Originally posted by ÐîGîTå£|Ãg€ñ†کmïth:

4 Days ago my inventory was hijacked/intercepted no clicked links just using mobile ap be carefull no logins found on my accounts show any type of compromise. I lost about 6000 Dollars in skins and a very rare Talon knife fade 97% that I unboxed. This happened while I was on Face it and in a cs2 Lobby. I am not sure why valve wont reverse this because all the items are on a 7 day trade hold after getting them transfer to my alt but my alt was copied in a way that aloud them to access my steam auth and to accept the offer,. I never could use the cancel trade. I will not ever spend a dime in this crap fest game or for any thing valve related again. Valve is nothing more than a scam artist protecting those that abuse the platform. WHY IS THERE A 7 DAY HOLD IF YOU CANT GET YOUR ITEMS BACK? Answer this VALVE fatties that made money off my buying keys.

Why would they return the item? You accepted it was a gift and you would be getting nothing in return. Who’s to say that person didn’t pay you irl for it.

Originally posted by ÐîGîTå£|Ãg€ñ†کmïth:

TAKE YOUR CHANCES WITH STEAM AND VALVE THEY PROTECT THE SCAMMERS> THEY WONT HELP YOU.

How do they protect scammers?

Originally posted by ÐîGîTå£|Ãg€ñ†کmïth:

I have never seen so many issues when it comes to people and the advancements in how one can be had by even taking control of ones own account through a browser hijack. Hackers do this and this proves even if you test ♥♥♥♥ can be very misleading and as far as im concerned Faceit and valve should part ways. there is no security unless you are offline.

You only have yourself to blame here. You should have given away your account information.

Bro, today i was in match and i recievied mutliple messeges on email that i sold item ... some one just brake in bought trash items to Dota, sold few items almost for free. I have steam guard too. And i wrote to steam support, its second time that heppend to me, in both situations i had steam guard. I hope i will get my skins back!!!

Originally posted by TimON3:

its second time that heppend to me

Will there be a third or are you going to stop logging into shady sites? Learn the lesson already bro

OP gifted away his pixels on the

dont be be like OP, pay some security attention to what you are doing. double/triple check what you are logging into.

((( they entered their steam credentials on a fake faceit phishing site )))

Originally posted by snipemaster.007:

Seems this is becoming a common thing and Reddit is full of people claiming they never authorised the trade with their phone or steam guard was bypassed some how

i gEt ALl mY ImPOrTAnt se^se^SeCUriTY iFNo from REEEEdiT

can stop laughing. sorry

Originally posted by HaŦŦrick ✓ 🛠 🗽:

Originally posted by snipemaster.007:

Seems this is becoming a common thing and Reddit is full of people claiming they never authorised the trade with their phone or steam guard was bypassed some how

i gEt ALl mY ImPOrTAnt se^se^SeCUriTY iFNo from REEEEdiT

can stop laughing. sorry

You will once you find the 2FA is bypassable by AI

Originally posted by |Ãg€ñ†کmïth:

Originally posted by HaŦŦrick ✓ 🛠 🗽:

i gEt ALl mY ImPOrTAnt se^se^SeCUriTY iFNo from REEEEdiT

can stop laughing. sorry

You will once you find the 2FA is bypassable by AI

Really? This ai is going to steal rich people's steam inventories?

Originally posted by |Ãg€ñ†کmïth:

Originally posted by HaŦŦrick ✓ 🛠 🗽:

i gEt ALl mY ImPOrTAnt se^se^SeCUriTY iFNo from REEEEdiT

can stop laughing. sorry

You will once you find the 2FA is bypassable by AI

Not really it can't

Hello everyone, TL;DR: OP really was phishing-scammed by unknown malicious actors.
CS2 is safe (including lobbies), Steam is safe, Faceit is safe but doesn't notify you that you're leaving Faceit when you click a link to an external resource unlike Steam does so you have to be careful on Faceit.

