My SBD and Steem are stolen 我的Steemit帳號的錢被偷光光了

in #steemit7 years ago (edited)

thieves-2012532_1920.jpg
source: pixabay

I found my SBD and Steem value became 0 last night. I checked my wallet history and found the transferring record. All my money was transferred to @jiganomics. And he transferred the money he stole to blocktrades immediately.

Check out his wallet history, there are lots of victims lose their money, too.

昨天晚上突然發現自己帳號裡的SBD及Steem全部變成0,驚嚇之餘趕緊檢查錢包的紀錄,發現錢在2個小時前被轉給帳號 @jiganomics 這個小偷。

螢幕快照 2017-12-29 04.05.44.png

查看了一下對方的錢包,發現對方偷了我的錢之後,立刻轉成steem,然後全部從blocktrades 轉走了。

螢幕快照 2017-12-29 07.15.50.png

再仔細看了一下紀錄,發現受害者不只我一人,還有人留言警告請大家小心這個小偷。

螢幕快照 2017-12-29 07.20.10.png

The first important thing is to change my password immediately. Otherwise, the thief may log in my account and steal my money again.

But actually It's not safe yet. Thanks to @nationalpark notice that the thief modifies the authority of my active key on Steemd. That means he can transfer my money anytime he wants. Even I change my password, he can still have the authority.

It's not very easy to change the authority back. I am lucky that my friend @skenan help me to fix it. It takes us hours to solve the problem.

發現後第一件事情就是趕緊更改我的master key生怕小偷再度登入我的帳號,用我的帳號去做壞事,或是繼續偷我日後的文章收益。

提醒大家,更改master key時,需要用到舊的master key,使用posting key或是active key是無法修改成功的喔!修改後一定要立刻備份及收好新的密碼,包括登入後更新的posting key 和 active key等

改完密碼,以為已經安全了,為了預防萬一,上了微信的群組詢問。

感謝 @nationalpark查看我的steemd,發現我的active 授權被修改了所以即使我已經更改了密碼,小偷還是有權利隨時使用我的轉帳權限。

螢幕快照 2017-12-29 05.31.02.png

這下事情可嚴重了,這表示我接下來只要有任何進帳,小偷隨時可以將我的錢轉走。

當務之急就是把後續進帳的收益立刻轉出去,以免又落入小偷口袋,因為他還持有我的授權,可以隨時再度進行偷竊。

第二件事情就是把授權修改回來

因為大家都沒有碰到類似的情形,修改的過程一波三折,花了超過1小時才解決問題。之後再另外發文跟大家分享解決問題的過程,供大家參考。

感謝 @skenan的協助,最後終於把授權更改回來了。也謝謝各位CN區微信群組上的朋友,幫忙出了不少意見。

螢幕快照 2017-12-29 09.05.01.png

I am very confused how does this happen. I use the posting key to log in my account, not master key.

Do I go to any phishing site? I really don't notice that I click any weird address.

A strange situation did happen today. I correct some mistakes of my article on Steemit which I just post from busy.org not long ago.

When I click update post, a message window pop up. It's kind of warning that I have to use my posting key or master key. I thought it's just a message that steemit wants to remind us recently. So I click OK to post my article. I guess that's how the thief gets my authority.

I am lucky that I find my authority of active is changed. Maybe there are still some victims don't know they are still under the high risk.

