Hello, I downloaded daedalus desktop wallet, sent ada from binance, staked and just open from time to time to see how staking is going. That’s it. And few days transaction was made with my funds…
I don’t understand how this happend. My ada just got transffered to these two addresses -
addr1q80vwwctph4aykcy3nnj5n0mu392cs6cl00l0vhpsr5jp5x7cuaskr0t6fdsfr889fxlhez243p4377l77ewrq8fyrgq3gzy7w
addr1q8usjzgpkrmzjd4x5twqwdm8flk9kny2597xg0q5x9qm468vcmvzl7zcqdjl8tchlx5pudqwwpsh9dw9z62h9x5htz4snxu0kw
I see others had same thing. So it’s a hack and you can’t get back your ada?..
I recommend this to all of our (loyal) delegators, because stuff like this happens a little too often for my liking. In short, put your private key in hardware - don’t give it to software especially not to a phone.
He said he had a desktop wallet, but you specifically mentioned a phone.
Has anyone done security analysis on phones. Specifically a non-rooted Android phone that only has apps installed via Google Play.
Who/What is reading your screen, your keyboard, your memory?
I have recently restored a wallet on my phone. I would like to know if there is any reported cases of this occurring?
Additionally, I would like to know if it would be secure to buy a new phone from a secure vendor and only install Yoroi. What are the possibilities of my funds been maliciously withdrawn by another party with this method. FYI, I live in a country where importing electronic goods (ie a hardware wallet) is not so straightforward, so this option may have to wait a year or so.
HW vs. SW wallet is a general security concern, because the attack surface on software is an order of magnitude higher than on a dedicated chip. In the latter case, the attacker will have to sit next to you and press the buttons on the device because there is no other way to sign a Tx that unlocks your coin - no software attack can do that.
You still have a mnemonic (i.e. 24-words) with your HW wallet, but you only have to touch it once every so many years when you want to replace your device for one reason or the other. This can then be done off-line.
You’re welcome to PM me, in case you’d like me to send you a Ledger. I’d gladly do that if it’s of any help.
You’re welcome to PM me, in case you’d like me to send you a Ledger. I’d gladly do that if it’s of any help.
I think it’s best to buy ledgers direct from hardware wallet manufacturer websites and not random guys on message boards (no offence, this is just something I have heard from numerous sources)
Just one precision though, the security of a hardware wallet is only as good as the security of the recovery seed. If you do the initialization offline and never type it then it’s ok (provided your computer wasn’t compromised beforehand, obviously) but there have been many cases of users being deposessed of their currencies mainly because they believed currencies were “secure in their wallet”.
The fake Trezor app for instance, people downloaded it and tried to “restore” their secure hardware wallet by using their recovery seed. Needless to say, their currencies were then stolen quite easily, without any access to the physical device. The attack vector is a software in this case, and the weak link, the human, as often.