Hey guys. I woke up today to the extremely saddening news that my crypto wallets have been hacked and my funds stolen… I’m not sure exactly how (probably a keylogger or something) or when (because even though the hacker only manifested himself a few days ago, he might have had my wallet infos for more time than that) my wallets got invaded, but I really hope to at the very least help to keep this from happening to others.
My Cardano wallet is: addr1qxttgmchjy3sgka4hctlnra95tjcjdnvwegk2gnx6ws3qfykk3h30yfrq3dmt0shlx86tgh93ymxcaj3v53xd5apzqjqfjpr4u
The tranasction that stole my funds is this one: 57ac84c2f9cd8a77b92f1811a6835083499edfd3d8bae70275df10b9a99b4869
Tracing the funds that were stolen, I noticed that they eventually all end up mixed in two wallets:
addr1qytl8d275q4psl7xx02ucd2wxwqw7fs79cc4x954txjnn746mz9q2gh0s0ky406t52ysw3zm3h8nve84tqpltjd3hv9qy93ps9
addr1q8yt4mv0lnzf9ndannw93ls2efl4exmftndfrlrg6jgqgr7t800u0gu9pp4w0jmy90v4zhxn4umqwjjeqausp9a6tuuqk5xl6e
I don’t exactly know what type of wallets these are, or if it is possible to flag them. I would love to get my ADA back, although I realize the chances are slim
If anyone in the community could shine some light onto this incident, I would be very grateful.
Unfortunately, you are right that chances are not great to get that back.
The blockchain cannot tell us much, but:
- The attack was seven days ago – 2022-08-13 02:06:51 UTC until 2022-08-13 02:09:38 UTC. Attacker did three transactions – withdraw rewards, deregister stake key, and transfer everything out.
- You did not do anything with the wallet close to that time the next older transaction from you was 2022-07-13 22:01 UTC, where one transaction looks like you transferred some ADA from an exchange and the second one is withdrawing rewards.
- I don’t know if the two addresses, where your ADA ended up, are addresses of the attacker or already of an exchange they used to cash out. In https://cardanoscan.io/transaction/71b36a2ebfa156b78d0220557690457afe0d317fb281fed5f4be328b514cd327, your ADA are put together with a lot of other inputs and distributed to these two addresses – one in the same large wallet, one in another wallet. And those inputs come from transactions looking quite different, small and large, nearly none of them emptying wallets completely. If they were all from similar attacks, I would expect them to all follow the same withdraw – deregister – send everything scheme.
Often heard the advice to at least go to local police, that they might freeze the funds at exchanges, but on the other hand never heard a success story about such a process.
And it’s been already seven days. They probably already have taken it out of exchange and are never to be seen again.