A Sad Steemit Day: My Account Was Hacked!!!

in #hack7 years ago (edited)

Some devil hack my Steemit account and withdrew my earnings to @bittrex. I hope he goes to hell, literally!

So today I woke up doing my routine which is going to Discord and browsing through the notifications of @ginabot when I stopped in a Coin Transfer notice. Still feeling sleepy, my brain processed this awful information for a minute before reality hit me that my hard-earned SBD and Steem was withdrawn by an unauthorized user. I was mortified and can't believe what just happened.Some crypto devil withdrew all of my earnings!

IMG_20180314_201227.JPG
Ginabot notified me of the unauthorized withdrawal.

IMG_20180314_201331.JPG
Very traumatic!

I don't have a Bittrex account and I have not made any withdrawals for the month. I literally cried my heart out while typing furiously to different Steemit group chats both in Discord and Messenger asking members for help. Sir @iyanpol12 came to my rescue first and helped me analyze the situation asking me if there is a power down schedule (thankfully there was none) and said that I should change my password. I immediately did change my password but still hoping my earnings will be retrieved. Members of my #steemitfamilyph responded too and they checked my account. Sir @kennyroy, sir @wagun001 and sis @ankarlie helped me also in my situation. Sir @kennyroy and sir @wagun001 asked me to email and message @bittrex which I did and hopefully I can recover what I loss.

My Hunch On How A Hacker Got Hold of My Account

Screenshot_20180314_200836.jpg
This is the Dummy DTube App on Google Playstore.

Last Sunday, I got curious about @dtube so I search for an app on Google playstore and found one that was run by. I opened it and I signed up using my master key password on my Steemit account (yes, I know very wrong move!). After registering, I browsed through the DTube app and was confused because I can't do anything with it, not even uploading my own video. I search for the accounts of my co-Steemians who I know uploads videos through DTube also but nothing appears. This gave me cold sweat and I felt afraid because it struck me that this could be a phising app or something and so, I uninstalled it. Bad move that I didn't thought of changing my password after uninstalling which led me to this awful scenario.

What I did? I left a bad review on the app because of what happened to me. Gosh, there was also a bad review before me saying the app was a scam but I didn't listen because I thought it was still legit since the moderator replied.

IMG_20180314_201411.JPG
Apparently, I'm not the only who experience being hacked by the Hacker DTube App.

IMG_20180314_201509.JPG
This proves that I'm not the only one and this is not an isolated case.

Screenshot_20180314_200806.jpg
This looks like dummy accounts too made by the hacker to leave positive reviews on the app which is totally a lie!

Being hacked is very frustrating!

Now, I am traumatized.

Yes, that's what I felt. I felt used and abused. Nothing beats being hacked in making a person afraid and lose confidence in the platform. I don't want to feel this way but I can't help it. I mean, this is actually my first time getting hold of cryptos (Bitcoin on default, of course) and enjoying and loving it but now I have fear.

I hope that hacker gets a taste of his/her own medicine.

Now, I am still hoping I can retrieve my SBD and Steem. I am also pleading to @surpassinggoogle, @steemgigs, @teamsteem, @beanz, @paradise-found and other witnesses and whales to help me in retrieving my earnings.

I read an article by @simplymike which was all about the things he learned from being hacked. The only good news on this is that the hacker did not changed my password so I have the chance to change it. I am also asking for help to @deliberator, @penderis, @wilfredn, @bashadow from #newbieresteemday to help me also.

IMG_20180314_204938.JPG

To all Steemians, NEVER SHARE YOUR PASSWORD TO ANY THIRD PARTY WEBSITES!

The only thing I can do now is to hope everything will turn out positively.

emdesan (1).png

Sort:  
There are 2 pages
Pages

This is indeed very sad and truamatic. I hope you are able to withdraw your earnings. Is there no way the bittrex account can be blocked and the owner fished out?
So many phishing website out there. Everyone should be careful on given private key to third party site.
Very sorry about your loss

I'm so sorry, that this happened to you! I really hope, that these scammers will be caught and get punished for it. At least you got a new follower with me and I hope, that your rewards from this post alone will compensate your loss. All the best! 🙏

I am sorry to hear this happened to you.

SUGGESTION: Go back into your app store and go to the page for the app. Instead of donwloading it again, scroll all the way down to the bottom of the page and "Flag As Inappropriate." When the choices appear, select "Copycat or Impersonation" so that Google Play will know it is a scam! I just flagged them, too, and if enough of us do it, they WILL do something!

Thanks for the tip! I already flagged it.

