ADA removed from Daedalus wallet - hacked

please help,
Some how someone has accessed my daedalus account on a sole use PC with no stored keys on and transferred all my ADA that was being staked to an unknown address, transaction ID:

25c04d7033bbcae63924311e60a7f3864e563ef66a5909c0872714fc28f723a9

on the day of this occuring my PC was off, as confirmed by checking the windows logs also.

i have my keys written down on paper stored in a location in my room that only i use…

any ideas on how this may have happened, or better still how can i retrieve this back??

Hey @noADA

There is no way to recover your funds if the transaction has been confirmed by the network.

There are different ways to get access to your funds. Mabye you downloaded a malicious app on your smartphone or entered your seed on a website.

2 Likes

Did you download an official Daedalus wallet for official website? Did you ever install scam Daedalus mobile app? Any other malicous software that you install in your PC?

Best protection is using hardware wallet paired with Daedalus wallet.

I think you did okay with writing down the seed phrase on a paper. It’s probably that your PC is breached due to malicious software or your Daedalus is unofficial. Another reason is that you use scam mobile app Daedalus.

1 Like

this was completed on a Windows 10 PC, i have not enetred my seed on anything…i do not access Daedalus on my smartphone. Any other suggestions on how this may have occured?

Thanks for the reply, any idea on what this programme may look like or be disguised as, ive run a malware and virus scan and come back clean. Windows 10 is the latest version, and daedalus is also the latetst version 4.0.4 #1745.

Really looking for a solution and hopefully prevent anyone else from being caught in this trap…

1 Like

The fact that it occurred while the PC was off suggests the keys were obtained at a different time or through different means. You say that you do not store keys on the machine, but at some point you must have either lost control of the encrypted seed phrase (spending password key logger perhaps) or somehow ended up transmitting the seed words through the internet, which is less likely but still possible. Smart phones have cameras, can potentially photograph seed phrases, lower probability things like that.

The password only has to be recorded once for the wallet to be compromised, it does not matter if you remove the keys afterwards or unplug the machine from the internet if at the moment you were restoring the wallet / setting the password you were using a compromised computer. This is the most likely scenario.

As others have said a hardware wallet would probably have helped you. Unfortunately nothing can be done about lost or stolen crypto after the fact. The best lessons here are for people to be very cautious with machines they restore wallets on, use a hardware wallet if you don’t understand much about computer security, and be wary of smart phone cameras and seed phrase exposure.

There are plenty of other measures one can take and if you have significant crypto investments it is very much worth your time to learn about what is safe and what is not.

2 Likes

Guys, same just happened to me…
A non-authorized sent transaction from the daedalus wallet of all my ada. I followed the guidelines for secure storing the credentials and everything but it was useless.
This is the address where “they” sent my ada:

addr1q8u0pt5h3zp07qsfzwq4tcdxhrk8jn7cqc0nqw08ua6ql7gxnmdtaquaf4qszypapmd98n6nvw50fjvq4l8547x90ljsa0uvc0

This was the transaction id: 4b1851dc8d0c10ad6d8f73a02a084acd95679d6ed551106856f4edfea2dd4436

What i’m supposed to do?
Restore my wallet?

I’m thinking also to retire my pool because i’m not in a condition to lose other money.
Thanks for the eventual help

I feel sorry for the ones who lost their ada’s by criminal acts.

I’m very much interested in investigation.

Pattern:

  1. Ada’s were significantly often stolen by being staked by a pool (or a least if a pool is involved) – am I right?

  2. Ada’s were systematically stolen by sending them to a scammer address (“sent-1-get-back-2-give-aways”)

This needs to be investigated further…out of interest what pool was you staking in…mine was ADAFR.

In my case, I was delegating to https://voltairera.com/ (since February):
poolid: 7e82a949dc775005761ec3446a9358261416cbdd8de2c6530cb3270b

I decided to buy some ada every month to increase the rewards from this delegation, and
I’ve sent some ADA’s to my pool to register it, that’s all.

