Is NAMI Wallet hacked??

Lots of users are complaining that either coins are simply disappearing from their NAMI Wallet or been transferred to a scammers wallet:

  1. Indepth summary: [Serious Issue] Funds been incorrectly transferred to someones else wallet!!! Nami Hacked?? · Issue #257 · Berry-Pool/nami-wallet · GitHub

  2. 100+ Issues And Growing: Issues · Berry-Pool/nami-wallet · GitHub .

  3. More reviews on google chrome extension page: Nami - Chrome Web Store

Click on Reviews tabs > Sort by Recent

  1. Official twitter page: https://twitter.com/NamiWallet/ , please read comments.

The developer of NAMI Wallet is a college kid and he is not responding to any issue. Can someone please contact SundaeSwap team and ask them to remove NAMI Wallet from their website until this critical issue is fixed?

I don’t see anything suspicious in that transaction. He did some transaction with SundaeSwap, like obviously everybody did, the past 24 hours. The target address is the SundaeSwap smart contract.

As for the reviews: As can also be seen here in the forums, when something is not running as smoothly as wanted, everybody screams “Scam!” the next minute.

Heck, noone forces you to try trading Mickey Mouse money on the first day.

Did you even read the actual issue?

Since you have posted both here and in github thread linked above in first link, the issue owner has already replied to both of your comments on github.

Oh, I read it in much detail.

The transaction he claims to be fraudulent is: https://cardanoscan.io/transaction/b848175625866e1ef829d39ad0edc7b81a96fa6c3de70cc75e6172a996815dfe

He thinks it’s suspicious that part of the ADA came back to his address, which already shows that he has very little knowledge about how this whole thing works, but anyway.

The target address, which he accuses to be a “scammer”, is: https://cardanoscan.io/address/addr1wy2mjh76em44qurn5x73nzqrxua7ataasftql0u2h6g88lc3gtgpz

It says “Contract” in not too small letters as the main heading. There are an impressive amount of transactions in and out (out would be kind of strange for a scammer, wouldn’t it?) in the last hours/days. So let’s look back at his transaction at the metadata:

Looks like an order for “worldmobiletoken”, doesn’t it? (Are they so cheap that 4.1 ADA are a realistic price?) The thing at key 1000 is his address in hex, the thing at key 1002 is the policy ID of “worldmobiletoken”, 1003 is the asset name. 1004 and 1005 look like amounts.

But let’s look at another – supposedly successful – swap:
Someone sends 1942.1 ADA to this “scammer”: https://cardanoscan.io/transaction/791fbf8842607f53b23d0295e7e6a65596ffa7e23e6de03721020e807f6b6515
With something in the metadata that looks suspiciously like an order for “SUNDAE”s:


And four minutes later, the “scammer” sends 2000 SUNDAE and some accompanying ADA back to this very same address: https://cardanoscan.io/transaction/84bd80ec88e8925c4c69116e759888dc46565b3c5509dbde09d3df70fc07b1a2
So, key 1004 seems to be the amount requested in fractions of a token. Can’t make sense of keys 1001 and 1005 up to now.

This is not a scam. This is SundaeSwap doing its thing. (If the whole token trade/gambling makes sense is another question.)

Having questions is okay. Unfortunately, we also find a lot of scams/hacks/malware attacks, when looking at these things.

But accusing Nami of being a scam with so little insight is just not okay.

2 Likes

It is a big issue, I have the same situation fund despaired in the wallet without explanation. SundaeSwap need to remove them until they fix the problem and return the fund

From the things I have seen the last days, the most likely explanations are:

  • It is all still just slow and the view in your wallet app is not fully synced. Look up your addresses at cardanoscan.io if the balances and transactions are off there, too.
  • You have been scammed by one of the zillion scammers active in this whole affair, given your seed phrase to a fake website or to some person over one of the communication channels. That’s bad, really bad! Sorry!
  • You did an order on SundaeSwap and the transaction got through much later, but the order could not be completed (up to now). Funds did disappear into the contract. Order can be cancelled on the order page in SundaeSwap. The transaction for cancelling needs collateral being set (creating the order does not, as far as I can see). It all might still be a bit slow. It is for me.
  • You did restore/import the wallet, but the seed phrase was not correct. You see an empty wallet without transactions or the wrong wallet with wrong transactions. Happens surprisingly often. Only solution is to find the right seed phrases. Variation: You used the multiple account feature of Nami or ccvault and did not recreate the subaccounts in a restored wallet. Just recreate them.

None of this is really Nami’s fault and in none of these cases they can return any funds.

Granted, the documentation could have been better, but that’s about it.