Long explanation:
OP added me to talk, and then started claiming that CS2 is compromised, game coordinator servers are compromised, and that he's been finding voice chat logs with real player IP addresses which he of course couldn't find upon being asked and couldn't tell me where they should be. All these conversations led him to completely block me (after waiting for like half an hour after his last message :D)

But he has decided to explain the fact that his account was hacked and his items were stolen by "passing the buck" onto Valve saying that CS2, Steam and Faceit are hacked and have a "vulnerability" and a "security issue". Also for further reference, OP calls any hyperlink (like this[google.com] to google) a "redirect" or a "redirection".

After my long explanation about how he was phished, he has decided to parry it by sharing his browser history during which the hack occurred, which… contained a phishing link.
The following image (uploaded as an artwork) contains those links.

PLEASE do not attempt entering those links in your browser, if you're curious screenshots of them will be below. Why you shouldn't — sometimes new vulnerabilities in JavaScript engine implementations are found in browsers. They can be used to remotely execute any code on your machine outside of the sandboxed javascript runtime environment, meaning on your local machine. Potentially no browser is safe.

https://steamcommunity.com/sharedfiles/filedetails/?id=3467272076
As you can see the browser history contains two phishing domains — "authsetting dot com" and "topdread dot com". Both contain a subdomain "faceit" but literally ANY website can contain a subdomain. For example Google could, despite in no way being relevant to Faceit, and it would look like this: "faceit.google.com" but they don't have it obviously.

It seems OP was instructed to find a team on Faceit (called like the second domain) and upon finding it was met with "ONLY INVITED PLAYERS CAN JOIN THIS HUB".
Below, in the "About" box, that can be filled by the team's creator — which could be literally any player on Faceit since anybody can create a team — some text is written which incentivizes you to click the "PROCEED TO VERIFICATION" hyperlink (which OP deliberately called a "redirect").
https://steamcommunity.com/sharedfiles/filedetails/?id=3467281162
Right now the link just leads you a league with a QR code for you to scan on its banner image (DO NOT SCAN OBVIOUSLY), but before, as confirmed by OP, it led to those phishing scam links from above.

How those links looked like "inside".
Here we see faceit-like interface and the "CONNECT STEAM" button, which opens a fake "browser pop-up window", which is actually a JavaScript dynamic page object, containing a fake Steam login form.
https://steamcommunity.com/sharedfiles/filedetails/?id=3467291026
With the fake Steam login form: (although it's broken for me but you can see how it says Mozilla Firefox in the "title bar" instead of GNU IceCat which is the browser I am using, you can see the fake steam link in it, etc)
https://steamcommunity.com/sharedfiles/filedetails/?id=3467293668

Here's another popup with a verification code which is seemingly supposed to be given after logging in with that fake Steam login form (at which point your account would be already compromised but hackers need you to not suspect anything so that the victim doesn't change password immediately after being hacked):
https://steamcommunity.com/sharedfiles/filedetails/?id=3467301606

Here is my explanation which explains how his account got phished and how his skins got stolen "bypassing" Steam Guard confirmation (not really bypassing, he actually confirmed the trade):

hello, I'm finally semi-free but I can at least use my pc now and typing is finally easy again, so, here's how you might've gotten hacked (I really hope you will take your time and attention to read through the whole thing without just disregarding it and saying that CS2 is full of vulnerabilities again):

