Ada Stolen from Yoroi wallet… help

Hi guys,

I’m quite new to crypto, I created a yoroi wallet on my iPhone a few weeks ago. After delegating to a stake pool I couldn’t see the rewards and so a few days ago I decided to check via my laptop . Using my brand new laptop using edge yoroi extension, I restored my Shelley wallet using the 15 word seed phrase saw my 5000 ada was there but I still couldn’t see rewards I researched a little further and found out after a certain number of epochs I would maybe see rewards so decided to continue staking.
Today I opened my iPhone version of Yoroi wallet and can see a transaction saying sent the day I used the laptop version and my ada balance is 3 ada it says internal wallet B.

What could have happened?

Any help would be appreciated. Thanks guys. This is soo stressful. Can anything be done or is the ada stolen?

Are you sure about that? As far as I know, Yoroi has always used 15 words and Daedalus has only used 12 words for the old Byron wallets. But that won’t fit well with a wallet just created a few weeks ago.

Yoroi does not even give me an option for restoring a 12 word seed phrase, just for claiming/transferring.

Hard to tell. Do you have a transaction id?

What does the Yoroi on your laptop say? Is there only the one wallet with the Ada missing? Or is there a second one?

1 Like

Apologies I meant 15 words. I have only one wallet. In the sent tab it shows that 5000 Ada were sent to another wallet. I haven’t done any transactions myself. Thanks for reply.

The transaction id I have is

I’m sorry! That really looks stolen.

Went from your account

staked to ITC3 to another account

not staked at all with just a single address in use with several large transactions incoming (presumably from other victims).

There is noone who could undo such a transaction. Perhaps, authorities could help freezing that funds if they try to cash out at an exchange that is in some rather civilised location, but I have no knowledge how promising that really is.

It would not really help you, but maybe others to find out, how that was possible. Usual suspects are a fake Yoroi app/plugin instead of the real one, some kind of malware on the laptop (unlikely, but not impossible on brand new hardware) or the seed phrase being leaked somewhere (picture of it in some cloud storage, accidently posted online, …).

Thanks for taking a look I accept they are gone :pensive:.
However I would like to know how. The extension was after I went to the official Yoroi website and without my spending password and 15 words how this could have happened. I never screenshot the words or put it on my laptop or mobile. I wrote them down in a diary & only used them when restoring the wallet on the laptop.

It so saddening that this happens but I appreciate you taking a look. Thank you.

Did it go because I staked it in the itc3 pool.

That’s not possible. The pools do not get any access to the funds directly.

I would also really like to find out. As you already saw, there are some people to whom that happened.

And it really sounds like you did everything correctly going through the official website, writing down the seed only on paper etc.

Someone must have got access either to the seed phrase or to the storage of the iPhone app or the Edge plugin and the spending password. (The spending password is not needed if the whole seed is known. It is only used to encrypt the local storage of the secret in the app/plugin.)

And their method must also scale somehow. It seems pretty unlikely that they target individual people and put a lot of effort into hacking their individual devices.

You have to be really careful when dealing with cryptos. My suspicion is the Edge yoroi extension you used was bogus. Avoid 3rd party apps like browser extensions even if it looks official if you can download the actual app instead. Try also using other browser or even operating system like Linux for more security. Perhaps you can post a link to the edge yoroi extension so people can investigate further?

While I share the “better be extra careful” sentiment, Yoroi is one of the two “official” clients and its desktop variants are only available as browser plugins, not as “actual apps“.

The link to the Edge plugin is directly on:

Only alternative on desktop would be Daedalus taking 30 GB of disk space and a full day for first startup. …


But that is what makes it hackable. If you click on the download link for Edge you will find the Edge Add-ons is still on Beta stage and I won’t trust anything with beta particularly with crypto. The problem I think is not with Yoroi but with Edge and perhaps Yoroi should implement a dedicated app.
As you suggested Daedalus is the probably the way to go.

EDIT: If you click on the Firefox download, Mozilla adds a proper warning. This just confirms the vulnerability of extensions.

Hi @faretheewell I assumed using something from official Yoroi website would be secure as they should be trying to protect us. Unfortunately I’m not a computer expert and try my best to keep my laptop secure but after this I realise it may not be as secure as I thought although it’s a brand new laptop and has all the antivirus and everything set up.

I’ve read other posts and some people have had ada stolen from Yoroi wallet and not stored seed online or on phones etc. Surely something should be done by Yoroi or cardano to ensure our Ada is safe. It seems as though after taking decision to stake I decided to move it to Yoroi and within days it was stolen.

By any chance @faretheewell @HeptaSean I have the crypto exchange apps on my phone is it possible that my apple iPhone could be infected with something and my crypto stolen from exchanges?

Although I will be moving whatever I have staked from exchanges to my ledger possibly just selling everything and not investing in crypto as people literally stealing other peoples hard earned money with no consequences.

It’s very unfortunate this happened :confused: Unfortunately, there are so many different attack vectors with all devices and wallet types, be it software, cold, and hardware… some just tend to be more secure.

Sometimes it’s really hard to figure out what happened.

Crypto is still in its infancy stage and the responsibility at this moment is mainly on the wallet owner to be very well informed about security risks and to try to mitigate those using best practices. At this stage, it is very easy to lose everything if not super careful. I know this is not of any help to you now… :confused:

1 Like

I have had this same thing happen to me from my yoroi wallet on 12/23.

I’m sorry to hear it. It’s so heartbreaking to suddenly see you wallet empty. I guess storing on the ledger is the best way and moving to an exchange only to convert or sell it. I don’t think I would be staking anymore myself. It just seems too much hassle and too much money lost for investment that is meant to make you money.

Just have to be even more careful now.

If you mean Ledger, the hardware wallet: Yes, that seems to be the best solution.

…, but what does that have to do with staking?

You can, of course, stake while using a hardware wallet. The Ledger only changes where your secrets are kept. You sign that you want to stake with pool X using the Ledger (instead of the secret kept in Yoroi, Daedalus, …). That’s all.

In both cases, the Ada never leave your wallet, the pool operators never get access to them.

1 Like

If you had a weak spending password they could have just bruteforced your wallet if they got ahold of it. I think this is the most likely answer most of the time.

Security just doesn’t stop with your device. It could be a problem with websites getting hijacked. It is possible in your case that the Edge Add-on was hijacked to have a fake Yoroi look-alike add-on itself. You download it and your antivirus and security setup won’t notice anything malicious. That is why I proposed earlier for Yotoi to have a proper download site for desktop where authenticity can be tested by functions like MD5sum or even something stronger, before installation.

I like things to be secure, not just with crypto, so I use Linux and run regular rootkits, test that all unused ports are closed, etc… I also have a dedicated browser (Firefox) where I set the settings to delete all cache and cookies on close and that’s what I use for sensitive web browsing.

Regarding staking, staking doesn’t have anything to do with your problem. It was checking your stakes with another device that you encountered the problem. Staking is fundamentally safe.

1 Like

There is this screenshot malware floating around n hacking wallets

I keep ada in a Ledger - don’t trust these plugins at all , from ledger I am staking on Yoroi


I had my all ADA in an exchange and trying to stake all using yoroi for the 1st time and seeing this issue makes me think a thousand time to do this

1 Like

Yes, keeping it at the exchange might be safer than software wallets in certain aspects. Can’t deny that.

That is, until the exchange gets hacked or otherwise implodes, which might or might not be a realistic scenario.

Judging from the posts in this forum, problems with ADA stolen from software wallets seem to happen much more often than problems with exchanges. Up to now.

Is the MetaMask chrome extension in the same risk category as any other plug in?