ADA stolen after importing Daedalus to Eternl

Today I imported my Daedalus wallet into Eternl to connect to sundaeswap to receive my ISO sundae tokens. It’s the real Daedalus (Ive had it for over 2 years since Byron), but I’m not certain about Eternl. It looks legit, but today my wallet was emptied of 13,600ADA, leaving me with only 86ADA, my NFT’s and Sundae. This is the wallet that received my ADA: DdzFFzCqrhstTj79fxazEsWwTeFJP1pfub38aF6BkjCcxY6WNYMPYg4H8WeDZvJ65bGT3DbzqC64d69GpqAirDqXSMXQyvTESAdvRVkT. I’m devistated and I realize I’m not getting it back, but I’d like to know what happened. If anyone could help I’d be very grateful.

3 Likes

Hard to tell without more details. Which extension did you install into which browser?

There was a fake Firefox extension a while ago (Eternl is only avaible on Chromium-based browsers: Chrome, Brave, Edge), but currently I don’t find it anymore.

There also where multiple fake websites in the past. eternl.io is the legitimate one. (…, but in order to claim the SundaeSwap rewards you would need the extension anyway, since only that has a dApp connector.)

Always cross-check that you are on the legitimate website for example with https://developers.cardano.org/showcase/?tags=wallet, with multiple of the wallet app’s social media channels, with mentions here in the forum, …

Thanks so much for the quick reply! I used the Eternal site, Eternl - a Cardano community wallet, where I clicked on the link to download from the play store. It’s installed on my brave browser. Please let me know what other info could be helpful.

Hmm, that looks like the correct way to do it.

For what it’s worth, https://cardanoscan.io/transaction/fd41701958cdbacc17b29582ffb75d24fa9b56fbb3b5b10832190a586a000e85 is the transaction, where you claimed your Sundae rewards. They come from the correct account, where I also got mine. So, the ISO claiming site seems to have been the legitimate one.

https://cardanoscan.io/transaction/b22f2d5ee08c16106730cd300b631e8b88d8ba1324ea6a83e2bf37c498c66e8c, six hours later, is the transaction, where your funds were stolen.

Did you try anything else before or after importing your wallet to Eternl and claiming the rewards? Did you give your seed phrase to anything else than the Eternl import screen? Any contact to any “support”? Other possibility would be malware on the computer exfiltrating seed phrase or keys, while you interact with legitimate wallet app and site. Haven’t seen many of that, though.

1 Like

The only other thing I did that day with Daedalus is to connect my ledger to it, but it obviously wasn’t connected to anything I did with the stolen ada. I only have a little over 100ada in my ledger.

Oh, and no contact with any “support”. How could I tell if I have malware? I checked the virus scan through windows, and I says no threats detected.

I don’t know that much about malware hunting on Windows. Haven’t used Windows in decades.

Easy to spot would be a suspicious extension in Brave. Or maybe a process in the task manager that should not be there. Don’t know if there are tools to monitor network activity. If it is a malware and you put in a (fake) seed phrase, it has to be sent to the attacker somehow, which could maybe be monitored.

One other possibility that I haven’t asked above: Did you store your seed phrase offline or somewhere on the computer, maybe even online?

For my personal info is:
DdzFFzCqrhstTj79fxazEsWwTeFJP1pfub38aF6BkjCcxY6WNYMPYg4H8WeDZvJ65bGT3DbzqC64d69GpqAirDqXSMXQyvTESAdvRVkT a valid cardano wallet?

Yes, it is a valid address:
https://cardanoscan.io/address/DdzFFzCqrhstTj79fxazEsWwTeFJP1pfub38aF6BkjCcxY6WNYMPYg4H8WeDZvJ65bGT3DbzqC64d69GpqAirDqXSMXQyvTESAdvRVkT

It is a Byron address. Those addresses were used before stake pools, delegation, etc. were introduced with Shelley and the addr1… and stake1… addresses.

More specifically, it is the variant of Byron addresses formerly used by Daedalus, which contains an encrypted form of the derivation path of the address. Yoroi used a different variant starting with Ae2…, which does not contain that information, but just the public key hash.

See https://input-output-hk.github.io/cardano-wallet/concepts/byron-address-format and https://input-output-hk.github.io/cardano-wallet/concepts/address-derivation.

