Hello Guys.
I’m using Daedalus Mainnet since August '20, as wallet and of course for staking my ADA to pools.
Yesterday I saw a transaction to an unknown address to me. I was curious because all my Ada was transferred there and I made a search on Cardano explorer.
I Found that there are a lot of transactions made with this address as a receiver.
If you don’t understand what’s going on… me neither. I mean… I didn’t make any transaction or use any unauthorized app/program. Moreover, no one has access to my computer, my codes and of course me recovery phrase key. It’s really difficult to be hacked.
I Can’t understand what’s going on. It seems to me like this transaction was made automatically from someone.
I can’t imagine that my ada just sent to someone and that’s it… I mean if we are not safe on Daedalus wallet then what?
Do you mean in a cloud base ? like Google Drive ? No, I have it on my sticky notes. But it’s impossible someone hacked me. I would have notice it. Due to my job I have strong security cause I must protect a lot important documents.
From your description it very much sounds like your funds are gone.
There are common scams like:
A fake Cardano Foundation website, which links to a fake adalite website to restore a wallet where it claims the end user will get a higher staking reward through the CF. Infact it’s just a fake website where keys are given to criminals.
many fake giveaways tactics which require end user to send ada to another address
fake giveaways that require the end user to enter a seed phrase.
people impersonating officials from the CF or ambassadors that send the end user to fake websites to get the seeds entered.
ledger was recently hacked and peoples private details taken - there are many fake emails going out, acting as ledger asking people to update etc. with a link in the email for users to select. - these links are malicious files for the end user to download to their computer or websites where seed words are required.
There are more scam tactics, these are just a few of the common ones
@Lgbeano hello, nope I haven’t used my seed phrase anywhere.
Moreover I don’t came across with any of those scams. I just had my ADA on my wallet that’s it. I’m a holder and i don’t care for competitions or anything like that. I’ve just linked in yesterday and i saw this transaction. I don’t have ledger either.
So if I lost my Ada without doing anything I guess I’m not safe at daedalus. Someone should be responsible for that. You are telling me that we don’t have any security?
Is it possible the pool that i’m staking my ada to be hacked and that’s why i lost my ada ?
You are 100% responsible for your own crypto, there is no one else to be responsible for it, same as holding cash.
Your crypto is never in a wallet, only on the blockchain, you just use any wallet that supports ada to see and control your funds.
You mentioned keeping your seed words on a sticky pad on your computer, that is extremely risky behaviour and might have something to do with your loss of funds.
As I said, I would have noticed if someone hacked my pc. Moreover you need the password for a transaction to be performed and that password is on my mind
As an aside - wasn’t it mentioned before that a lot of transactions went to this particular address? Can’t check right now myself. Also why was the comment deleted - am I hallucinating?
EDIT: Ok found it.
No, if you have the recovery phrase you can restore the wallet anywhere. Anyone correct me if I’m wrong but I recon the spending password is just to protect the local wallet.
Ok then if your computer got hacked the attacker could have gotten the recovery phrase and restored your wallet on his computer, then transferred the funds. Since Windows is not known to be Fort Knox now the task would be to confirm this/ find out how they did it.
You do not need your spending password if you get access to the seed words, the person just creates their own spending password.
When you use your seed words, it basically locates the private and public key on the blockchain which is in control of the ada within that wallet. You then need to encrypt that private key on your computer, that is the spending password… so everytime you make a transaction away from your wallet, you need to decrypt the private keys, done by entering your spending password.
So if someone else enters the seed words into a wallet, they gain control of the private keys and encrypt it with a password of their choice for that device. That is why your seed words are unbelievably important and private, storing them on a PC is strongly not advised.
As an aside - wasn’t it mentioned before that a lot of transactions went to this particular address? Can’t check right now myself. Also why was the comment deleted - am I hallucinating?
yeah you are right there are a lot of transactions to that address
What browser do you use? Do you have noScript active?
Did you have latest updates installed?
What software do you have installed? Complete list would be useful. Maybe you could even sue (if you could contact the other hacked people and find an overlap in software). But that’s a moon shot bet from my side.
Am no security expert but it sounds like you got swept up in a hack. So now the task would be to find out where the hole was.
By the way you mentioned that you use both Windows and have strong security. That does contradict in my view. Qubes OS on certified hardware is strong security. Airgapping is strong security. Any other MacOS/Linux I would deem acceptable security but again am neither an expert nor do I want to start a debate.
EDIT 2: any other current and fully updated*
EDIT are you also 100% sure your sticky notes app does not backup on the cloud? Or some other service backs up your stuff? What’s the full name and vendor of the app?
hi! I just checked my Daedalus wallet on my macbook and saw a transaction that was not authorized by myself, that send all my ada to unknown wallet. I lost everything!! $4k+… Do you get any help from someone?
I have always been a big defender of Cardano and Charles Hoskinson and
held Cardano since 2017. My computer is not was not and has not been
compromised and has 2 security suites running on it. Contrary to what I strongly
believed and was assured of Daedalus wallet is not safe first people assume that everyone
is stupid, there is someone brute forcing Daedalus paraphrases and “getting lucky” then
when someone says I was robbed the answer is always Daedalus is completely safe,
and you let someone get your paraphrase or private key.
I have been holding Ada since 2017 I got a new laptop this year put a brand new
Daedalus wallet and sent the Ada to the wallet from old wallet new meaning not
restored so the transaction cost to send to a total exchange of wallets.
On 8/04/2021 at 4:28 Am I was robbed. I am old but up at 730 Am I was still very much
asleep when this happened.
My paraphrase my laptop and my private keys are totally guarded and no one but me
has access. SO no one should assume I wasn’t tight security, I see always
people say couldn’t happen, instead of putting any suspicion on hackers and the security
of the wallet and investigating, if I were designing something I would encourage
any and all people to report the circumstances, so as to inform people of the risks and
to further learn how to protect my supporters. Instead, it seems to fall on death ears
at best at worst, it always appears that the user is blamed.
There must be ways of freezing your coins on the blockchain and if anyone restores
your wallet through seed phrase they would still need a blockchain password.
Or follow the standards of it taking 20 days to unfreeze your coins when they are staked
that is much less of an inconvenience than loosing 101,308.944 Ada as I did.
Transaction # e248a1faba0b684673508d88f1b04f7c79b19be6e10af645c190820335d3e8a3
