KEEP YOUR ACCOUNT SECURE! MUST READ FOR NEW USERS! @fredrikaa was hacked, but now has his account back!

in #steemit7 years ago (edited)

Many New Users Are Falling Into A Trap


Leaving their accounts and funds vulnerable to theft from scammers

identity-theft.jpg

Here is the mistake:


When users want to send funds from bittrex to their steemit account, they are met with this window:

25a1d230de6fcf7eb639fd592cf54da1.png


Unknowingly, people will read this, and in the field that says "MEMO", they are entering their steemit account passwords or keys.

NEVER share your passwords or keys with ANYONE.

NEVER send your passwords or keys to ANY SITE.

DO NOT TRUST ANY WEBSITES OR PEOPLE WHO ARE ASKING FOR THESE THINGS.

54bbc8eb696a39c510aba117558518bc.png

Anything in the permissions and password tabs of your wallet should be kept PRIVATE.


So how would you fill out the bittrex window?

Here's How:

42caa6e9c3ca551a798efdb02ecc5cc4.png


If you post your keys or password into that memo field, it is open and visible for ANYONE to see. Once it is on the blockchain, it cannot be hidden or removed.

Should you accidentally post your keys or password anywhere, you should IMMEDIATELY change your password.

This is what it would look like:
4298d921124673cdf70ec3dbceaee1a6.png


By having access to your keys and or password, your account is susceptible to theft.

Unfortunately, a friend of ours by the name of @fredrikaa was not aware of this and has gotten his account and funds stolen.

He sent funds from bittrex to steemit, and inserted the wrong thing into the memo.... within MINUTES someone had taken complete control of his account, stole his liquid steem (worth about $1000) and has proceeded to power down the remaining steempower he has (worth about $2000).

Just look at how quickly things can go south...
fred.png

fred.png


f0669108ffc1debfcc87d811cb01c87f.png

9723bf1023042b6639d399b4961af028.png


This is truly a tragic misfortune, I would be furious should this have happened to me.

For this reason, we as a community are OBLIGATED to spread awareness and prioritize security, otherwise we are no better than the scammers we allow to ROB OUR FRIENDS.

Any and all proceeds gained from this post will be sent to @fredrikaa once he is re-acclimated.

@Fredrikaa has regained control of his account, but the steem that was stolen is gone for good.

Please, Please, Please be aware of what you are doing, and what you are posting.
DO NOT SHARE YOUR PRIVATE INFORMATION WITH ANYONE OR ANYTHING.

IF A WEBSITE IS ASKING FOR PRIVATE INFORMATION, DOUBLE CHECK WITH SOMEONE ELSE, AND IF YOU ARE SKEPTICAL, DO NOT DO BUSINESS WITH THEM.

Be sure to read this article pertaining to security with your account:
https://steemit.com/security/@noisy/public-and-private-keys-how-to-generate-all-steem-user-s-keys-from-master-password-without-a-steemit-website-being-offline



THANKS FOR READING
Stay Awesome
-Zey

Sort:  

This is 100% upvote material. I haven't read anything this important here before. When you send from Poloniex for instance, it says put memo here. I did that. Hell, I think I even wrote a blog post about how you should do that. Gotta find it and try to write a warning or something, if I cant edit it.

What exactly should you put in the memo-field when you transfer steem from poloniex??

Just had to change my password myself. Can't believe I let my account be exposed like that.

No, you don't need to fill out the memo for poloniex either.
Both bittrex and poloniex have optional memo fields, so as long as you put the right account in, you will get your money. No memo needed.

Thanks. This is gold :)

Wtf!? @fredrikaa @illestbambi did I just fucked up? I just sent some Steem from bittrex myself before doing so I watched videos for two days and every fkn video I watched said to use your memo key ! So that’s what I used ! Even videos that were ppl who were fairly big on Steem and YouTube BUT when I go to my wallet all it shows is the name bittrex it doesn’t show my key like the picture above! Help lol am I good? Or do I need to change my password !? Geez WTF do they even have this memo box if it’s not needed

No worries if you posted your memo key. Make sure you never post your owners key or master password. I would however change my master password. Never enter any keys on the blockchain.

