky for? An outside "Robbin Hood" "attacker" that no one was expecting in the first place; Someone who actually knows how hard forks work and was paying attention quite carefully.
@anonsteem and @someguy123 have said nothing in response to this going down, despite receiving multiple threats and accusations.
Why is he saying nothing?
Well, like I said, people are refusing to believe that it even went down this way. It doesn't look good for a witness when they admit, "Oh yeah, @anonsteem, I can pretty much steal or recover anyone's account for at least the first month." That is exactly what is happening. It details it directly on his own web page, but somehow no one believes it.
In fact, a few people have said to me this can't be the case because they contacted @someguy123 and tried to recover their old account, but they were told the only way to do it was by having an old master key no older than 30 days (traditional recovery). If what I'm saying is true then @someguy123 actually does have the power to recover or access those accounts, he simply chooses not too because it is too much work (and liability) and @anonsteem isn't exactly a very profitable venture. That's certainly what I would do I'm sure.
Why would you say anything?
You wouldn't. Whatever you say can and will be used against you in the court of law. It would be fucking stupid to say anything. No one can prove shit. Admitting to a potential crime that undermines your own service is a foolhardy endeavor indeed.
Nothing illegal even happened!
Hey, I'm on @someguy123's side, and I think I'll vote him for witness now just as a symbol of my support (only voting 4 witnesses right now due to vote centralization). What he did was the opposite of an illegal act, but you never know what the bullshit courts of America are going to decide. Also, lawyers are expensive; #fuckthatnoise.
If you tell a cop that you don't like icecream, they are going to find evidence that you do like icecream and now they've established you're a liar so therefore you also did this other illegal act.
NEVER SAY ANYTHING!!!! EVER!!!!1111
You aren't going to trick a professional expert of someone whose job it is to get you in trouble. Don't be an idiot. A stalemate is the smartest play when it comes to interrogation; never go for the win. Tie goes to the defendant. Innocent until proven guilty. Any half-competent lawyer will tell you the same.
Personally, if I was being interrogated by police, I'd go on some long diatribe about why cops are the bad guys and how the prison industrial complex is a completely broken system with shit recidivism rates in a for-profit industry that makes the world a worse place; not a better one. Would this be the smartest move? Probably not; the smartest move is to STFU. However, it would better establish my motive for not giving police any useful information of any kind no matter what the topic was.
Circumstantial "evidence"
It is also very clear to me from yesterday that @r0nd0n taking credit for the act was a fun little deflection. The way he spoke and the fact that account @community321 referenced him in real time signals to me that there is a secret Discord of people who are chuckling about all this, and @r0nd0n is in that Discord. He didn't do it, but he 100% knows who did. Even his own language is like "all will be revealed soon!" "Time will tell!" No need for that...
It's very obvious what happened here.
The most obvious answer is the answer. I called it the second I read it in @communitiy321's transaction log that the account was created using @anonsteem.
No such statement has been made; probably for the best.
Conclusion
We should all work to protect @someguy123 from any potential bullshit litigation. Casting reasonable doubt is a great start. Steem witnesses had no idea what they were doing and the account was compromised from multiple angles. No one can prove anything. Let's just leave it where it lies.
However, on that note, when @bittrex inevitably sends back the money to @community123 what we do from there is another matter entirely. Luckily I'm not involved in any of that decision making, and I don't envy the entities that are.
P. S.
@someguy123, what's the status on the Steem witnesses being able to recover account @community321? You are the recovery account... surely you are diligently identifying the rightful owners and helping them... LOL.
Babytown Frolics.
Wow look at that encrypted messages are being sent to the exchanges. Let's keep playing this dangerous game. #exciting
Return from Occam's Razor: Koreans Gave @community321 Keys To Hive Witness to edicted's Web3 Blog