I got hacked via Nami wallet and ledger. All ADA and SHEN were stolen within a second

I just got hacked via Nami wallet and ledger. All my ADA and SHEN are gone within a second. Unbelievable how unsecure NAMI wallet is. I lost a fortune, all my savings in ADA and SHEN of the last 2 years. They first took my SHEN and then my ADA. I dont know what I can do. I reported it to ledger support. Every advice what I can do now is appreciated, I have no clue. I have the transaction hash but dont know if it helps.

Here are the 2 malicious transactions from the hack that emptied my ledger wallet via Nami:
8aa7e8abe958e48285edbaa745e5911616aef3a5b0dc3eba11680afc1298122d
ba0a416396db848f690568a42c3151c66b5af912158cf08e987d00786f4b1b32

I suspect a faked airdrop claim that, I got an airdrop nft in my wallet. Eternl did not work, so I used Nami. The airdrop did not work immideately, so I tried it a second time. After that, I got the answer that I dont have enough money for the trx fees. My wallet was empty. I am completely down. Is there anything what I can do to get the hacker account frozen? It is a nightmare. Why is Nami so unsecure? eternl seems to be much more restrictive. How can a wallet be emptied in such a way without notification of a false trx?

There should be a time implemented to get trx back, eg a few minutes. And a value limit per transaction as a secure setting by users like on every bank account.

As soon as the transaction got confirmed by the network, you cant really do anything anymore.

Id recommand to make a report at your local authorities and hope for the best.

If you had your funds secured with a Ledger, it didnt matter which wallet you were using. Either you had confirmed the transaction by yourself or you leaked your seedphrase somehow. There arent any other options.

1 Like

These are the 2 hackers addresses, the hacker is investing the stolen money in wingriders and minswap. Millions of ADA. Over 2.000 trx only with one of the addresses. The hacker uses a US internet provider for the phishing fake site. Police should act. Both wallet addresses should be frozen immidiately, if this is possible on Cardano.

addr1q9wp5q4zwfnvnqwrcj5l2vqupe2qhy76wka6sd5n4gfgfgh0df2cfl7l0xvs0wsf5pc5rnd3k32adl32mv85r8xp8mnqppg5w8

addr1q82wyku5yc8jvhts98nsze3x7fvqrmmsj77pyxun6p39gaz5dw5f6zqh58cjtxnhjlc85k4ezsxdxdcd4x7wpqpv4ywsjdd4ns

image

This is not possible.

Because you said this in another topic too (Nami Wallet Hacked Stolen Funds - Help Recover Funds and Stop Hacker Solution - #9 by The_Bird), I’m going to reply twice too…

If you use a Ledger HW, you’re probably NOT hacked, but got scammed in signing a tx that drains your wallet. This has nothing to do with the security of the Nami wallet. Did you check in Nami what coins would leave your wallet and did you verify this on the Ledger HW?

There’s kind of a problem with the Nami UI however where attackers try to take advantage of: if multiple coins are sent, Nami could list only a few of them and then something like ‘and 3 other tokens’ (don’t know the exact wording because I don’t use Nami). If one of those other tokens consists of the whole balance, you’re in trouble. But 1) with a Ledger HW, it would be visible there and 2) you say all of your ADA is gone too, so that one would’ve been clearly visible in Nami…

This is one of the reasons of the huge scam fraud in crypto. Second is anonymity with defi systems that allows criminals to increase their stolen money value and nobody can do anything against it. Even if you know all addresses of the criminals.

This situation will be regulated in the near future in the US and EU, cardano is on the whatchlist because of missing security features in their ecosystems. It is ridiculous that nobody can do any action against criminals on the cardano chain. A big design failure.

Wouldn’t call it a design failure, rather a design decision.

Cryptocurrencies are born out of a distrust for authorities. They want that nobody has the power to revert, freeze, claw back transactions, that once a transaction has arrived in your wallet, nobody has any possibility of taking it back again.

The mantra is for you to “be your own bank” and as your own bank you are responsible in the first place for not losing your secrets and not signing transactions giving away your assets as has happened in this case.

You can decide that you find this design decision horrible. There is a lot of advocacy against cryptocurrencies and this topic – that self-custody without any authority that can right the wrongs is actually a bad idea – is, in fact, one of the major criticisms. But that should then be a decision against cryptocurrencies as a whole that should be done before even “investing” in them.

1 Like

It seems that it is you that is missing security features because of blindly signing txs, not Cardano… :man_shrugging:

It’s a thin line between honestly and truthfully emphasising the users’ own responsibility and victim blaming. :thinking:

1 Like

My empathy stops when a victim keeps saying things like ‘I can’t believe how ridiculous it is that Cardano is so insecure, what a design failure’, even after explaining him how it works. If you want to blame someone else, blame the scammer!

1 Like