But it seems now maybe they changed the code? Bc you can’t go to the bittrex Steem account to their wallet and see the keys any more like In the picture above

Dear all,

I just got my Account Recovery successfully finished. Needless to say, I am very grateful for that and happy that nothing got Powered Down. Losing ~500 STEEM right out the window to a thief, although thanks to my own mistake, was of course gut-wrenching. The last ~12 hours has also been really awful riddled with fear of how bad it could end if the recovery was not successful quickly enough.

I would like to thank all of you who already upvoted the post and are showing your support here and on Discord. Also, huge thanks to you @illestbambi for the kindness of making this post. It is people like you who are making this platform and community so unique. Hopefully, we can all contribute to reduce the amount of new users who need to experience this unecessary loss and discomfort.

Anyways, again thank you all for being awesome.
It's good to be back.

Fredrik / @Fredrikaa

@Fredrikaa Will send you a little bit of SBD. If everyone else can agree to do so, we can collectively get you back on track.

That is very kind of you @overkillcoin and very much appreciated. It's the steem community that makes it such an amazing project. And you're definitely part of that!

Would be amazing if that would happen, but would take around 349 more people I guess. At least people are showing kindness and compassion in upvoting.

Thank you for the kind words, that really means a lot.
You will pick back up in no time!
Good to have you back man.

Hi @Fredrikaa,

I hope this doesn't make you stop posting, it is quite a shocking situation but we love your posts! You have all our support!

I up voted you to help you recover a very small amount. See I am new here, and just do not have much steem power, if that is the right term. All I know is if I upvote the first 10 upvotes get some crypto or something.

Thanks so much for posting about this and explaining the process of what not to do! I can't believe this happened :(

I truly appreciate this post. People like myself can be confused with all the keys, memo's, websites and extra passwords, when first entering this new world of cryptocurrency.

I think a detailed explanation of every aspect of the wallet, in full sentences leaving out all acronyms would be a great help.

Absolutely, it is a lot to wrap your head around when you are new, especially since there could be a lot of money involved.
There are many posts that go into detail about such things, a guy named @noisy has done a great service for us all and has gone in great depth in many of his posts to help explain such things.
Check out a few of his posts:


  • https://steemit.com/steemit/@noisy/we-just-hacked-11-accounts-on-steemit-1158-sbd-and-8250-steem-is-under-our-control-but-we-are-good-guys-so
  • https://steemit.com/security/@noisy/what-is-the-difference-between-a-password-and-a-private-key-s-on-steemit-how-to-make-your-account-more-secure-by-using-them
  • https://steemit.com/security/@noisy/public-and-private-keys-how-they-are-used-by-steem-making-all-of-these-possible-you-can-find-answer-here

  • Thank you for that, I will read and keep these.

    Yep got to stay secure!!!!

    Can you also detail the "permissions?"

    If you go to the @bittrex or @poloniex Steemit account, check their wallet transaction history, you will see many many many people posting private memo keys directly on the blockchain, it is a very good thing that you have posted this here. It's a very good warning.

    I truly hope people will read this, before they mess up...

    exactly why this post is important!
    This is a very easy mistake to make.... but a very expensive mistake.

    They must have updated the code or something bc it doesn’t show it any more

    Upvoted and resteemed! I'm so sorry for my friend!

    My question is, can't we see where the money is being cashed? I understand getting the money back will be a hassle but the account where the stolen steem money is going to will reveal the thief's account and likely, his/her identity.

    No, the thief sent the money to blocktrades, and it is extremely hard to track the funds to a final location unless the thief was dumb enough to send it straight to his own account.

    If he didn't send it straight to his account, then he sent it to a friend's and he hopes his friend will give him the money later? Who ever receives the money, even if they never stole the money, should return it.

    they can just send it to an exchange where it is basically impossible to track

    Great information here. It's easy to make a mistake. Make sure you always double check stuff people!

    Thank you, indeed, always double/triple check!

    Coin Marketplace

    STEEM 0.20
    TRX 0.25
    JST 0.038
    BTC 96483.87
    ETH 3356.14
    USDT 1.00
    SBD 3.20