My SBD and Steem are stolen 我的Steemit帳號的錢被偷光光了
source: pixabay
I found my SBD and Steem value became 0 last night. I checked my wallet history and found the transferring record. All my money was transferred to @jiganomics. And he transferred the money he stole to blocktrades immediately.
Check out his wallet history, there are lots of victims lose their money, too.
昨天晚上突然發現自己帳號裡的SBD及Steem全部變成0,驚嚇之餘趕緊檢查錢包的紀錄,發現錢在2個小時前被轉給帳號 @jiganomics 這個小偷。
查看了一下對方的錢包,發現對方偷了我的錢之後,立刻轉成steem,然後全部從blocktrades 轉走了。
再仔細看了一下紀錄,發現受害者不只我一人,還有人留言警告請大家小心這個小偷。
The first important thing is to change my password immediately. Otherwise, the thief may log in my account and steal my money again.
But actually It's not safe yet. Thanks to @nationalpark notice that the thief modifies the authority of my active key on Steemd. That means he can transfer my money anytime he wants. Even I change my password, he can still have the authority.
It's not very easy to change the authority back. I am lucky that my friend @skenan help me to fix it. It takes us hours to solve the problem.
發現後第一件事情就是趕緊更改我的master key,生怕小偷再度登入我的帳號,用我的帳號去做壞事,或是繼續偷我日後的文章收益。
提醒大家,更改master key時,需要用到舊的master key,使用posting key或是active key是無法修改成功的喔!修改後一定要立刻備份及收好新的密碼,包括登入後更新的posting key 和 active key等
改完密碼,以為已經安全了,為了預防萬一,上了微信的群組詢問。
感謝 @nationalpark查看我的steemd,發現我的active 授權被修改了,所以即使我已經更改了密碼,小偷還是有權利隨時使用我的轉帳權限。
這下事情可嚴重了,這表示我接下來只要有任何進帳,小偷隨時可以將我的錢轉走。
當務之急就是把後續進帳的收益立刻轉出去,以免又落入小偷口袋,因為他還持有我的授權,可以隨時再度進行偷竊。
第二件事情就是把授權修改回來!
因為大家都沒有碰到類似的情形,修改的過程一波三折,花了超過1小時才解決問題。之後再另外發文跟大家分享解決問題的過程,供大家參考。
感謝 @skenan的協助,最後終於把授權更改回來了。也謝謝各位CN區微信群組上的朋友,幫忙出了不少意見。
I am very confused how does this happen. I use the posting key to log in my account, not master key.
Do I go to any phishing site? I really don't notice that I click any weird address.
A strange situation did happen today. I correct some mistakes of my article on Steemit which I just post from busy.org not long ago.
When I click update post, a message window pop up. It's kind of warning that I have to use my posting key or master key. I thought it's just a message that steemit wants to remind us recently. So I click OK to post my article. I guess that's how the thief gets my authority.
I am lucky that I find my authority of active is changed. Maybe there are still some victims don't know they are still under the high risk.
問題解決了,另外一個重要的問題就是了解問題如何發生的。
source: pixabay
先說明一下我的狀況,我登入帳號都是使用posting key,沒有使用master key,近期只有在這次我發現帳號被盜之後update新帳號時才使用了master key。
微信群組裡的大家都十分熱心,猜測我應該是點了什麼釣魚網站。
我仔細回想,我都是利用Gina Bot來追蹤我熟悉的朋友,點選朋友們的帖子連結。不太有印象有點選什麼奇怪的網址。
但是今天我發了一篇新文章,是從busy.org發文的。發文之後我通常習慣再檢查是否內容有誤需要修改,所以就在Steemit修改了這篇帖子。當我按了update post,跳出了一個訊息框,訊息內容大約是說我要post文章需要用到我的posting key或owner key之類的,我沒有很仔細的看。(真的該打屁股) 因為前陣子Steemit不穩定,發文時也都會有錯誤訊息,所以我以為又是Steemit出現了新的bug,沒有想太多就按了OK。我猜測應該就是這個動作中了歹徒的圈套了!