Flagged as per your suggestion.

It's a shame I can't resteem comments, because this one deserves a lot more upvotes than it currently has!

Hi @emdesan55, I'm really sorry to hear that you've been a victim of a phishing attack. Unfortunately, I don't think there's much you can do to get the money back without tracing the payment back to bittrex and successfully identifying the hacker by their bittrex account But this will be hard to do.

Others may have more innovative ideas as to how we can help you to retrieve the lose Steem/SBDs, so I leave the floor open for them to discuss it. At this point, my opinion is that you should think of the loss of ~25% of your account value as the cost of a lesson in security, and take steps to protect your account further! For example, you should never log in with your password, but instead with your posting/active keys as needed.

I know that this comes too late and it won't change what has already happened, but better a small loss now than a bigger loss in the future!

You are right. Thank you for your kind words @wilfredn. Good thing I was also notified by @ginabot.

Maybe tracing the hacker by his Google play account would be more effective than tracing it back through bittrex?

I'm not sure if it would lead back to the hacker, but Google must keep some record of who uploaded that dummy app.

@emdesan sorry to hear. Remember to use the Savings function if you hold more than 20 STEEM or 20 SBD. Your steem power is safe due to 1/13th withdrawal per week and Savings have a holding time of 3 days. This can prevent immediate transfers out of your account. Hope this helps :)

Yes, thanks for the information. This really helps and I will follow your tip

Sad situation to hear about. Be aware there are so many phishing scams nowadays. The key thing to remember is to ensure that you are signing in through SteemConnect or officially through Steemit.com and always be careful who or what you are sharing your credentials with

Yes, I learned my lesson now and I will limit exploring on third party websites too

Reading through, i cant say i know how you feel, but i know its disheartening and painful, who ever is behind this would get a full bite of his own medicine. Not just a taste. Thanks to this i hope people won’t fall victim.
Sorry once again.

Thank you for your support. It was heartbreaking for me but I want to share with you all because that is what the least I can do to stop this hacker from victimizing other people.

I am so sorry for your loss. I sincerely hope that you get your Steem and SBD dollars back. Thank you for speaking up and sharing your experience. I learnt a lot of lessons from this. One that stuck with me is about downloading Steem based apps from Google Playstore.

At the moment, I only have two apps installed on my phone that are Steem based - Steepshot and eSteem. It took me days to deliberate and read every article on Steemit that endorsed those apps as being genuine. Not just any articles, but articles from trusted and verified sources. Even at that, I am still careful when logging into these apps.

I sincerely hope and wish that the Steem team comes up with a solution to this.

I also hope to get back what I loss but that looks impossible now yet I am still positive about what happened now becausd I realized my experience can help many Steemians to be aware and careful all the time. I do hope Steemit will take this issue seriously and make actions to stop scammers.

I am very sorry to hear of your loss, unfortunately this world has very bad people that want to gain off the sweat of others.Thank you for sharing your story which should serve as a lesson to everyone. Lets pray that the people at bittrex can trace the transactions using the memo numbers and reverse them OR at-least explain which account withdrew it. Good luck @emdesan wishing you all the best :)

Thank you for your support. I hope Bittrex can really help me trace what account stole my earnings.

No way!!!
I heard that a lot of Steemit users got their accounts got hacked in the past days. This is awful, isn't it?
And also there's a scamming site named steevit. It's 'V' instead of 'm'. Don't click the links you get without checking the URL

the one i ecountered yesterday was steemil. its "L" instead of "T".

This is a big probem!!!
Beep beep! Hackers everywhere!

Yup! Hackers nowadays are creative and full of tricks up their sleeves. We should all read first the links before doing anything or plainly don't click any links and manually type steemit in the web address bar.

Yup, you are right.

Sorry to learn that. A debt of gratitude is in order for sharing your experience...

We should begin again and trust all is well at this point. I'll resteem your post with the goal that different steemians can swim precisely.

Thanks for the resteem, I hope no one falls victim again with that DTube App. It looks true and any newbie steemian cannot know the difference until they have entered their master key and see that you can't do anything with it.

The content has written so good.

I hope to make everyone aware of the DTube scam app.

so sad for you. feeling very bad.

I also felt bad about the situation but I hope you learned something from it.

sis I'm so sorry
And Diyos na bahala sayo sis. ibabalik sayo yan
doble pa dyan, hinga malalim.
Kaya yan, nakaka high blood pero kaya mo yan.
upvoted 100 %

Thanks sis.. Salamat sa suporta at upvote mo para mabawi ko yung nawala sakin. Naiiyak pa din ako sis pero kinakaya ko na ngayon. Iniiskp ko nalang din na walang pagsubok na binibigay si God na hindi natin kaya so fight lang!

