The hacker posted a nice comment on one of his post saying:
(This is a demo)
Someone stole your post, your need to report him :
https://steemit.com/@potential-plagiarist/stolen-post
Here is the trick:
If you click on the link, you will be redirected outside of steemit.com, on a site that looks like a copy of the real site and you will be asked to login like you would on steemit.
The hacker used the fact that you can format a link in markdown like so:
[ LINK YOU SEE ] ( REAL LINK )
The link in the demo is formatted like so:
[ https://steemit.com/@potential-plagiarist/stolen-post ] ( http://www.bitsharesfcx.com/ )
One way to prevent such hack in the future would be to warn users when they follow a link that redirects them outside of steemit.com
