Missing 10,000 ADA, have I been hacked?

Hi @headsaflame

I had my recovery phrase saved as a screenshot on my PC

  • Was your seed stored on another PC or on your Mac? Might be worth a shot to check your host files to see if your computer is owned
  • Do you remember the name of the MalwareBytes infection?
  • Were you connected through WiFi or Ethernet at the time?

You might ask for help on Reddit in r/netsec or r/computerforensics (hint they will be more inclined to help if there is a small fee). Even if your coins is not recovered at least you will have some idea who to shake your fist at

Reminder to never write your 24-word seed on anything with an internet connection.
https://www.reddit.com/r/ledgerwallet/comments/7hl539/reminder_to_never_write_your_24word_seed_on/

If you guys want to do more investigating, here is the wallet’s 12 word key phrase:

1 Like
  1. My seed was stored in a folder on my mac as a screenshot.
  2. Malwarebytes found this file: com.genieoinnovation.Installer
  3. I was on wifi at the time

I do not think that genieoinnovatiohm has anything to do w/ the hack. First check whther your Mac was Powered on and that your Daedalus was running when those transaction occured. I would recommend a clean install of ur mac as the backdoor is probably still open. Sirry for the typos but typing from an ipad.

1 Like

My computer was powered on but Daedalus never was running. Are there any logs I can access that will tell me when it was running last? All I see is the transaction and I think it was from a day I tried opening the wallet but wasn’t successful.

Same thing happened to me. Might be some useful info in here for you… but no outcome yet unfortunately.

Very interesting, I too lost my ADA right after updating Daedalus. I may not have been as careful as you were with my key phrases having had them saved as a screenshot on my system, but it’s all felt fishy. I can’t see how someone could have gained access to my system.

1 Like

Do any of you know of a way to scan a whole network for malware? I’m thinking of IoT devices as well like, VOIP phones, printers, smart thermostats. For the computers I can run antivirus on each system manually, but I’d love if there was a way to scan the whole network.

1 Like

Here are my error logs as well:

There are also a bunch of files that are node.pub.x with numbers up to 18, are those files relevant?

Yeah, you need to pack the whole Logs folder.

Yep, you were hacked, but we should find out whether it was a local API attack or a seed stole attack w/ watching address. I assuming local API attack, but we need to check it.

So, pls pack&compress all your log files, as @vantuz-subhuman requested, which are under the %appdata%\Daedalus\Logs

2 Likes

I’ve zipped the whole Daedalus logs folder, hopefully this helps:

If someone recovers a wallet from seed then they no longer need the password - right ?

@_ilap

How was he hacked ? Isn’t a phishing link usually the case ? I doubt someone just randomly hijacked his computer and found his ada seed.

Did anybody know you had ada stored on your computer ? Did you mention in any forums that you had 10,000 ada ?

Of course the original wallet had a password option. I had the very first available version of Daedalus. I did keep getting a virus flag called zum.androm.1 for it though. I contacted Cardano and my antivirus company to stop the false flag.

Thx for the logs. Here comes the result:

  1. Your money was transferred on 23rd of March
  2. Your Wallets was not running on the PC/Notebook from which you’ve collected the logs or the logs were modified.
36ec8336abf51e17b8332782a55d96310bfaacc36093d2deffc54359b8871603   23 Mar 2018 19:02:31 - 10,384.876393 ADA
[launcher:NOTICE] [2017-12-28 13:10:18 EST] Starting the wallet
[launcher:NOTICE] [2018-01-01 12:23:30 EST] Starting the wallet
[launcher:NOTICE] [2018-01-13 09:39:51 EST] Starting the wallet
[launcher:NOTICE] [2018-03-30 10:02:04 MDT] Starting the wallet
[launcher:NOTICE] [2018-03-30 10:08:24 MDT] Starting the wallet

Yes, the password is not required for restoring the wallet.

1 Like

thanks you’re right, I put an edit mark on my previous comment.

As far as I know, no one knew I had 10,000 ADA. I didn’t post publicly about it and have only talked to a few non-tech savvy family members about this.

So the funds were not sent from my computer then. I never changed any of the logs files. Someone must have gotten my 12 word key and restored my wallet.

Not necessary, if your computer was hijacked and you did not set the password, then he/she could just simply copy the Wallet-1.0, Secret-1.0 and DB-1.0 (everything except the blocks) to his/her computer and could easily start a Daedalus and do any transfer.

1 Like