Great, thanks for the info.

Wait was your ADA on your ledger? If so they can’t take the funds without signing with ledge. Did you enter your seed phrase online for eternl? If so you should never enter seed pharse online. Just pair with your ledger

No, that wallet was not the one attached to my ledger. I did enter my seed phrase to import my daedalus to Eternl. I only have a little over 100ada on my ledger. The 13,600 was just in daedalus alone. Ive always known it was dangerous to enter my seed phrase online, but how else could I pair it? I hate that I couldn’t collect my ISO rewards on SundaeSwap with daedalus alone. So now I’ve lost 13,600ada for near worthless 400 sundae. Trust me, I know it’s my fault. I hate myself for not just leaving the sundae alone. In the future (not that there will be a chance since I’m so much worse off now than when I bought the ada, and have been selling crypto just to pay my bills), all of my crypto will be going onto my ledger.

I never store my seed phrases online. I keep 2 notebooks with identical info; one is just a small paper notebook, and the other is one of those stonebook notebooks made for storing crypto info. I keep them in 2 different places in case something happens to one I’ll have the other.

As far as Brave goes, I’ll look on that computer to see if I can figure something out.

Again, I want to thank you for helping me try to figure this out. I’ve been beside myself, and feel like a complete failure. Just talking about the situation is a bit like therapy, so thank you!

1 Like

So you orginally had a wallet created in Daedalus, then imported that seed phrase in Eternl. But then you mentioned connecting your ledger to it. This is a bit confusing. You can’t actually “pair” your ledger with an existing wallet. Pairing your eternl will simply use your ledger wallet in eternl. It’s like creating a new account/wallet in eternl.

That was another wallet with less ADA. She just listed all the operations done on Daedalus. The main one with the 13k ada was not a Ledger wallet:

1 Like

There should be a mechanism to recover stolen funds with a valid claim. I understand Blockchain is decentralized, and no one can control the account that stole the funds. But until we solve real issues like this, it will be difficult for people to trust and use Blockchain.

1 Like

Valid point, but it will not happen.

There would have to be either a centralised entity which decides what a “valid claim” is or there would have to be votes either by all ADA holders or by the block producers on which transactions to roll back.

Something like that happened on Ethereum when they rolled back their DAO disaster, but that was a once in a lifetime event and not something they will do for your daily scam.

Censorship resistance is one of the pillars of crypto currencies that many, many proponents are very proud about. We have to be honest that this also means that the bad guys get this resistance to censorship.

And if that hinders mass adoption – and a lot of crypto critics claim just that, that it is not practicable for the large majority of people that they cannot get frauds rolled back, that they cannot appeal anything, that the traditional system of fiat money and banks is much better in that regard – then so be it.

2 Likes

Rolling back a Blockchain removes one of its significant attributes: immutability. However, you cannot expect the everyday person to be a cybersecurity expert. Applications on Blockchain or anywhere else succeed because users feel safe using them, besides being easy to use. Currently, the only people who feel secure using Blockchain applications are those ignorant about the risks or the tiny minority (i.e., yourself) who actually understand the tech. One way of resolving this is to educate the average person on cybersecurity (I don’t think it will happen for a lot of reasons) or create applications with the majority of people in mind and protect them by minimizing the app’s capabilities. Maybe, have an advanced user version and a basic one.

I was under impression that Etrnl wallet doesn’t support Byron era addresses and just opens new wallet instead if you try to recover old Byron wallet. I just recently started testing Etrnl so I may be wrong here.

@Meow_Mix
Can you please try to restore Ddz… wallet in Yoroi and see if funds are there? Long shot, but worth a try.

As for free Windows malware removal I use AdaWare. It’s the only one that caught zero-click virus from Telegram (that’s when I stopped using Telegram). I use free version from them on PCs that have Windows 10 and 7.

Note: Has ADA in the name but has NOTHING to do with Cardano. I been using them before Cardano existed :slight_smile:

1 Like

Yes, of course, only Daedalus, Yoroi, and command line still have limited support for Byron.

That is not an address of @Meow_Mix:

“received”

I would think it’s the exchange the attacker used to cash out.

My guess is that it is MEXC, since there are quite a lot of transactions involving MELD and Wingrider tokens and MEXC is as far as I can see the only CEX that has both.

2 Likes