Oh no!! 😱😱😱
Thanks for the heads up!!
I will never download that app... Good thing I read this post first before doing that..

Aww... It's sad but..
It's just a bad day, not bad life...
It's never too late to start all over again 😉

Yes never download that app.. It was a very traumatic experience

I don't know if I have the fake one or the real one. :(
Joy

Just do not leave SBD nor Steem in your wallet. Power Up or Transfer to Savings so in case of hack hacker can't steal them right away.

I figured the waiting period to power down was good.
@null hacked me...check out the wallet. This was 2 mos ago for just .10 sbd. Oh well. Thank you so much @pinay
Joy

YES. If you plan to withdraw in fiat in less than 3-7 days better sell SBD to ETH and hold it there than hold in SBD wallet. I also installed Sophos antivirus because it alerts if there is a threat. 🙂

That dummy account commenting positive feedback could be your lead or could be culprit.

Hope they will experience karma!

This is so sad. :( Thanks po for sharing this!

oh my god this is true.

Screenshot_2018-03-14-20-12-26-622_com.discord.png

just this morning I got a message from my friend.

What we should do is to NEVER leave our earnings at SBD and Steem wallets aside from using Posting key. Transfer to Savings or Power Up and better schedule cash outs on weekly basis. Or, if we plan to withdraw in fiat we can simply cash out SBD/STEEM and hold the funds at BTC and/or ETH wallets so we can withdraw any time. :)

Oh my! Hope this hacking will stop soon

I have also encountered an attack yesterday through a comment link on my post.. So I changed my password right away.
Screenshot_20180314-142313.png

I will read your article sis. Hope I will be able to retrieve my SBD and Steem

is it ok sis if i comment my link post here so commenters will be aware also..

Ok sis.. Go lang!

Ok sis.. Hope this will help others also to be vigilant..

Sad mam @emdesan. I'm wishing for your quick recovery.

Me too sir :(

omg so sad to hear that I hope you get them back take care

Can I write this on my blog? in Indonesian

Sure, you can translate it so more people will be aware.

oh dear this is painful 😞😖😭

Yes very painful!

Feel sorry for you sis. Grabe.. sna mag response ang Bittrex team.

Sana nga sis.. hoping

thank you for the warning/information and i hope you get back your hard earned sbd and steem....

Sorry to hear that. Thanks for sharing your experience...

Let's start again and hope everything is okay now. I'll resteem your post so that other steemians can swim carefully.

Yes, do resteem so everyone will be aware.

Yes, seems like that app is a fake. Recently I looked for a Busy.org app and I found it on google playstore. I downloaded it, but then I realized that nobody announced that there will be an app like this. So I immediately deleted the app, because it's also a scam.
Sorry for your loss, but at least you're getting some nice upvotes on this post.!

o-oh, that's bad and I'm sad to hear it. I hope it gets well. Thank you as well for the heads up.

ohh very careful the next app follow now

I'm so so sorry. I really hope the whales are able to help

OMMG!!!!! are u alive ?

This is so sad. :( Thanks po for sharing this!

That's very sad. Contributing my 2 cents by a very small up-vote. I hope you get your money back. Just wondering why did you keep your SBDs as is. Why did you not convert them to Steem power ? Would have been saved due to the power down settings.

Yes, that's what I've been thiking too. But I will open a wallet in coin exchange similar to bittrex so my sbd can't be stolen anymore.

Just FYI. Wallets on exchange are not safe either. In fact they are more prone to attacks. Just be careful with that.

I prefer to sell and keep in BTC and ETH wallets if not Power Up. Coins.ph requires Google Authenticator codes.

Binance is safer than Bittrex I guess because Binance requires Google Authenticator codes to withdraw but fee is quite high. I am not sure if Bittrex do the same now. :)

I always enable 2 Factor Authentication.

I really feel sorry for you. I hope you get help from someone in time

Some steem is missing from mine too I think... I will try the @gina to find out. I hope everything works out. Thanks for the warning.
Joy

Yes,register to @ginabot on Votu Discord.

Damn it's really saddening to hear all this

Such an awful experience. Am sorry for your loss and am glad you shared so that newbies like us can learn and avoid making similar mistakes. in all I urge you not to give up on this platform.

