Further to my other post, I’ve been monitoring this wallet where my ADA coins in my Daedalus Shelley wallet were sent without my permission. This wallet keeps getting new deposits and recently it receives 122,852 ADA. Refer to the link below and if you scroll down, my 3084 ADA was first on the list. Can anyone tell if this is a stake pool wallet? Why does it keep receiving ADA? Can I still get my ADA back?
You dont have to send your ada anywhere when you delegate to a pool.
You clearly have been scammed and there is no way to get your ada back.
Im sorry.
2 Likes
I can only answer “no” at the moment. I am sorry @frznfrg .
-deleted link to coinfirm (not promising)
1 Like
There is also this review on that company … and its not looking good.
2 Likes
@frznfrg Please stop posting such topics in the Developers forum. This is not the right category for these posts. Thank you for understanding.
2 Likes
Good day, same happened with me- there must be a way of stopping this - go and have a look at his account,
Address addr1q8nhaq9jgn0xgqp58vvs78hqyf8fxw3hvcjreydtwgg66l8806qty3x7vsqrgwcepu0wqgjwjvarwe3y8jg6kus3447qdzlsk4 - Cardanoscan
This account is draining a lot of people- addr1q8nhaq9jgn0xgqp58vvs78hqyf8fxw3hvcjreydtwgg66l8806qty3x7vsqrgwcepu0wqgjwjvarwe3y8jg6kus3447qdzlsk4
It is not a link or a hack, what they do is the restore a Daedalus wallet- word generator and if you guest the word correct, you get the wallet and you give it a new name and a new password and the person can do with your ADA what ever they want.
Now, tell me how secure is this really!!!
It’s not possible to guess the key phrase. What these scammers do is obtain from people the seeds and get control of the wallets, or convince them to send ADA to their address. This has nothing to do with the safety of the protocol. It’s like giving you pocket wallet to a stranger and be surprised if he drains all of it. The users must be educated not to ever give the seed phrase to anyone and also not to send ADA to anyone, unless it’s for a legitimate transaction.
Staking does NOT require to send ADA, but only to delegate the wallet through the wallet. The ADA never lease the wallet.
4 Likes
Not true, Device was not even online after setup and wallet creation and the phrase only I had, Go and have a look at the wallet in question, The matter of the fact is that not enough is done about this, this account has stolen over 228K of ADA in a month from Cardano users and you keep on remove the post everywhere as this is a HUGE security issue.
You can just obtain the seeds or you tell them they where hacked - what a joke!
How do you think it’s easy to obtain the seed words?
The dictionary is made of 2048 words, and the seed is made of 15 words, so you end up with 2048^14 (last word is checksum I think) possibilities. Do you really think anyone can guess it?
Well, there is no other way to explain this, as no access to PC, I am the only one with the phrase and that is the only think anyone needs to get access, so yes, I am sure there are some smart person setting there and know a bit or 2 about these Phrases.
Same account - every day get at least one or transaction wallets drained.
As per attached:
How can you hack all the user at the same time and transfer they ada - or they all just “send” it to you at the same time as a gift.
At least this is a nice person, he did refund 2.1 ADA of one of the wallets that he drained - what a guy!
The sad part is that you are missing the point, the layer of security is not enough and it is clear the Daedalus wallet is not fool proof and all you trying to do is ignore the fact and reflect it to users. Address the issue, security, as people have invested in the project and they need to know that there is a risk or you need to address the risk.
Have a great day everyone, be safe and take care
1 Like
I’m not happy that some people gets scammed and robbed of their own ADA, but you cannot allegedly accuse the Wallet of being the cause. If Daedalus had a security hole, you’ll see millions if ADA being robbed systematically. That is fortunately not the case.
If the user has poor security measures against theft of the seed phrase or has the PC full of malware, we should be more informative about the need of security, not accuse Dadealus of being at fault.
1 Like
If there were 1 million wallets that actually have funds in the Cardano blockchain, only 1 wallet out of every 29,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000 24-words combinations that you try randomly will have funds. Hopefully this illustrates how unlikely it is to accidentally (or maliciously) recover a wallet that has funds by just testing random combinations. However it is extremely easy to recover a random wallet that is empty, you just need to input any phrase with 24 valid words that meets the checksum requirements, about 6% of the possible combinations is a valid wallet. Seems that your test falls on this scenario.
The BIP39 standard is used by almost every cryptocurrency out there including bitcoin, at it has proven to be secure.
Hoping that you can respond to our questions above,
Best regards,
The IOHK Technical Service Desk
2 Likes
the fact that this wallet is draining ADA from other wallets almost every other day, means that there is a big security issue in Daedalus wallet, maybe people ignore or don’t wan’t to accept the issue or just don’t know yet that there ADA are being stolen. You can not say that all the owners of these wallet give their SEED words or transfer their coins to this wallet. Maybe they just don’t know yet or didn’t reach to this forum. Please guys look at this wallet and investigate…
He/she refund me also of 1.1 ADA isn’t it strange. This is not a person, I think this is a Bot that is using a lot of computing power to guess the seed words…My only hope is someone can figure out who is the owner of this wallet…
addr1q8nhaq9jgn0xgqp58vvs78hqyf8fxw3hvcjreydtwgg66l8806qty3x7vsqrgwcepu0wqgjwjvarwe3y8jg6kus3447qdzlsk4
1 Like
As previously stated, also directly by IOHK, it’s virtually impossible to guess a wallet seed phrase even by brute force. There is an enforced time delay between two possible tries, this makes it an extremely long and also impractical way to recover a wallet by guessing. Even a supercomputer has to wait some time after each seed phrase is tested.
Please stop saying that Daedalus is bugged if you don’t have hard evidence of it. It’s much more probable that the unlucky owners that have been robbed had malware on their PC.
1 Like
**about 6% of the possible combinations is a valid wallet… and you say that is not an issue.
So that states that I CAN BE guest- even if it just 6%, what ever you think or say- that is a risk
You should read all of the sentence: “However it is extremely easy to recover a random wallet that is empty”
There are 6% of valid combinations out of the total 29,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000,000
The really used wallets are about 1 million, so you have a bout 6% of ZERO possibilities to guess a wallet that is NOT empty.
Count the zeros in the above number or simply use common sense. Everyone would be screaming since the day Bitcoin was created that is easy to steal money from random wallets. But it’s not happening. Face the true: people that lose money has a local security breach or has been scammed.
1 Like
That is what you would like to believe - fact of the matter is in the audit logs, pc logs and active monitoring - one of the perks of being a corporates environment where everything you do on your laptop is tracked, not always fun, but it this case, did help a lot. But thanks for your input but I got support from people that knows a bit more on the matter and this has been escalated thanks to Carlos from TSD and got cybersecurity director Charles Morgan involved. Have yourself a great day. Take care and lets hope that no more people loose there ada on this wallet.
2 Likes