check your trade history to make sure they went to your friends account or if they are on a trade hold.
if they are not on hold, and went to a different account, you have a problem
your account is compromised

deauthorize all other devices https://store.steampowered.com/twofactor/manage
change passwords from a clean computer
revoke the API key https://steamcommunity.com/dev/apikey
scan for malware https://www.malwarebytes.com/

please let us know if the items are on hold or got sent to another account.

I did look at my trade history and it went through to some bot on a betting site? How is this possible or even allowed? Ive not lost alot of money one of the items was an arcana for dota 2 which is very pricey? My profile and inventory is private so how does something like this even happen? and thanks to steams revoking items clause ill never see my items again.

Do what Wolf said, your account is compromised due to login on third party sites or clicking on weird links sent to you by strangers.

you entered your login on a fake website. They have access to the account, its a scam we have been seeing alot of lately. normally they change your profile to say "You are going to be banned in 1 hour, move your items if you wish to save them."

Okay I will do all of that. Im assuming I wont be able to get my items

you wont get your items back. make sure you report the profile you traded with.

Someone can copy profile of your friends and have same picture and username and trick you to give them items. Unfortunately you wont get items back.

So I found out what happened. Someone had used a pc mirroring malware to basically look at my PC screen and cancelled the trade to my friend and resend it to a bot. RIP windows defender for not picking anything up and RIP my nice items :( dont know how someone is allowed to log into your account without mobile authenticator

Oh and I have also reported that account I will make sure I post his profile link tomorrow when I'm on my pc

you dont need to post the profile

1. Its not allowed on the steam forums
2. its a throw away account. its job is to receive items from compromised accounts, hold them till any cooldowns expire, then transfer the items to other accounts.

you gave them the code to log in when you logged in thru a fake login screen. redirecting a browser to a fake site is all they need to do. they could not transfer the items without a new code. The API key allowed them to see when and where you where trading items. They have bots set up to watch for and catch these trades, this allows them to copy the destination account in order to keep the victim from noticing the change, it only takes a couple seconds for a bot to do this.

malware scanners and antivirus can only detect what they know about. They are also useless if a user whitelists the malware/virus program when they are downloading files. we dont know what your computer habits are, we dont know who has access to the computer(s) you use. You need to review what is happening with your computer and what you are doing. Clicking random links is dangerous, even if it from a friend (compromise a friends account, send link, compromise their friends, send more links from those accounts, etc)

I do understand that clicking on links and stuff is dangerous but if this has been a problem for long surely steam can do something about it. This wasn't my neglegance that caused this. I traded with my friend and somehow someone redirected my trade how can I be held responsible for this. I've spent so much money on ingame skins and I feel like valve dont really care so now all my money that I've spent has been for nothing. I guess I will just not spend anymore money on valve

Originally posted by Ac1d:

I do understand that clicking on links and stuff is dangerous but if this has been a problem for long surely steam can do something about it

Valve have done plenty about it but they can't babysit everyone or apply common sense to users who don't have any.

Valve offer link-masking/filtering and authentication as security features but they cannot be held responsible or accountable for users willingly using 3rd party sites and giving their credentials away.

If you install tailored malware onto your system or give away your details then Valve aren't responsible for that and they can only offer so much protection.

just the same thing happened to me today, on Counterstrike Global Offensive. So its just a heads up that this scam is going on, on the whole steam community

Originally posted by Ac1d:

Oh and I have also reported that account I will make sure I post his profile link tomorrow when I'm on my pc

Do not do that as it's not allowed to name and shame.

Seemss to me that the hackers already found a way around the cell phone requirements..

What a colossal waste of time that was for Valve.. great.. what good is it now? In my opinion.. its not.. the hackers just try harder.

These posts are on the rise.. and I'm sure Valve will step in with another brilliant idea.. now that the cell phone carriers are all the more richer.