之後沒有感覺到有任何的異樣,直到後來才突然發現錢全部被盜領光!
至於小偷究竟是如何在我發文時植入這樣的偽訊息來騙取授權,就不是我能夠理解的了。
我算是運氣好的,有及時發現active授權被竄改,又有熱心的朋友協助我把授權改回來。有些受害者說不定以為把自己的密碼更換後就沒事了,結果又繼續被盜。
When you post your article, if a message window pop up, please read the message very carefully. Don't click OK if you are not sure whether it is safe or not.
The criminals are more and more clever that it's so hard to protect ourselves. I hope that the Steemit management team can help the victims to get the money back and keep our accounts safe. If they can provide a safe environment for users, the new users will have higher willingness to join steemit.
提醒大家,如果你們在發文時,跳出了沒見過的訊息,請不要像我一樣危機意識這麼低。請務必看清楚訊息內容,不要隨意按OK。就算是內容看起來沒有問題,最近還是請提高警覺,以免跟我一樣成了受害者。
小偷的伎倆一變再變,技術越來越高明,
希望Steemit官方能夠有協助受害者的機制,幫忙追討被騙走的金錢和帳號授權等。否則用戶無法安心的使用Steemit這個平台,也影響了新用戶加入的意願。
像現在這樣,明明知道小偷是 @jiganomics,卻拿他一點辦法也沒有,實在很荒謬。
Thanks for reading.
If you would like to learn more about me, please read my self-intro.
Welcome to upvote, resteem, and follow me. If you like the content I share with you, don't hesitate to leave your comment. See you next time~
如果你想要更了解我,請看我的自我介紹
歡迎留言跟我聊天,喜歡我分享的內容的話,別忘了留言告訴我喔!我們下次見!
Hello, I am Thai. I heard from Thaiteam this story. sorry about this. We must be carefully. Actually,when you edit your article no pop up right? you're lucky.
Thanks for notice.
It's very useful for us.
Thank you for your warm encouragement. alexwonderful
別難過!看開點,就當破財消災吧~
我注意到小偷把提款路径改到了他自己的帐户:
如果你现在Power Down,我不知道STEEM会进谁的帐户。谁知道怎么查询当前的提款路径?我在我的帖子里也更新了这个信息
你这眼力确实很厉害! 通过Vessel这个软件在vesting页面里可以删除这个路径。
你应该写个教程,介绍如何取消active post授权。
嗯嗯,等我周末一块写一下
写总结的时候忘了@skenan男神,马上加上去,好崇拜你!
写完了,你有空可以去试试
如果不删除那个路径的话,她power down,钱会进骗子的账户。
学习了
多謝你的細心哪!我看到這個資料也看不懂,還是得要你們這些高手幫忙。
太可恶了!以后一定要小心
嗚~ 我都不知道到底是怎麼中招的。我也有在我的留言區看過釣魚網址,還挺小心沒有上當的。這次不知道到底是怎麼出問題的?我也不知道那個跳出來的訊息視窗是不是就是被騙的關鍵,我當時如果選擇cancel,就無法發文,所以才會想說是Steemit本身的訊息。
😱😱😱Oh no! To the spam thieves 🤬🤬🤬!!!
真是不可理解。小偷是怎么得手的呢?还好,改正过来了。新人报到,多多关照。
Damn! This puts us all on high alert. How come some one get authority of our keys, even after having such high security? It could be via through busy.org?
We apply the account on busy through steemconnect which should be safe. Busy can't keep our keys.
But I do feel confused how come busy ask for our master key instead of posting key?
resteemed
好可怕 ! 我記得數個月前我也被騙光了我neotracker的幣 :( 超傷心的!
到處也是可怕的偷和假網站 大家一定要小心喔!
振作振作!
小偷太可惡
太可怕了.... 我也要小心一點...