1. It starts by you falling for a phishing attack — you log in on a website that mimics the Steam login page.
You mentioned before that "faceit is hosting scam stuff" and that you looked up a team using Search and pressed a button there. Well, anyone can create a team on faceit and of course it's possible to search for it using the search. What's also possible is to set a link to the team's website under "Socials" tab. You'd usually use the Socials tab to have a link to the team's Twitter/X, YouTube, etc, but the team can also have its own website so it's possible to put an arbitrary link there. It is shown with the globe icon. // CORRECTION: the link wasn't under "Socials", it was in the "About" description box as it turned out.
From what you said I guess you searched for a team on faceit and clicked the link under "Socials" which took you to a completely different website but you still thought you're on faceit. You pressed "Log in with Steam" somewhere and a Steam login window popped up. It has buttons, it's draggable, you can resize it, it has the correct link, it has the "Valve Corp, US Connection Secure" at the top left, everything, but this window is actually just a dynamic element of the parent page, written in Javascript. If you unmaximize your browser you will see that such a window cannot be dragged outside of your browser, while a real popup browser window can be.
So then you either scan the QR code, or input your login and password and confirm with the Steam Authenticator, and it indeed lets you do something that you need, but you also let hackers get into your account at the same time. You can think of it as of a bank card skimmer at an ATM.
(Not blaming you though for not noticing a phishing scam, you need some technical background to notice it I guess)

2. However, just getting into your account, as you might already now, is not enough to get your skins at least. They either need to hack your phone somehow, but it's very hard as you may know, so more social engineering is used since it's easier (and has at least some chance of working out). When hackers get into your account they need to do everything to maximize their chances to persist on your account for some time, because when you log in on a new device (which theirs is) you can't create new trade offers. They may or may not create an API key tied to your account. But the thing is — they are dormant until 2 weeks have passed, they can't do anything anyway.

3. Fast forward 2 weeks, they now need to make you confirm their trade using your Steam app. And preferably that's going to be a trade with all your items.
How? Well, the procedure of you legitimately transferring your items to another account is as follows — you create a trade offer, select items, send, then you use your Steam Mobile app to confirm the trade. They need to somehow masquerade their malicious actions to look like that.
So what they do is, first, they need you to select all your items and send the trade, to give you the illusion of still being in complete control of your account. They might wait for it indefinitely (it's all being done by automatic bots running 24/7 anyway) or try intimidating you into sending your skins somewhere because "your account will be banned soon" (and of course with all intimidating stuff like deleting all your friends, profile name and picture, etc etc, to make you panic)
While you are reaching for your phone:
* Your trade offer gets automatically canceled
* Profile information about your trade offer's target account (your alt) is copied to scammers' Steam account — such as profile picture, name, and they are friendlisting that account from your account (or friendlisting sometimes happens much earlier, when they just get into the account)
* A new trade offer with the same contents is created, but with that scammers' account as the recipient, that now looks exactly like your alt but the level may be different and days you're friends etc. You of course confirm that trade.

4. Your items are gone! Instantly, because you are using Steam Guard, and they went to a different person.

As you can see your PC doesn't even have to get hacked for this scheme to work.
But of course steps 1 and 2 can be skipped if they have complete control of your PC.

The fact that it's been erroring out when you were trying to trade from another account is explained simply by hackers automatically canceling every trade they didn't like (which is everything but trades where your items are going to them)

So yep really no need to modify your Steam client in any way at all. Just very clever social engineering

OP even kept defending the scam…

kabanod1m #NotoToxicity Yesterday, 9:20 PM
those 2 are scam for sure
ÐîGîTå£|Ãg€ñ†کmïth Yesterday, 9:21 PM
that is on the faceit website
kabanod1m #NotoToxicity Yesterday, 9:21 PM
where?
can you find?
ÐîGîTå£|Ãg€ñ†کmïth Yesterday, 9:21 PM
when you verify
kabanod1m #NotoToxicity Yesterday, 9:21 PM
or it was deleted already (most likely)
ÐîGîTå£|Ãg€ñ†کmïth Yesterday, 9:21 PM
to join a team you need to verify credentrials
kabanod1m #NotoToxicity Yesterday, 9:21 PM
no you don't, that's not a real team, that's a part of a scam
ÐîGîTå£|Ãg€ñ†کmïth Yesterday, 9:22 PM
yah it was a team and you can even search for it.

I really hope OP learned something from this and won't get phished again and then proceed to blame Valve and Steam for own bad opsec practices.
More often than not the user is the biggest security flaw and the biggest vulnerability. Take care of yourselves please!