Easy, and this is the most common steps to, you're not the 1st person that keep falling for this scam.
1. Login to phishing site that has nothing to Steam, giving hijacker your login info.
2. You setting up trade items to be send to someone.
3. You blindly confirm the trade, that the bot hijacker setup to fool you thinking you're trading to someone by copying their display name, and picture, and redoing your trade.

Yup that all there is to it. Want a cure to this? Stop logging into those phising sites, and follow these steps to secure your account, don't skip any.
1. Scan for malware https://www.malwarebytes.com/
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage
3. Change passwords from a clean computer
4. Generate new backup codes for your Mobile App https://store.steampowered.com/twofactor/manage
5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

Most common reason people get accounts hijack for any service really are as followed.
- Sharing account infomation with others. <--- Very common with impersonators, pretending to be Steam admin / support.
- Logging in on phishing sites. <--- Very common with skin gambling sites.
- Downloading / Installing Virus / Keylogger on your system.
- Using public devices that has keyloggers, such as cyber cafe, school computers, and etc...
- Storing your login credentials on a unsecured service that others has access to view.
- Using same login credentials for all your things, or using same login credentials on another service that had a data leak. Yes it does matter because even if it not related to Steam, if using same login credentials, hijackers will try to use those credentials to see what services you use with those credentials. https://haveibeenpwned.com/

Steam support will not return your traded items.
https://support.steampowered.com/kb_article.php?ref=9958-MJDG-3003

Yes. Don't use shady 3rd party sites.

I already revoke my steam api key. What shoul i put or i do i need to register another api key ? If so.. what should i register ?

Αναρτήθηκε αρχικά από no pun intended:

I already revoke my steam api key. What shoul i put or i do i need to register another api key ? If so.. what should i register ?

5. Revoke the API key https://steamcommunity.com/dev/apikey (there should be nothing in the APIKEY)

No api keys at all. Also ensure you have revoke all devices so it auto kick them off your account as well.
2. Deauthorize all other devices https://store.steampowered.com/twofactor/manage

Ohh so that should be empty. I already deauthorized other devices.. thank you to all the help good sir :)

No problem.