I recently sent some ADA to a wallet and then proceeded to visit the TapTools website, and I purchased some $GLITCH tokens at around 8:30 pm local time. Then, about 2 and a half hours later, I was browsing JPG Store, and the site was very slow and jerky. I didn’t purchase anything or do any transactions on JPG Store. I also then connected to TapTools again briefly to check on my balance and it showed that I didn’t have ADA.
When I went to check on my wallet, I noticed that all of my ADA had been sent out of my wallet. This transaction occurred at 11:03 pm local time. I was expecting an NFT to be airdropped as well, and the NFT airdrop shows as occurring at 11:05 pm local time - about 2 minutes after the transaction that sent out all of my ADA. I don’t know what happened and would appreciate some help or assistance, if that is possible.
I was using ETRNL wallet on Chrome browser on a windows laptop.
My wallet address is: addr1q9zehsw94w7v823ljzrea404lzlx95kjazgxy08ltskp9qsrh93tkthkj7m064e7remn9amtsdx43zye6493msw5ap7s2vfhwv
The transaction ID that sent out all the ADA is: a67063068ec53a8f780b1767cd16a7f1f0b83d8e0f937f977b80f56ec058ed2a
After I saw what happened, I was worried that perhaps the $GLITCH tokens had something to do with it (but I don’t really know if that is possible or not), so I created a new Burner wallet and sent all of the $GLITCH tokens to that address. I also re-created my wallet that lost the ADA on another browser and added a stronger password.
Does this mean my wallet is compromised? Do I need to ditch it and send the NFT and Token contents of it to a different wallet? Is that safe to do? Also, I have some other wallets that exist in the Etrnl wallet, so would that mean that all of those could also be affected? (I really hope not.) I am not sure how this happened; whether someone hacked my computer, whether there was an error from connecting to TapTools or JPG Store, whether it was to do with the $GLITCH tokens, whether it was to do with the airdrop, or whatever else might have caused it.
Any advice and assistance would be greatly appreciated.
Thank you.
So, there are numerous possible attack vectors on cryptocurrency wallet apps in general:
The most common still seems to be just tricking the user into giving their seed phrase: to fake support agents, to fake “rectification” websites (in fact, the use of simply the word “rectify” is a red flag for scams in my experience), to more or less convincing copies of wallet apps or dApps on more or less convincing URLs, …
Did you give your seed phrase anywhere today or in the last days?
Tricking the user into signing a transaction that does something else than is claimed. That is what all the scam tokens going around since end of last year on Cardano do: They advertise a website for claiming some rewards or airdrops, you connect your wallet and sign a transaction thinking it is for claiming that benefit, but in reality it just empties your wallet.
Try to remember every occasion where you gave your spending password today, even those where you did not think it was for doing a transaction. Maybe the site claimed that it is for logging in and you didn’t look too closely at the pop-up.
Malware – something might have just gotten the encrypted private key out of your browser’s storage. They still need the spending password to decrypt it. They can either grab it when you give it for doing a transaction (after all there is already malware on the machine) or they brute-force it.
In the first case, your whole wallet is compromised, but not the other wallets with other seed phrases. In the last case, the whole computer is with all wallets on all chains. In the second case, it is neither, it just was one transaction.
Thank you for the feedback. Actually, for the airdrop, 2 NFTs were supposed to be dropped. I only received one a few days earlier, so opened a ticket in Discord to ask for the other one to be sent. I provided my wallet address there. Then, it was sent at that day and time when I got a message about it being sent. I don’t think it would have been that, as they did a multiple airdrop to a bunch of people and it is a legitimate project (never know though, I suppose).
Thank you again. I am careful to never give out my seed phrase, so it wouldn’t have been that. I suspect, and am hoping, that it was the second situation, whereby I was maybe logging in to TapTools or something and I signed the transaction thinking it was verifying my wallet without actually checking what it was sending.
If it wasn’t that, then it is possible that I have malware, although I have antivirus and try to be careful regarding that. If there was malware, I would think that they would have drained other wallets as well, which isn’t currently the case - it is just that one wallet.
Thank you again for taking the time to reply and explain - it is much appreciated. I will be more cautious in the future and monitor my wallets over the next few days or week and keep an eye out for anything suspicious. Hopefully, with any luck, it will just be a once off incident.
It’s not a good idea to flag your wallet address in an open site like Discord. Somebody could’ve impersonated the legit NFT airdrop to get access to your wallet. Just be wary of airdrops. Maybe create a new wallet exclusively for airdrops and deposit a few ADA to pay for transaction fees. Then later on you can transfer the NFT’s to your normal wallet. Mind you even in Ledger Live I receive free NFTs from the Ethereum network. I copy the address and check the site of these NFTs on another browser just to be safe and they are usually about scam rewards where you ‘have to’ with a deadline otherwise you loose the reward. Also a good idea is to have a dedicated safe browser (Brave for example) for doing your transactions where the cookies, browsing history and caches are emptied every time you close the browser.
