So I just noticed that about 5 days ago (1/10/25), 90% of the ADA in my Daedalus wallet was unknowingly and not authorized by me was sent to 7 unknown addresses. I usually open Daedalus a couple times a week to sync with the blockchain and check on my staking rewards.
I was pretty surprised last night to notice my balance went from 2K ADA to 250 remaining ADA (dammit).
I have no idea how or why this happened. Was I hacked somehow? Did someone discover my keys and compromise my account? Has anyone else experienced anything like this?
Other than re-installing Daedalus about 18 months ago on a new laptop, I had done zero except for synching with the main blockchain. In late Dec/early January, I did initiate a change in my staking delegate, and at that time I had to use my Admin password to change staking pools…I’m not sure if that’s possibly when I was compromised, but it was all done over my secure home WiFi.
I also know I recently had to update Daedalus, so maybe there’s some bug or other explanation for my missing ADA…fuck-I don’t even know how to report this shit so I can write it off as stolen on my taxes.
When I go to the address tracker-it says then destination addresses aren’t valid (see attached photo of what comes up when I click on one of the 7 destination addresses). Is it possible there was some error or incorrect transaction or my info was compromised when changing staking pools from within the Daedalus application?
Anyway-here is one of the problems with a blockchain system-other than a general support forum-there’s nobody to call to reverse a fraudulent transaction when it occur and assist with locating and shutting down hacker thieves…
Here’s an image of what I get when in click on the destination addresses-anyone have a similar experience or have ant suggestions? This is a big hit for me…
How do you think this happens? Wouldn’t someone need both my private keys and my like admin/sending password to transfer funds out of my wallet?
I did not see this coming at all…and I’ve only entered that admin password 1 time recently to change staking pool. I hardly remember it at all-WTH?
Did you store your seedphrase (24 words) in a digital way? Like did you make a screenshot of it or stored the words somewhere in a file on your computer/cloud?
Nope. If the attacker was able to get your seedphrase, he can simply use that to restore your keys. And the spending password is only needed because you are encrypting your keys locally.
To prevent such a case again, i would really recommand to get a hardware wallet.
Closing out on this thread….I couldn’t recall where I stored my Daedalus Wallet Seed Phrase-I found it. It was stored as an image/screenshot in my hidden (requires Face ID to access on phone) folders photo album on my phone and possibly iCloud (I need to check if this backs up to iPhotos/iCloud).
Just leaving this as note of caution to anyone who might read this and thinks their seed phrase is safe in their hidden folder of their Apple photos albums-apparently it’s not.
Damn-I hope all the dirty photos and videos of me and my girl are not at risk also . I’d be less upset at those being leaked than I am for being hacked for 1650 ADA…
By the way, these are not seven wallet addresses.
The hacker has sent 1,650.189745 ADA to the wallet address: DdzFFzCqrhtA9YRafpJEuBesWsX4YwqkzKMUuSED1tpP5FNyLXb9Xtm61oUCjBdmYhAUHfnrWLTV6ZGkngBeVVpcHgCBGsnSfqNN2RTa
The other 6 wallet addresses belonging to your account. These are not 6 wallet addresses. It’s 6 times the same wallet address: addr1q8u8yjydynkyew2mwvvl37e9g9t38ul8q70yyyzwzg4dkf6emtkgeymeryqxcd8qt0grd4r6e7zzae7mue4qa6zz6qhqwda6tg
I think the hacker has sent your funds directly to an exchange address, because many of them are still using the old Byron legacy addresses, which are starting with DdzFF…
You should get in contact with your local authorities as soon as possible.
@Zyroxa
Can’t Xerberus help in such a case like this with their tool Siren?
. I’d be less upset at those being leaked than I am for being hacked for 1650 ADA…