enfin quelque chose d 'intéressant que je post ici au cas ou sa peut aider
https://www.reddit.com/r/Dream_Market/c … _yourself/After a period of downtime like recently occurred/may still be happening, I always see an increase in the number of “where’s my deposit?” kind of messages. When the market is down, people invariably seek out alternate links and some of them discover phishing sites. I have also noticed many people depositing to a fake deposit addresses; I still don’t completely understand how the perpetrator is managing to get people to deposit to his wallet instead of their Dream account but there is no question he is doing it (check the blockchain 1FpLKWem4YrKms11QbC3dKMg4414YD3ud1 if you are curious, there are still new deposits happening at the time of this writing with well over 200 people robbed of their money using this scheme).
Please take these three steps:
Use two factor authentication (2FA, PGP authentication) instead of a reusable password.
Verify the ownership of the deposit address before you send your hard earned funds to a hacker instead of your Dream Market account.
Make a backup copy of your PGP keys somewhere other than what you use day to day because if you loose your PGP keys you will very definitely not be able to get back in.
To set up 2FA:
Log in (with your password).
Click on your username, paste your PUBLIC PGP key into the space provided and save it [UPDATE].
Log off.
Log in but this time use the '2FA login' link on the login page.
Decode the PGP message like you would any other.
Paste the decoded message into the space provided.
Now (having logged in successfully using 2FA) set your profile to "PGP only" (or "Password + PGP" but that IMHO is not any more secure and it's one more unnecessary step).
To verify the deposit address:
Import the Server’s public PGP key into your PGP software. You can find the key by adding /about to whatever onion address you are currently using.
On the Wallet page where you get the deposit address, select “Get Proof of ownership here”.
Copy the signed proof of ownership message into your PGP software and verify the authenticity of the signed message.
gpg: Signature made <todays date> using RSA key ID XXXXXXX
gpg: Good signature from "Dream Market (Enterprise of e-commerce) speedsteppers@startupgrind.se"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the owner.
Don't worry about the "key not certified" or "no indication that the signature belongs to the owner", the "Good signature from "Dream Market (Enterprise of e-commerce) speedsteppers@startupgrind.se" is what you are looking for! Note: Whatever is modifying the deposit addresses to a scammer's address is likely able to change it within the signed message as well so just looking at the signed message isn't sufficient, you have to actually verify it with PGP that the message hasn't been altered since it was signed. When you deposit, make sure you are depositing to the same address as shown in the signed message (that you have actually verified), there is malware that will detect when the copy/paste buffer contains a BTC address and silently change it to one of a thousand different scammer addresses (picking the one that looks close to the address you copied so look carefully before you send coins).