A few days ago, I observed an immense wave of spam accounts flooding the Hive ecosystem, blatantly copying older content from genuine users and reposting it as if it were fresh, original material. This wasn't an isolated incident in a single community; rather, it spanned across numerous communities within Hive, where stolen content was repackaged and posted in a coordinated attempt to rake in rewards as if it were new, valuable contributions. This surge of fraudulent activity didn’t go unnoticed, and @hivewatchers quickly uncovered a pattern: approximately 17,400 accounts involved in this scheme, predominantly linked to the Splinterlands ecosystem, either actively or historically.
From my perspective, this orchestrated content theft could very well reflect a deeper issue within Splinterlands itself. It seems plausible that declining earnings from the game may have led the individual behind this spam attack to exploit the Hive Blockchain, using these spam accounts to harvest rewards illegitimately. By recycling the work of others without authorization, they likely sought an alternative revenue stream to make up for the unsatisfactory income from Splinterlands. This situation not only underscores the challenges Hive faces in terms of content integrity and security but also highlights the lengths to which individuals will go to find financial gain in this ecosystem, often at the expense of the original creators.
After reviewing the list of the 17,400 accounts, I embarked on my research and quickly started uncovering patterns. Using Hivehub.dev, I scrutinized several transactions involving accounts from the list—granted, it was a random sampling approach, but the same operational pattern appeared consistently.
Below, I’ve included links to some of the transactions I analyzed, which have been essential in building and reinforcing my evidence that the user "aprisen" is, in one way or another, the orchestrator of this spam attack:
In this transaction, user kent0646
transferred SPS to the account anthonyyy
:
https://hivehub.dev/tx/73e4198437538cbd47a38e3fb8bfb3a8b21c4fca
The following screenshot demonstrates that the kentXXXX
accounts are part of the spam list:
To establish a connection with the user aprisen
, I delved into the Splinterlands Discord server and uncovered several compelling links. In the screenshot below, we see aprisen
... whom I believe to be from the Philippines—successfully linking their Discord account to the blockchain account anthonyyy
:
https://hivehub.dev/tx/e4d08a12c4a188e886786968d8f13344f6267af7
https://hivehub.dev/tx/faa845bdf682f0af68547ae5198ffacdd866182e
He also shared a screenshot showing that he was logged in with the user account anthonyyy
on Peakmonsters.com. This detail is crucial, as it visually confirms his active use of the account in question, further strengthening the link between aprisen
and the suspicious activity associated with anthonyyy
.
These screenshots collectively point toward aprisen
not only having access to anthonyyy
but actively using it within Splinterlands-related platforms. This connection adds to the mounting evidence suggesting that aprisen
is deeply involved in orchestrating or at least facilitating this spam attack on Hive.
Original Screenshot from Discord:
Here are additional screenshots I discovered and saved during my research on this spam attack. A big thanks also goes out to @markus.journey for assisting with the investigation. Given that I consider security to be paramount—and taking down malicious actors is more than just a hobby for me, as many of you on Hive already know from my other work—I wanted to share these findings with you.
Feel free to use the information in these screenshots as you see fit—they are all original screenshots from the Splinterlands Discord server. I hope this information contributes meaningfully to the broader effort to maintain integrity and protect our community from exploitative behavior.
To wrap up this article, I wanted to share some final thoughts. Several people encouraged me to publish my research, and given the clear connections I've uncovered, I can’t help but share my conclusions. While, of course, I’m only making educated guesses here, the patterns are undeniably suspicious.
My Take: I believe there’s someone out there who sees little to no future success with Splinterlands and is now looking for other avenues to generate revenue. From what I've observed, this person has enough technical know-how to put their skills to better use, rather than flipping a middle finger at the Hive community. This behavior is not only disrespectful but tramples on the pride, respect, and hard work of genuine Hive users, who craft original content. This was an intentional, calculated move, and it deserves consequences.
Splinterlands, with its acceptance of botting and even its own employees reportedly running bot farms, bears a certain level of responsibility for this spam attack. Had there been stricter measures against botting and automated gameplay from the outset, I doubt we’d be facing such a wave of content theft and exploitation. This attack is yet another reminder of the massive mess that bot farms have created within the ecosystem.
And those are my two cents on this spam wave. Do with this information as you will. But just a note: many of these accounts are still actively playing in Modern / Wild. For that, we’ve hired someone who, one would hope, is aware of it.
Peace out.
PS: If you’d like access to the full list of user accounts involved in this spam activity, feel free to reach out to @hivewatchers. This list has already been integrated into blacklists and is available for review.
CC-Tag List: @logic @markus.journey @oflyhigh @eddiespino @acidyo @themarkymark @gtg @danielvehe
Post-Payout at 100% Hive-Powerup.
Vote for my Hive Witness
U can vote for my Witness using Hive Keychain here: https://vote.hive.uno/@louis.witness
Vote for my Hive Engine Witness
Vote for my Witness on Hive-Engine using Primersion Tool: https://primersion.com/he-witnesses Enter your Username and search for louis.witness