this isn’t very helpful - you said “learn from your mistakes” but NOBODY knows what their mistake was - if they never shared the seed phrase or password with anyone and had them well protected, then there is nothing they did wrong.
So what kind of learning from own mistakes is there? Imagine one day you wake up and all your ADA is just gone, you have no clue how, because you did everything right. Would you act any better? What would you do better? What mistakes you would learn from?
His mistake, as others have already said, was that he had a large sum of Ada that wasn’t on a hardware wallet. The assumption that I think is safe to make here is that he stored his seed phrase somewhere online. Whether it was EverNote, or Google Docs, etc. Unless he comes back and refutes either of these, then there isn’t anything more we can do here. But him asking “How can I get my funds back” is pointless.
How a hardware wallet can protect you if u keep the seed words improperly?
first of all there are “2 victims” in this thread, both of them claim more or less the same:
“installed yoroi, staked ADA, properly secured the recovery phrase and never shared it with anyone. Suddenly my ADA is all gone.”
There is indeed no point in asking how can they get their ADA back, but I still believe that for sake of the community and future users it would be great if we could understand how the attackers got hold of their ADA. iPhones are usually well protected and all apps are sandboxed. It’s very unlikely that even if they stored the recovery phrase or password on them (which definitely is not good idea) someone could easily snatch it.
Also hardware wallet shouldn’t be “minimal security”, it’s rather the “maximal one”, even without hardware wallet assuming that recovery phrase is properly stored on safe place it shouldn’t be possible for anyone to “steal” ADA.
These situations are damaging the reputation of whole project and as you can already see people are coming to non-sensical conclusion such as that staking is dangerous and that stake pools can “rob you”. We should do everything possible to prevent this from happening in the future. Educate users about security, identify weak spots and reinforce them, but for that we need to figure out how this happened it the first place and what was the mistake and to be honest, that is still unclear.
Yesterday I was posting lengthy reddit post containing security fundamentals for newcomers, unfortunatelly it was insta-deleted by automod bot, saying it detected it as a beginner question about staking.
At least one person here said that they stored the passphrase in Evernote. If it was a PC, a copy is stored locally and I think unencrypted, so any other program or malware can read it. Or just someone can take a look at it when the PC or phone is unattended (if the smartphone version was used). This is a lesson to learn: keep the passphrase and spending password safe. And use a safe password.
Because a hardware wallet at least walks you through EXPLICITY the fact that you should write your words on the supplied code sheet and not store them online. A hardware wallets seed words are also never displayed on a connected computer. My assumption is they did not follow these directions when the words appeared in Yoroi and took a shortcut and copied them and stored them online.
passphrase or recovery phrase? Just the password itself doesn’t give attackers access. When you create wallet from recovery phrase, on technical level what it does is that it generates a private wallet key from it, which is then symmetrically encrypted with the password you chose.
This password without the private key is useless.
Right, I meant the seed phrase, see this posting: My ADA was s stolen from Yoroi Shelley Wallet - #49 by JosephWLangsdon
if that was the case it means that Evernote employees would be thieves that are going through customer data looking for recovery phrases, which I find hard to believe, although not impossible.
BTW there are companies / individuals who are professional crypto “thief hunters”, but usually they only deal with very large cases, where crypto worth millions of dollars is involved - see this video for example 48 hours later: we got the scammer! - YouTube it is sometimes possible to use TX data to track these individuals down and bring them to justice, but yeah, it’s a slim chance. But I would love to see it happen more often, because these fraudsters and hackers are giving crypto projects extremely negative reputation and bring the value down.
In case of @Jeff_Hill his ADA is still hanging on address addr1q99af0jydcad8tvzq39mh50ds8sye7jj2nydesjqaw42g562pc7htv5yu6yuz76msx7u3wzyn2eesktspg4xq32j23yq7p0up8 which probably belongs to the thief. You said you already work with the authorities (FBI), you can also contact major exchanges informing them that your ADA was stolen from you to that address and they will probably be able to blacklist it (eg. if thief send it to exchange, they will freeze it and will ask where they got it from).
The thief still has some options, but pretty limited without working DEX
That is another possibility that Evernotes employees go through the customer notes, but unlikely, looks like they have very good security rules and on the server the data is stored encrypted.
What I meant was that the notes are read by malware on the PC (if the PC version was used), because Evernote stores a local copy of all the notes on the PC, and I guess not encrypted:
What exchanges should I contact? There seem to be a lot of them.
I’d just write a message and send it to major ones: CoinBase, Binance, Kraken, FTX… it may not help but costs you nothing, except for few minutes, maybe if you mention that you reported this to FBI they would pay some attention to it, but hard to say…
I doubt it will help to contact the exchanges. Why should the exchanges listen to you? Everybody could claim that their coins are stolen, or even telling them coins were stolen which you didn’t own.
But maybe it helps, if you have evidence that you bought the coins. Monitor the coins when they move again, and update the FBI with all the information (if they don’t do this on their own). If it moves to an exchange, the FBI can then ask the exchange for the seller information, and ask them some questions.
BTW, for Bitcoin, there is a website where abuses can be reported:
https://www.bitcoinabuse.com/faq
Would be nice to have this for Cardano as well.
Hi Jeff, mine is the other transaction that seems to have gone missing as you have posted, 1172, using a ledger device now, funny though cause never added personal details anywhere locally, just written down on paper. Hopefully some resolution down track, but not looking good.
How do you cancel a transaction as stated?
Glad to help Jeff. Share this data with your friends.
Well, I think they should listen to you when the ADA in question is concerning ongoing police investigation and you can prove they came from wallet you own and that you purchased and can prove it. But of course, I am not a lawyer… I am just trying to help
I think I’m just giving up now , I lost 4 K ada but I need to see forward , fuck it I tried everything I contacted the support and they couldn’t help me . I need to accept that my ada are gone .
Have you contacted your local officials?
Might not do anything but who knows