source: pixabay
I found my SBD and Steem value became 0 last night. I checked my wallet history and found the transferring record. All my money was transferred to @jiganomics. And he transferred the money he stole to blocktrades immediately.
Check out his wallet history, there are lots of victims lose their money, too.
昨天晚上突然發現自己帳號裡的SBD及Steem全部變成0,驚嚇之餘趕緊檢查錢包的紀錄,發現錢在2個小時前被轉給帳號 @jiganomics 這個小偷。
查看了一下對方的錢包,發現對方偷了我的錢之後,立刻轉成steem,然後全部從blocktrades 轉走了。
再仔細看了一下紀錄,發現受害者不只我一人,還有人留言警告請大家小心這個小偷。
The first important thing is to change my password immediately. Otherwise, the thief may log in my account and steal my money again.
But actually It's not safe yet. Thanks to @nationalpark notice that the thief modifies the authority of my active key on Steemd. That means he can transfer my money anytime he wants. Even I change my password, he can still have the authority.
It's not very easy to change the authority back. I am lucky that my friend @skenan help me to fix it. It takes us hours to solve the problem.
發現後第一件事情就是趕緊更改我的master key,生怕小偷再度登入我的帳號,用我的帳號去做壞事,或是繼續偷我日後的文章收益。
提醒大家,更改master key時,需要用到舊的master key,使用posting key或是active key是無法修改成功的喔!修改後一定要立刻備份及收好新的密碼,包括登入後更新的posting key 和 active key等
改完密碼,以為已經安全了,為了預防萬一,上了微信的群組詢問。
感謝 @nationalpark查看我的steemd,發現我的active 授權被修改了,所以即使我已經更改了密碼,小偷還是有權利隨時使用我的轉帳權限。
這下事情可嚴重了,這表示我接下來只要有任何進帳,小偷隨時可以將我的錢轉走。
當務之急就是把後續進帳的收益立刻轉出去,以免又落入小偷口袋,因為他還持有我的授權,可以隨時再度進行偷竊。
第二件事情就是把授權修改回來!
因為大家都沒有碰到類似的情形,修改的過程一波三折,花了超過1小時才解決問題。之後再另外發文跟大家分享解決問題的過程,供大家參考。
感謝 @skenan的協助,最後終於把授權更改回來了。也謝謝各位CN區微信群組上的朋友,幫忙出了不少意見。
I am very confused how does this happen. I use the posting key to log in my account, not master key.
Do I go to any phishing site? I really don't notice that I click any weird address.
A strange situation did happen today. I correct some mistakes of my article on Steemit which I just post from busy.org not long ago.
When I click update post, a message window pop up. It's kind of warning that I have to use my posting key or master key. I thought it's just a message that steemit wants to remind us recently. So I click OK to post my article. I guess that's how the thief gets my authority.
I am lucky that I find my authority of active is changed. Maybe there are still some victims don't know they are still under the high risk.
問題解決了,另外一個重要的問題就是了解問題如何發生的。
source: pixabay
先說明一下我的狀況,我登入帳號都是使用posting key,沒有使用master key,近期只有在這次我發現帳號被盜之後update新帳號時才使用了master key。
微信群組裡的大家都十分熱心,猜測我應該是點了什麼釣魚網站。
我仔細回想,我都是利用Gina Bot來追蹤我熟悉的朋友,點選朋友們的帖子連結。不太有印象有點選什麼奇怪的網址。
但是今天我發了一篇新文章,是從busy.org發文的。發文之後我通常習慣再檢查是否內容有誤需要修改,所以就在Steemit修改了這篇帖子。當我按了update post,跳出了一個訊息框,訊息內容大約是說我要post文章需要用到我的posting key或owner key之類的,我沒有很仔細的看。(真的該打屁股) 因為前陣子Steemit不穩定,發文時也都會有錯誤訊息,所以我以為又是Steemit出現了新的bug,沒有想太多就按了OK。我猜測應該就是這個動作中了歹徒的圈套了!
之後沒有感覺到有任何的異樣,直到後來才突然發現錢全部被盜領光!
至於小偷究竟是如何在我發文時植入這樣的偽訊息來騙取授權,就不是我能夠理解的了。
我算是運氣好的,有及時發現active授權被竄改,又有熱心的朋友協助我把授權改回來。有些受害者說不定以為把自己的密碼更換後就沒事了,結果又繼續被盜。
When you post your article, if a message window pop up, please read the message very carefully. Don't click OK if you are not sure whether it is safe or not.
The criminals are more and more clever that it's so hard to protect ourselves. I hope that the Steemit management team can help the victims to get the money back and keep our accounts safe. If they can provide a safe environment for users, the new users will have higher willingness to join steemit.
提醒大家,如果你們在發文時,跳出了沒見過的訊息,請不要像我一樣危機意識這麼低。請務必看清楚訊息內容,不要隨意按OK。就算是內容看起來沒有問題,最近還是請提高警覺,以免跟我一樣成了受害者。
小偷的伎倆一變再變,技術越來越高明,
希望Steemit官方能夠有協助受害者的機制,幫忙追討被騙走的金錢和帳號授權等。否則用戶無法安心的使用Steemit這個平台,也影響了新用戶加入的意願。
像現在這樣,明明知道小偷是 @jiganomics,卻拿他一點辦法也沒有,實在很荒謬。
Thanks for reading.
If you would like to learn more about me, please read my self-intro.
Welcome to upvote, resteem, and follow me. If you like the content I share with you, don't hesitate to leave your comment. See you next time~
如果你想要更了解我,請看我的自我介紹
歡迎留言跟我聊天,喜歡我分享的內容的話,別忘了留言告訴我喔!我們下次見!