I found out that my YOROI wallet has been hacked by someone and lost all my ADA. They all have been moved to this address listed below, listed is the path the tokens were moved
First xfer to:
DdzFFzCqrht85GCz9AGXCUpbuUv8YqiB5t9RtXwC76iEXYzQCrUfccMh2NdyiVU318dSDuqgnTi7xMxKJc53nRZ7gsjQ5hHWDJQXQ2AL
Second xfer to:
“DdzFFzCqrhszAisfe4k7wNnA8Ue4L3AyHVpdeewZkyrfScRqRptz6RxzzVdbvYNscoq7cWyz69sECE2tKwC7gKFiqu5dzLZfTs3ez1xy”
Which i found from Blockchain tracing the transactions…Is there any way for me to identify which exchange this address belongs to ? , so i can reach out to them and see if my tokens can be recovered?
Any help would be greatly appreciated.
It was my mistake to store the seed phrase in an online storage service without any encryption. Lessons learned.
Thanks for sharing how the seed could be taken by someone else. Yes, writing down on a paper is the best way. Since you dont need to recover a wallet so often.
Hello, It seems that I experienced the same issue at Yoroi wallet. I delegated 54K+ adas since february and I had 400 app. ada’s reward in my balance. Today the reward is “zero”, as I would widthrawed them.
It is very disappointing to deal with this matter, I use 2FA and Yubikey in another exchanges and this wallet does not work with of them…
I’ve already contacted to support of Yoroi, hopefully they could have an explanation or solution, if not I´d have to quit.
Always in a piece of paper…never in the pc. Never been disclosed to any other party.
Pls help me out with this matter, and tell me if a hacker has done it, the full balance is in risk ?
Hi, thanks for sharing your unpleasant experience. I am experiencing similar case from my Yoroi Wallet while staking in Pilot Pool. I am still waiting for the customer support’s response but there was in-wallet transaction before the ADA was sent to unauthorized address.
@handiman what’s your address, we can take a look at the blockchain to see what the in-wallet transaction was about.
Regarding the funds sent to an unauthorized address, most probably nothing can be done to retrieve them Check for other options like if it is possible to report a theft to the authorities etc…
Yoroi doesn’t need two factor authentication you may have misunderstood the concept of paper wallets.
You generate 15-24 words. At some point you have exposed them. This could be from typing them into a fake app or exposed via weak computer security. Adding two-factor would not add any more security to the wallet as once those words are known by someone else the whole wallet is exposed.
The words are basically a super long and secure password only the owner should know
Please follow these best practices:
You never share those words.
Avoid typing out all words in full, click the words as they appear when typing them into your wallet software such as Yoroi.
ALWAYS double check the app or wallet is official for example Yoroi has links to there official apps follow these. Don’t search directly on the app or play store as scammers can post apps that look official.
Avoid posting information about how much ADA you own, not even on these forums.
@Jack7E When talking about some kind of 2-factor authentication, I assume people mean to prevent infected computers from emptying the wallet by sniffing or guessing the spending password and decrypting private keys.
Ture, it would be a good idea to implement a method in which the seed phrase is encrypted on the device by both a password and two factor authentication. But at this point the user is probably better off using a hardware wallet. I agree with the users frustration, but I don’t blame it on a lack of 2FA its unfortunately due to poor practice on the users side. They have managed to expose their seed either via a key logger or a poor password. If the case is the latter the first step would be to ensure that the official wallets do encrypt the seed phrase with the users password and that the chosen password is verified by a strong password policy.
Just opened Yoroi on Android to see how my staking was going…and found my entire balance has gone.
I was hoping to see delegation progress at Cardanians.io. But there’s nothing.
All 30,110 ADA were sent on 25 Oct via transaction ID e65d00e9d7254b2454ee129f2201b4049cfa96d88cdd5b4bf1b41bfb1f54d62b
to addr1qx2grpraxlm…w2zy9389hsxr4tlf
then to
addr1q88npsh67hn…tz24684zps9c5hpy
Nobody knows my spending password or recovery phrase.
The only place I pasted the 24 word recovery phrase, there is a cut n paste error—it only has 23 words.
This is a serious security issue with the app. I have done nothing wrong or insecure, other than use the Yoroi app to store and delegate ADA, and now it’s all gone. I had held it since 2017.
Any ideas, anyone? I see there are a quite a few other victims.
Check for other options like if it is possible to report a theft to the authorities etc…