I just got hacked via Nami wallet and ledger. All my ADA and SHEN are gone within a second. Unbelievable how unsecure NAMI wallet is. I lost a fortune, all my savings in ADA and SHEN of the last 2 years. They first took my SHEN and then my ADA. I dont know what I can do. I reported it to ledger support. Every advice what I can do now is appreciated, I have no clue. I have the transaction hash but dont know if it helps.
Here are the 2 malicious transactions from the hack that emptied my ledger wallet via Nami:
8aa7e8abe958e48285edbaa745e5911616aef3a5b0dc3eba11680afc1298122d
ba0a416396db848f690568a42c3151c66b5af912158cf08e987d00786f4b1b32
I suspect a faked airdrop claim that, I got an airdrop nft in my wallet. Eternl did not work, so I used Nami. The airdrop did not work immideately, so I tried it a second time. After that, I got the answer that I dont have enough money for the trx fees. My wallet was empty. I am completely down. Is there anything what I can do to get the hacker account frozen? It is a nightmare. Why is Nami so unsecure? eternl seems to be much more restrictive. How can a wallet be emptied in such a way without notification of a false trx?
There should be a time implemented to get trx back, eg a few minutes. And a value limit per transaction as a secure setting by users like on every bank account.
As soon as the transaction got confirmed by the network, you cant really do anything anymore.
Id recommand to make a report at your local authorities and hope for the best.
If you had your funds secured with a Ledger, it didnt matter which wallet you were using. Either you had confirmed the transaction by yourself or you leaked your seedphrase somehow. There arent any other options.
These are the 2 hackers addresses, the hacker is investing the stolen money in wingriders and minswap. Millions of ADA. Over 2.000 trx only with one of the addresses. The hacker uses a US internet provider for the phishing fake site. Police should act. Both wallet addresses should be frozen immidiately, if this is possible on Cardano.
If you use a Ledger HW, youāre probably NOT hacked, but got scammed in signing a tx that drains your wallet. This has nothing to do with the security of the Nami wallet. Did you check in Nami what coins would leave your wallet and did you verify this on the Ledger HW?
Thereās kind of a problem with the Nami UI however where attackers try to take advantage of: if multiple coins are sent, Nami could list only a few of them and then something like āand 3 other tokensā (donāt know the exact wording because I donāt use Nami). If one of those other tokens consists of the whole balance, youāre in trouble. But 1) with a Ledger HW, it would be visible there and 2) you say all of your ADA is gone too, so that one wouldāve been clearly visible in Namiā¦
This is one of the reasons of the huge scam fraud in crypto. Second is anonymity with defi systems that allows criminals to increase their stolen money value and nobody can do anything against it. Even if you know all addresses of the criminals.
This situation will be regulated in the near future in the US and EU, cardano is on the whatchlist because of missing security features in their ecosystems. It is ridiculous that nobody can do any action against criminals on the cardano chain. A big design failure.
Wouldnāt call it a design failure, rather a design decision.
Cryptocurrencies are born out of a distrust for authorities. They want that nobody has the power to revert, freeze, claw back transactions, that once a transaction has arrived in your wallet, nobody has any possibility of taking it back again.
The mantra is for you to ābe your own bankā and as your own bank you are responsible in the first place for not losing your secrets and not signing transactions giving away your assets as has happened in this case.
You can decide that you find this design decision horrible. There is a lot of advocacy against cryptocurrencies and this topic ā that self-custody without any authority that can right the wrongs is actually a bad idea ā is, in fact, one of the major criticisms. But that should then be a decision against cryptocurrencies as a whole that should be done before even āinvestingā in them.
My empathy stops when a victim keeps saying things like āI canāt believe how ridiculous it is that Cardano is so insecure, what a design failureā, even after explaining him how it works. If you want to blame someone else, blame the scammer!
