Protect yourself from scams! If you do not know your account has been compromised or not - read carefully before you bet!

How is this going?

A fraudster who has access to the user’s API key receives information about the trade - verification code, bot name, list of items that the user is going to give to the real bot.

  • 1) The fraudster, using the API key of the user, cancels the trade that the bot of the real service sent.
  • 2) The fraudster changes his nickname, avatar and sends the user a trade with the same list of items.
  • 3) The user accepts the trade without even noticing the substitution. The process is most likely fully automated.

    • trade bot cancel

    What is an API key?

  • This is a combination of numbers and letters that gives you access to actions on your Steam account. Fraudsters use it to obtain information about trades and to cancel them.

    • As the fraudster finds a user API key?

  • By luring users to a site with a fake login form (through advertising in search engines, private messages in Steam, indicating phishing sites, under the pretext of free items and more ..)
  • The user enters the username and password with the verification code from the authenticator and the fake site instantly creates the API key, which he subsequently uses.
  • ATTENTION! The input field on the form is always empty.

    • form empty

    How to check if my account is hacked?

  • Go here https://steamcommunity.com/dev/apikey and check if the API key is generated in your account.
  • If the account is clean, there will be no key there.

    • api steam key create
  • 1) If there is a key there and you did not create it yourself, then your account is 100% hacked.

    • api steam tradeoffers
  • 2) You can make an trade with someone, JUST DO NOT CONFIRM IT! Before confirming the trade on the phone, on the computer, go here http://steamcommunity.com/id/me/tradeoffers/. If you see 2 identical trades, one canceled and the other not, your account has been hacked 100%.

    • How to «cure» an account?

    If you have not created an API key and do not know why it is needed.

  • 1) Go here https://steamcommunity.com/dev/apikey and remove it immediately by clicking the Revoke My Steam Web API Key button.
  • 2) Go here https://store.steampowered.com/twofactor/manage and click «Log out on all other devices».
  • 3) After that, change the password on Steam and make sure that the API key does not appear again (after authorization on dubious resources).