I m really sorry about that. Lesson for all of us not to trust anyone
Hackers can only take what is in ‘liquid form’ meaning sbd and steem. Thats why i convert everything in steem power....
I wish you have a happy ending in this story

So sorry for your loss :( this shouldn't happen to anyone. It's our hard earned money, y would some beggers will get hold of it!

Sorry to hear you got hacked, and glad to see you have access to your account.
This phising attack is serious business. Some smart hackers are at work... I see new people fall victim every day.
That’s why it’s important to spread the message around.

Wow! I feel very bad because I don't have any experience or knowledge that might be of help.

It's great that you spoke out.

I'm very sorry for such a bad experience with scammers.

i am big fan of steemgigs
DQmSYF6kkEDUfjCyG7N2vv6QegwmMLAcs68cHWK9BBKf4WK_1680x8400.jpg

oh no so sad you can try to back your account

I am sorry for what has happened, I gave 3 100% upvotes, it is not much help, but I hope it helps a little bit.

Thank you for your support, I really appreciate it. Every vote is important for me as I will build again all of what I loss. As a Minnow, it is not easy but I will be positive about this

This is a very sad experience. In this time of great security breaches, one needs to be very careful with third-party sites and applications. They may look cool and nice on the surface, but beneath is all sorts of evil. I feel for you my sister. Very sorry you found out the harf way. But do not be discouraged. Am happy you still had the opportunity to change your password and maintain access to your account. Everything that goes around comes around. The evil mind behind your problem will not go unpunished. Dont givr up. We stand together with you in this time of great test. Together, we can excel! Take heart my dear and take good care of yourself.

Thank you for your kind words, reading your comment really uplifted my spirit! You are right that they will receive their karma soon and I hope they get tot taste their own medicine so they know how it feels. You have helped me to think positively and never stop steeming. Thank you!

may mga ganyan talagang tao na nabubuhay sa pag gamit o pagkuha ng pera na hindi naman nila pinaghirapan, Diyos na bahala sa kanila.

Yes po si God na bahala sa kanila pero sana makarma pa din sila. Grabe mamerwisyo! Nakakatakot!

This is why I never hold even CENTS on my SBD and Steem wallets. I always "Transfer to Savings" or "Power Up" so in case of hack hacker can't steal them right away.

I also change my password from time to time especially when I use android even no hack happened. I only use my generated password at SteemConnect and I use a separate browser on android exclusive for busy/SteemConnect. I feel more secure using iOS but since I heard of these hackers I only login using my POSTING key even on eSteem app. I am also using Sophos antivirus on android, it warns if there is a threat.

Walang patawad mga hackers na yan kahit kapiranggot ninanakaw. Yung isa ngang nabiktima matindi yata trauma pati yung comment ko with steemgigs footer flagged nya akala siguro hacker na rin steemgigs.org kaloka naflag ako dahil sa steemgigs parang matindi hangover nun sa hacker 😅

Hehe naflag ka sis dahil sa steemgigs footer? Kakatrauma din kasi sis pag nahack e first time ko pa naman din na experience to kasi bago bago lang din ako sa cryptos and such. Salamat sa tips sis. Ngaun ang gagawin ko nalang Transfer to Savings Or Power Up para mahirap kunin SBD at steem ko at change master key password once a month the least. Naiiyak pa din ako sa nangyari sakin. Lesson learned.

Nakakaawa nga na nakakatawa yung biktima ng steewit @ good-kama kasi kahit ako di ko agad napansin na walang "r" akala ko inaakusan nyang hacker si witness good-karma buti naliwanagan ako sa comments ng iba kulang pala isang letra 😂 malamang kung minalas malas ako napaclick din ako at nabiktima na rin kasi labo ng mata ko 😂

First time nya siguro mabasa steemgig.org kaya kala hacker din ako. Binawi ko nga 0.01 ko at mute ko hahaha pero obvious na engot pa rin binigyan pa ako chance na idelete ko comment ko na flagged nya kasi hindi nagcomment. Pag wala kasi nagcomment pwede pa madelete post/comment. 😂

Hindi na nga pde maging kampante ngayon sis.. kelangan alisto tsaka binabasa talaga lahat

You'll get through this sis and bounce back stronger!! And always be careful.. @emdesan

Thank you sis. Yes, I learned a lot from this mistake. I hope no one else experience this...

Grabe,napaka walang naman awa yung gumawa nyan :( pinagsikapan mong ipunin tas nanakawin lng pala. Thanks for the warning , I hope you can get back what you have loss.

Oo nga nga walang konsensya mga hackers ngayon kahit yung ultimong cents kinuha nila

There are 2 pages
Pages