問題解決了,另外一個重要的問題就是了解問題如何發生的

question.jpg
source: pixabay

先說明一下我的狀況,我登入帳號都是使用posting key,沒有使用master key,近期只有在這次我發現帳號被盜之後update新帳號時才使用了master key。

微信群組裡的大家都十分熱心,猜測我應該是點了什麼釣魚網站。

我仔細回想,我都是利用Gina Bot來追蹤我熟悉的朋友,點選朋友們的帖子連結。不太有印象有點選什麼奇怪的網址。

但是今天我發了一篇新文章,是從busy.org發文的。發文之後我通常習慣再檢查是否內容有誤需要修改,所以就在Steemit修改了這篇帖子。當我按了update post,跳出了一個訊息框,訊息內容大約是說我要post文章需要用到我的posting key或owner key之類的,我沒有很仔細的看。(真的該打屁股) 因為前陣子Steemit不穩定,發文時也都會有錯誤訊息,所以我以為又是Steemit出現了新的bug,沒有想太多就按了OK。我猜測應該就是這個動作中了歹徒的圈套了!

之後沒有感覺到有任何的異樣,直到後來才突然發現錢全部被盜領光!

至於小偷究竟是如何在我發文時植入這樣的偽訊息來騙取授權,就不是我能夠理解的了。

我算是運氣好的,有及時發現active授權被竄改,又有熱心的朋友協助我把授權改回來。有些受害者說不定以為把自己的密碼更換後就沒事了,結果又繼續被盜。

When you post your article, if a message window pop up, please read the message very carefully. Don't click OK if you are not sure whether it is safe or not.

The criminals are more and more clever that it's so hard to protect ourselves. I hope that the Steemit management team can help the victims to get the money back and keep our accounts safe. If they can provide a safe environment for users, the new users will have higher willingness to join steemit.

提醒大家,如果你們在發文時,跳出了沒見過的訊息,請不要像我一樣危機意識這麼低。請務必看清楚訊息內容,不要隨意按OK。就算是內容看起來沒有問題,最近還是請提高警覺,以免跟我一樣成了受害者。

小偷的伎倆一變再變,技術越來越高明,

希望Steemit官方能夠有協助受害者的機制,幫忙追討被騙走的金錢和帳號授權等。否則用戶無法安心的使用Steemit這個平台,也影響了新用戶加入的意願。

像現在這樣,明明知道小偷是 @jiganomics,卻拿他一點辦法也沒有,實在很荒謬。

Follow-me300.gif

Thanks for reading.

If you would like to learn more about me, please read my self-intro.

intro02.png

Welcome to upvote, resteem, and follow me. If you like the content I share with you, don't hesitate to leave your comment. See you next time~bye06.gif


如果你想要更了解我,請看我的自我介紹

intro.png

歡迎留言跟我聊天,喜歡我分享的內容的話,別忘了留言告訴我喔!我們下次見!bye01.gif

Sort:  
There are 2 pages
Pages

Hello, I am Thai. I heard from Thaiteam this story. sorry about this. We must be carefully. Actually,when you edit your article no pop up right? you're lucky.
Thanks for notice.
It's very useful for us.

Thank you for your warm encouragement. alexwonderful

別難過!看開點,就當破財消災吧~

我注意到小偷把提款路径改到了他自己的帐户:

Screen Shot 2017-12-28 at 3.32.02 PM.png

如果你现在Power Down,我不知道STEEM会进谁的帐户。谁知道怎么查询当前的提款路径?我在我的帖子里也更新了这个信息

你这眼力确实很厉害! 通过Vessel这个软件在vesting页面里可以删除这个路径。

你应该写个教程,介绍如何取消active post授权。

嗯嗯,等我周末一块写一下

写总结的时候忘了@skenan男神,马上加上去,好崇拜你!

写完了,你有空可以去试试

如果不删除那个路径的话,她power down,钱会进骗子的账户。

多謝你的細心哪!我看到這個資料也看不懂,還是得要你們這些高手幫忙。

太可恶了!以后一定要小心

嗚~ 我都不知道到底是怎麼中招的。我也有在我的留言區看過釣魚網址,還挺小心沒有上當的。這次不知道到底是怎麼出問題的?我也不知道那個跳出來的訊息視窗是不是就是被騙的關鍵,我當時如果選擇cancel,就無法發文,所以才會想說是Steemit本身的訊息。

😱😱😱Oh no! To the spam thieves 🤬🤬🤬!!!

cry01.gif

真是不可理解。小偷是怎么得手的呢?还好,改正过来了。新人报到,多多关照。

Damn! This puts us all on high alert. How come some one get authority of our keys, even after having such high security? It could be via through busy.org?

