My ada is gone in daedalus


#21

This is directly from IOHK:

Highlighting three points:

  • Be careful about downloading and using software to avoid hacking
  • Be careful about clicking on links/pictures with links in emails to avoid hacking
  • Do not keep a record of your 12-word Daedalus wallet recovery phrase on your machine

…people do report instances of theft/hacking to us.

TAKE AWAY:
YOUR computer is not secure.
IF you are online your computer is infected.
The more activity you do online, email, or viewing this post means YOU ARE NOT SECURE.

Read this:
Glacier is the step-by-step protocol for storing Bitcoins in a highly secure way, offline.
https://glacierprotocol.org

I know it is for Bitcoin users, Bitcoin has been around a long time, seen it all, this is one of the best ways to protect yourself. Read the steps taken in securing their Bitcoin; why go to such lengths? BECAUSE COMPUTERS ARE NOT SAFE.

Suggestion, get yourself a low-cost computer capable of running Daedalus, like a Udoo, no wi-fi or Bluetooth, and dedicate it to one thing, running Daedalus. Think of it like a strongbox for your Ada, put https://www.qubes-os.org on it for good measure.

Or believe your online surfing, emailing, wi-fi, Bluetooth computer is safe, it isn’t.

In closing IOHK has this to say:

  • It’s your responsibility to become informed about the risks around using Ada, and stay up to date on those risks.
  • IOHK is not going to return your Ada, we do not have them, you do, and only you can control them, no one else including IOHK has control of your Ada.

Added 2019.01.22
A lower cost dedicated computer suggestion is the Atomic Pi, around 35.00 USD:
https://digital-loggers.com/api.html

You will need a power supply, keyboard and monitor (TV), for 35 it is a good deal.


#22

We really need to do a better job of educating people about how to protect themselves. You can’t “be your own bank” if you’re going to open the vault doors to anyone who comes in off the street wearing a fake uniform. In a way it’s a real shame that cryptocurrencies became so valuable (or rather, so expensive) so fast because it’s clear the general public is still nowhere close to being ready for them. And we haven’t done enough to get them ready.

If you don’t know to NEVER run attachments from strangers on the internet, then you simply are NOT ready to put any money in crypto at all, and certainly not huge amounts of money like we’re talking about here. You need to learn basic digital self defense, and that has to come first.

Of course, this is more a general point and it might not apply to OP at all. But if those ADA were indeed stolen, this is by far the most likely scenario of how it was done. And unfortunately there’s nothing anyone can do about it. All you can do is report it to the police.


#23

I want to know if you have installed any suspicious software before? Is the place where the private key is stored safe enough?


#24

Yes he did, a mobile version of Deadelus two months ago (scam of course). He started a topic in korean about this 21h ago. Translated it with Bing but don’t know how accurate it is. 제 다이달로스 지갑에서 모든 코인이 다른계좌로 이동되었습니다


#25

Safe enough for running a bank, NO.

The location of the private key(s) is know to all:

C:\users\%username%\AppData\Roaming\Daedalus

Secrets-*
Wallet-*

Basic digital security for a defended wallet, in my opinion, is at a minimum running Daedalous on a detected machine, that only runs that wallet, virtualization is not safe enough, a notable exception is Qubes-OS.

This is worth your time to read:

My world wide web OS is Qubes-OS, running on my “un-secure laptop”, Daedalus is installed in one Qube that holds my Ada spending wallet for the month.

Aside:
IOHK provides Daedalus installer integrity in the form of PGP signature, how many of you verify before installing what IOHK intended to deliver to you?

Ask yourself why is IOHK providing this?

Directly from IOHK:

You should be aware that by using Ada there is a risk of theft/hacking and people do report instances of theft/hacking to us.

Right now your computer is comprised.
Admitting that is a good start.


#26

The private key is encrypted with the spending password. If people practice good personal computer security habits and prevent a keystroke logger malware attack (including other viruses), then their funds in Daedalus are very secure.


#27

Hi Taeha,

I’ve just discovered that all my ADA was stolen too. 100K Ada was sent by someone to the same address visible on your screenshot on 20th January 1:31 AM.
Could you please give an update if anything can be done to get it back?

Many thanks,
Zsolt


#28

Wow… That’s horrible man… :hushed:
I’ve been scammed in 2017 with some Fake My EtherWallet update… I was in a hurry and just followed the link and ‘logged in’… It did cost me like € 100,- but was a very valuable lesson. But the amount of ADA you lost here is crazy. It makes me feel so sorry for you. Also it makes me very mad at those #@@#% scammers… :grimacing:


#29

Did you restore your Daedalus seed anywhere else (esp. a fake android app by name of daedalus) ?


#30

No, I didn’t. I have no idea how they could hack my wallett.


#31

I thought Daedalus is a secure way of storing my ADA. This is terrible…
Is there any way I can get back my ADA?


#32

It is disappointing About its answer.

plz check my attachment


#33

i dont know

im on panic


#34

Hi, Taeha.

This sounds horrible. Please, try to remember the process how you created/obtained your wallet. As mentioned above - did you create the 12-world passphrase yourself? If so, is there any possibility that someone else could get to know it (read it written down somewhere perhaps)?

Second point, as already asked by someone above - try hard to think if you installed some weird software (there was a fake Daedalus update advertised on Twitter by scammers) or open some strange e-mail attachments?

Which OS are you running? Probably Windows 10, I guess?


#35

Things like these make me really nervous. I hope they roll out the Ledger Nano support soon - that will easy my mind a bit.


#36

i quit cardano

because Sacrificed without compensation

i dont want to reply this issue anymore


#37

I’m so sorry to hear this happened to you. Did you have your spending password enabled? Also was the computer on but unattended when this happened like in the night while you were asleep?


#38

This is terrible. I’m very sorry for you.

This is also a very bad PR for Cardano. I’m not going to invest until I have a reliable storage like Ledger for Cardano.

If Cardano team is really serious about the development they should first figure out an easy way to prevent hacks other than just paper wallet.


#39

You still don’t know what happened.
Did some software install without him knowing it? Did he use a password?? How was the wallet created?, etc. etc.

I would like too know these things before telling Deadalus is unsecure.


#40

This is a user error issue. Cryptocurrency requires a degree of personal responsibility. If you download malware and loose your ADA there is nothing anyone could do to recover that. The only way to do that would be to reverse the transaction which tarnishes the immutability of the ledger. Daedalus is secure in it’s design but cannot protect against a user error like this. What happen in this case was the user essentially gave away their key to someone and that person used the key to steal the funds.