I had my recovery phrase saved as a screenshot on my PC
Was your seed stored on another PC or on your Mac? Might be worth a shot to check your host files to see if your computer is owned
Do you remember the name of the MalwareBytes infection?
Were you connected through WiFi or Ethernet at the time?
You might ask for help on Reddit in r/netsec or r/computerforensics (hint they will be more inclined to help if there is a small fee). Even if your coins is not recovered at least you will have some idea who to shake your fist at
I do not think that genieoinnovatiohm has anything to do w/ the hack. First check whther your Mac was Powered on and that your Daedalus was running when those transaction occured. I would recommend a clean install of ur mac as the backdoor is probably still open. Sirry for the typos but typing from an ipad.
My computer was powered on but Daedalus never was running. Are there any logs I can access that will tell me when it was running last? All I see is the transaction and I think it was from a day I tried opening the wallet but wasn’t successful.
Very interesting, I too lost my ADA right after updating Daedalus. I may not have been as careful as you were with my key phrases having had them saved as a screenshot on my system, but it’s all felt fishy. I can’t see how someone could have gained access to my system.
Do any of you know of a way to scan a whole network for malware? I’m thinking of IoT devices as well like, VOIP phones, printers, smart thermostats. For the computers I can run antivirus on each system manually, but I’d love if there was a way to scan the whole network.
Yep, you were hacked, but we should find out whether it was a local API attack or a seed stole attack w/ watching address. I assuming local API attack, but we need to check it.
So, pls pack&compress all your log files, as @vantuz-subhuman requested, which are under the %appdata%\Daedalus\Logs
Of course the original wallet had a password option. I had the very first available version of Daedalus. I did keep getting a virus flag called zum.androm.1 for it though. I contacted Cardano and my antivirus company to stop the false flag.
As far as I know, no one knew I had 10,000 ADA. I didn’t post publicly about it and have only talked to a few non-tech savvy family members about this.
So the funds were not sent from my computer then. I never changed any of the logs files. Someone must have gotten my 12 word key and restored my wallet.
Not necessary, if your computer was hijacked and you did not set the password, then he/she could just simply copy the Wallet-1.0, Secret-1.0 and DB-1.0 (everything except the blocks) to his/her computer and could easily start a Daedalus and do any transfer.