We apply the account on busy through steemconnect which should be safe. Busy can't keep our keys.
But I do feel confused how come busy ask for our master key instead of posting key?

好可怕 ! 我記得數個月前我也被騙光了我neotracker的幣 :( 超傷心的!
到處也是可怕的偷和假網站 大家一定要小心喔!
振作振作!

小偷太可惡

谢谢你的提醒,所以你觉得是busy.org的问题吗

應該不是吧!我用busy也很久了。而且修改的時候是在steemit修改的

谢谢你的提醒啊 我是新人 可以告诉我用busy和用steemit有什么区别吗

busy是另一個Steemit發文的平台,操作上比Steemit容易。很多人使用busy最大的原因是因為用busy發文,每天busy最多會來點讚一次,不無小補。

多谢你的解释 🙏

I would upvote, but i dont know if its safe

很慘啊!以後還真的要小心!還要跟妳學習怎樣改那個甚麼authority…

我盡快發文跟大家分享處理過程,不過詳細教學可能還得請教skenan

现在大家的钱包里都有钱, 肯定吸引了小偷的注意,真的得小心, 点之前看仔细, 真是防不胜防啊!谢谢你的帖子,提醒大家注意安全。

真的要仔細,不過我當時如果沒有按OK就無法發文,所以才會直接按OK

得花些时间研究下这个人的作案手法。

期待高手幫忙

Sorry to hear about what happened. That’s so sad. And thanks for sharing the warning.

Thanks. I hope the post is useful to you.

好可恶的小偷。幸好现在解决了,至少不能再偷了。还好有中文区的大神们照顾着我们。

我不確定是否完全解決呢!這個小偷很聰明,用了不只一個關卡來偷錢,希望這次真的已經徹底斷乾淨跟他的連結。

我的个天啊!!!你这损失好惨重啊!!!就没人来管管吗

哎~ 上次twinkledrop帳號被盜,錢也都追不回來。這對steemit管理團隊可能也是很大的挑戰。

谢谢你分享了这个令人气愤的事情,大家也好提高警惕!

謝謝你啊!希望不要再有人受害了

what can i say... i am at the same time sad for what happened to you and everyone like you that tries to earn their fair share for their quality posts and hard work and frustrated for all those garbage out there that try to take advantage of everyone... Thanks for the warning and i hope that ''adventure'' will make you stronger

Thank you for your warm encouragement, filotasriza3.

太可怕了,可是还是没有人知道他是如何把钓鱼link放入steemit的

你講到了重點,這實在令人百思不得其解,也不知道該如何預防。

Oh! Dear! I am very sorry that your money got stolen! Thank you very much for sharing!
Luckily your friends could spot the weakness.

I do hope you are feeling much better now.
I will resteem your post.
All the best.

Thank you very much. kaminchan. I feel warm that so many people care about my loss. I hope that the post is useful for people to prevent being cheated.

這個也太慘了......
小心啊...

謝謝你啊!

Im glad it’s finaly fixed! 但大家都要小心啊!

Thank you very much

谢谢提醒!

希望能對大家有幫助

这等于是掉了一只iphone X 啊。
我想还是用户自己要谨慎为上,别人真的在这块帮不上什么。点100%给你一点小安慰。

好肉痛!的確要謹慎,不過真的防不勝防。我到現在也不能確定到底是哪個地方出了問題?不是那麼簡單的一句小心釣魚網站可以預防的。

your post is so fantastic, your post is so inspiration for me and all the steemit users, I am proud of you ... I love all your posts, you are fantastic in making a post, may the victory and goodness side with your work. Thank you..
@zainuddinibrahim

丢了好多钱,好可惜,安慰一下。。

看来我也得更换key了~~

小心換key的時候要備份好,不要把新舊密碼搞混了

didn't know about this...it's creepy
thanks for sharing! take care @catwomanteresa!