My spending password was very difficult. No mobile app downloaded. 24-words key phrase written on paper. I made a photo of it and stored crypted in my cellphone but was 2 months ago and for a brief time.
It must be it.

It is strange because i hade more adas before, and it happened now when i had less.

Maybe it is a stupid question, is it possible to know from the address id the geographic
location of the wallet?

There is not a whole lot to be done at this point. It would seem possibly that some other funds have been acquired and consolidated into this address:

addr1qyh5s9meyw0ncd3fhua660xf4x7f04xke3ynnscznngvzu64fukzhute2mugmr94pthl5d5ysanvz4f74wxslhfqu8lsmjj6n0

via this txn, which is connected to your balance / address:

426ac3212ac3655bab5d03cc5490c67108f92e9b98982e32b61a4115e5699176

But there is not any identifying information there and it could be in anyone’s hands. Without the help of law enforcement agencies and cyber forensics there isn’t much that can be done about things like this. If stolen crypto goes to an exchange address you can try to appeal to them and maybe something will be done about it, but don’t hold your breath.

In regards to what you “should do”, if you are not sure whether your setup is secure i.e. you do not have experience dealing with computer or network security issues, you should most certainly be using a hardware wallet device if you cannot afford to lose your investment.

Unfortunately that is all I can offer you at this point.

1 Like

Yes, I do not advise anyone to store seed phrases on digital media, like phones, camera photos, etc. It should always be hand written and then put away in a protected place that it is not visible. You could also even break it into pieces so that the complete phrase is never visible at once.

It is very unlikely you could find this information without assistance from larger entities like network infrastructure providers, criminal investigation agencies, exchanges, etc. For the time being we do not have digital identity hashes so unfortunately a wallet is just a string of gibberish that could be anywhere. Someone with the necessary resources and access to information about your computer and internet connection would need to examine the incident, and even in that case it would probably be a difficult task.

Not a stupid question, though. It’s a big problem we need to solve.

1 Like

Thank you very much for all the useful info. I will create another wallet strictly following the security procedures.
It was a hard lesson, but I’m not intended to quit. This month i try to save some more money in some way, i want to delegate the same sum again.

Cheers

2 Likes

Hi, Y’all guys.
Wow, this thread just breaks my heart. Sadly, I was lost all my funds too.
Now I’m pretty sure it’s unrecoverable.
I just lose my stacked ADA in Yoroi and came here to find some hope.
I’m able to trace the destiny of my humble funds to the same hacker’s wallet, there is a way to block those funds?
I think that some kind of “authority/judge/cop” must be implemented in Cardano’s environment, but probably I’m wrong too.
For sure, those events affect my “faith” in (at less) Yoroi.
Here some facts:
*Download Daedalus from the official site.
*install, set, deposit funds, then delete Daedalus(too heavy)
*install Yoroi (from the official site), use the same keys.

  • few ePoch later… funds are gone! (but not rewards)

At this time, this wallet has 4.086 stolen $ADA.

Any thought?
Best Regards.

Sorry for ur lost but the transaction can’t be blocked :frowning:
you must check now how they found ur seed words or how they managed to steal the funds…

1 Like

Hi there, apologies in advance, I am sure I am a luddite.

I purchased some ADA from Coinmama https://cardanoexplorer.com/address/DdzFFzCqrhsjVcLWuLANXTG2sje5v6MqALLiUC29NYUxxGZjz4S3xixT6uA6fnMtA3aQvSdVSnhZnjc9bunFiwr5rDnWq32kfy5Fib16

I created a digital wallet and took a screenshot of the recovery phrase. However, I cannot see any of the currency in the wallet and it would appear there are two transactions showing? Have I been hacked?

The transaction were made 3 years ago, I think in 2018 we were in byron era, now we are in shelley era; try to contact coinmama support and ask them to check

Going to do that right now Alex, thank you. I’ll let you know what happens.

It doesn’t look u have been scammed, the address has only 2 transactions

Assume that would be my initial purchase and the deployment to the wallet? I really hope so. I’ve emailed Coinmama. I have the 12 word recover phrase.