All my ADA stolen from Daedalus!


#1

Hello everyone, today I found my account empty. All my ADA coins were withdrawn from Daedalus on 14 Sept 2018 to an unknown address ! I am a beginner and I don’t know what to do and to whom I can report my issue, help please.


Paper wallet should be off line genration
#2

What was your account address?


#3

Did you do a transfer before making your discovery?

If so, it is highly likely that your funds got moved to a new address, which is still associated with your Daedalus so you haven’t lost your ADA. They just moved to a new address, which can be accessed through your Daedalus.

Your old address would show a balance of zero.

Just do me a favor and log into your Daedalus and see if you have your ADA accounted for there.


#4

Hi ADA_Fan,
I did not made any transfer from my account, only deposits!
My balance is not zero - it’s 0.0275 ADA, and my coins were sent to 2 unknown addresses!
My address was DdzFFzCqrht3LjgbDK5ZRRXeCa3nJNRQKjf7YAgkWfMrg7aSWMBa8t9isjBvso7rDaUCcHxn5N3vpioB8eoaZ9Afb7C8joeuZYXMPCMT


#5

What do you see when you log onto your Daedalus? What’s the balance there?


#6

0.0275 ADA


#7

Do you remember installing any suspicious software on your computer before the 14th of September? What operating system are you using?

I’m sorry to hear that you have lost your ADA. This is very worrying and highlights the importance of having the ability to create offline wallets which is not currently possible.


#8

I see 10 withdrawls from that address ranging from 890 ada to less anyone else see that?. Can you confirm what the original balance i saw there?


#9

the original balance was 6000 ADA :confused:


#10

There are paper wallets available, so that’s an offline wallet, having ledger support would be really nice though.

That’s rough man, did anyone you know have access to your computer?


#11

If it wasn’t you and you don’t suspect someone physically accessing it (unlikely), then your computer is probably compromised. I guess that ADA was the only valuable thing on there, right? Or do you have other crypto keys on there?


#12

Whilst the current ‘hot’ paper wallets that you can create offer greater security than leaving your private keys on your computer, they do not strictly fit the definition of an offline wallet and therefore lack the security benefits that true offline wallets provide.

  1. Hot paper wallets - wallets created on a device that has been exposed to the internet at some point (even if only for a second - during this time a malicious online based attack is possible). The current Cardano paper wallets fit into this category as you must sync the blockchain (connect to the internet) before being able create a wallet in the Daedalus GUI.

  2. Cold storage paper wallet - a wallet created on offline ‘airgapped’ computer/device which has never been exposed to the internet. (this removes the online attack vector)


#13

Nobody else can access my computer, obviously my PC is compromised, and I’ll reinstall all. In the future I’ll deal only with coins that can be stored in cold hardware wallets, lesson I learned the hard way!


#14

Or, you know, follow standard security practices and don’t get hacked.

FYI, if someone can access your Daedalus key, it’s reasonable to assume that they can also access all other files, log your keystrokes and see your screen. So personal data is also at stake here, like credit card info.


#15

I am sorry you have lost your ADA. We should have ledger support this quarter. Paper wallet is the next best thing but obviously if your PC is compromised you should be extremely vigilant as there is a way to send your coins to a different address unless you triple check your destination address on ledger itself.

The best thing is to have a clean computer.


#16

Thank you @CardanoUmbrella, you are right, i hadn’t even considered the nuance.


#17

But how did you get hacked?do you have a spending password for the wallet?


#18

Yes, I have a spending password, but I had never use it.


#19

Was your spending password stored on anything connected to internet? If that’s not the case, then it has to be a keylogger (everything you type on your keyboard is saved and seen by a hacker) and your computer is owned, and you need to format it and change every password of every website.

Would be interesting to know if you visited any unusual site recently, clicked on a shady AD in Google results or on some embedded links submitted on Reddit by users. It’s still the Wild West

On another note, I like to share this hack story because the first guy who answers ( all_is_all_to_all) used to work at a 3 letter agency and gives plenty of great advices to check if you haven’t visited fake websites recently without you knowing.


#20

It seems to me (a complete beginner) that Daedalus is far from secure. I did a recovery exercise on two test wallets and lost the contents in both. I’ve been told ‘it is a known software problem and they are working on it!’
Actually the test contents were trivial but the principal is not. I am hoping that they are somewhere on the blockchain.
i am apparently still using an outdated Daedalus version even after upgrading. I’ve been told to try doing it ‘manually’.
Altogether I am impressed with the reports about Cardano but not with the Daedalus program and am wary about further investment.