天阿,竟然又发生这种事,我很能理解你现在的感受,安慰一下。所以以后输密码前真的要再三考虑了。

鬱悶的是,我根本沒有在什麼奇怪的網站輸入密碼啊

太可怕了

對啊!你那麼會賺,一定要小心啊!

我也在用busy,用steemconnect應該OK的,到底在edit post那一瞬間發生甚麼事@@ GINA那個只進了群,但沒登記,貓女要不要先把它也停用一下?

我也百思不得其解。即便是我提到的那個跳出來的訊息,我也只是按了OK,沒有做其他事,到底是怎麼出事的?

可能那個ok已經運行了一大串操控指示了@@ 原因不明有點擔心,得每天去查一下steemd...
順著那個小偷號去看了一下,最後送錢的號應該也是偷回來的,黑客偷了幾個號,有的不只錢連戶口都丟了@@ 去中心化的壞處就是出事了也做不了甚麼...

怎么那么多无耻之徒。专门不劳而获。太可恶了。很遗憾你的损失。不过还好马上发现 。大家都要特别小心了。

謝謝你,我真的已經很幸運了

痛恨。resteem 警告。

Thank you very much

You're welcome

Check your wallet :-)

I have seen it. And I also leave you a memo. Thank you very much.

You're welcome 😎

That's fucking scary :-/ So sorry to hear about that happening to you @catwomanteresa :( I always imagined Steemit was quite safe... Maybe its due to Busy.org?

Thank you for your kindness. I still can't figure out how it happens. If I can find out the problem, I am sure I will share with you guys.

太可怕了.... 我也要小心一點...

ohhhhh @catwomenteresa,

very sorry to hear that, and feeling sad about. its very depressing moments for you, so be confident and hopeful, I think any solution will have to steemit management, they should do something.

Thank you very much. I really hope that no people will suffer this anymore.

感觉防不胜防啊~~~

真的很難防呀!我到現在還是很納悶到底怎麼中招的?

我现在手里拿着别人活动赞助的SBD很是担忧!

一定沒事的

我早晨都已上床了,听我老公说猫猫账号被盗,当时我一下就吓醒了。要是账号被盗,以后还怎么和猫猫聊呢?!起床一看,原来是sbd被盗。而且数目不少。

干着急也帮不上忙,给猫猫一个100%的赞,虽然也很少。我看见刘美女、小水果好多朋友都100%支持。希望猫猫别难过,这么多好朋友支持你,SDB一定还会可以挣回来的!

真的很謝謝大家的支持,只能再努力發文了。
不用擔心無法聊天啦!你忘了還有wechat?

那我也十分十分十分想在这个绿色的界面上看见猫女的文章和动画小表情!

😭😭😭謝謝你的提醒。也謝謝你的分享提醒其他steemian!

不用客氣!希望不要再有受害者

点赞聊表安慰。按理说 steemit 不应该出现这种 bug,我觉得是不是得查查你电脑里安装了别的什么奇怪软件没有。

如果是跟Steemit有關的軟件,只要需要輸入密碼的,只有透過steemconnect我才敢申請。我還得好好想想還有什麼地方可能有漏洞。

现在黑客真多,大家都要小心防备。

是啊!希望不要再有受害者

小偷很可惡,謝謝你的分享,一直以來我的危機意識超級的低~以後大家也會留意的了

Thanks for sharing that sad news. It is an offence to the whole platform!

upvoted for support! very bad

Thank you for your kindness, heyitshaas

哇天!!! 也太可怕!!! 冏

希望大家都能平平安安

Sorry to hear about this!

Thank you for your warm reply.

There are 2 pages
Pages