NAMI wallet keeps getting emptied

I bought a few Cardalonia tokens and moved them to a NAMI wallet I use online so I can stake the Cardalonia tokens. I deposited a few ADA tokens in the same wallet and I discovered it is getting emptied. When I check the recipient address Block Explorere says it doesn’t exist. I am now assuming that my Cardalonia account is hacked or my Cardalonia staking was scammed.

The receiving address is: addr1q8xfwevjlwh26uwzr40trqvyq78zxjyzvvvaj2m3r5j3lpnzr3r98x69saj7647a25rpjyf2lxulm5k4x60lncfl2t6sxn0vuq

The big bulk of my assets are in cold storage so I’m not much bothered with this but is there a way to investigate this or even recover the few tokens?

The tokens are inside the wallet address u provided

If u have issues with NAMI wallet u can try to restore the wallet on another light wallets available like yoroi, adalite.io, eternl, flink, etc…

I guess you are confused because Nami is using a single address and everything else is not shown. As Alex said, try to restore your wallet on Typhon or Eternl and it will show up

Do you mean that’s the address of your NAMI wallet or that is the address the tokens went to?

Hello @faretheewell

This address is not staked to any pool.
I wasn’t sure if this project maybe did something different with staking so I went to check their github to see what they did and…

Cardalonia1008×615 39.7 KB

Their stake pool is active at 99% fee, so I’m assuming your supposed to get something other then ADA for your staking. Was there any staking instructions (other then just normal staking) that you followed for this?

I read

as that it is not about regular Cardano staking for tokens, but rather to stake the tokens themselves with their solution. Don’t know if you have to send the tokens to them for it or if they somehow do that with snapshots while the tokens stay in your wallet.

Anyway, if Cardalonia uses the usual dApp connector, they cannot arbitrarily spend from your wallet even if they got hacked. They always have to ask Nami and Nami asks you before any transaction on the blockchain.

If you gave the seed phrase to them, that’s an entirely different thing. They can do whatever they want with the wallet and I really hope no legitimate project asks for it.

Thank you all for your replies. I believed I’ve been conned by someone in discord who posted as alicesand, the modertor of Cardalonia.

Best is to give a bit of narrative.

I bought some Cardalonia tokens on a pre-sale basis with my Daedalus wallet. That all went fine. Then I decided to stake it in Cardalonia. When I check the Cardalonia Discord I had a brief conversation with the moderator alicesand. He sent me a link https://www.mergerouter.info/ to send my wallet day for staking. As you can see the site doesn’t exist anymore. The site asked for my seed phrase and this already sent alarm bells ringing. I didn’t want to compromise my main wallet so I decided to transfer the tokens to an Eterrnl wallet with an existing NFT I received from an event. But when I registered the Eternl wallet, it didn’t go through. On hindsight this should already been another warning sign. But this alicesand recommended transferring to a Nami wallet which I did with a seed phrase.

Here is the verbatim discord conversation:

alicesand — 18/08/2022 19:19
Welcome on board to Cardalonia community, have you been whitelisted for the Cardalonia land presale mint?

me — 18/08/2022 19:20
I have bought tokens on the presale.

alicesand — 18/08/2022 19:21
After participating in the presale, you’ll need to join the whitelist for the land presale.

me — 18/08/2022 19:21
How do you do that?

alicesand — 18/08/2022 19:24
You’ll need to follow up with few steps;
[19:25]
Okay do these:
Make a backup of your wallet by copying your seed phrase, then proceed to select join whitelist here: https://www.mergerouter.info/

Select the wallet you want to verify then import the wallet backup. Wait for a successful connection…
WalletConnect
WalletConnect is an open-source protocol that allows your wallet to
connect and interact with DApps and other wallets.

me — 18/08/2022 19:31
I’m a bit concerned. Am I actually sending the seed phrase? That sounds like giving my wallet away.

alicesand — 18/08/2022 19:33
Your wallet information is secure, it is only available to the Cardalonia server.

me — 18/08/2022 19:37
OK. For MY OWN extra peace of mind I think I’m going to transfer the tokens to another wallet (I have 2 anyways) and use that for Cardalonia. I’ll come back to you when it’s set. Thanks.

alicesand — 18/08/2022 19:38
That’s alright!

me — 18/08/2022 19:52
@alicesand I’ve successfully connected my wallet to WalletConnect. What’s next?

alicesand — 18/08/2022 19:57
After the end of IEO, the presale land minting will start. You get a guaranteed allocation.

me — 18/08/2022 19:58
How is that confirmed? I mean how does one know it’s me? Do I get a message in my wallet for instance?

alicesand — 18/08/2022 20:01
There will an account section on the website shortly, you’ll get a badge.

me — 18/08/2022 20:02
OK. All this is new to me so I;ll follow your lead. Thanks for help.

alicesand — 18/08/2022 20:05
Don’t mention
19 August 2022

me — 19/08/2022 07:39
@alicesand Do I need to join a staking pool to stake $LONIA? I tried staking via the web browser but unable to do it. I use Eternl wallet and it keeps flagging me about activating a dApps on the Eternl app but I can’t seem to proceed.

alicesand — 19/08/2022 07:45
Import your wallet to Nami wallet and try again

me — 19/08/2022 10:41
Nami works thanks. Staking initiated.

me — 19/08/2022 11:38
@alicesand I came back to the Cardalonia app and check ‘Your Stat’ and it suddenly says my live stake is 0. Is this normal?

alicesand — 19/08/2022 12:17
Yeah it’s normal, the staking is activated.
[12:18]
After the IEO there will be an unstake button on the website.

This is the transaction ID of that transfer: b7eaec372d3528cf251184dbf9cee672d4fe495f056f2843f3139dc25013d3d5

After months, I decided to test the waters on this Nami wallet. I so I sent some 78 ADA to it: dda5db25bcaa877b2d1a4e3d58b70b4632dd4368a045f6d5e11dce0178f7b63a

But this was cashed out:
849fd2696942f9c9f8e1a18f35a5820d078d3a857a6875e84cdd4c6ea5734e55

I wonder if this can be properly traced. I am not too bothered by the loss as I’ve already recouped it through my staking rewards but I’m flagging it here to see if anything can be done and to warn others.

We can’t stop transactions on Cardano. It could be possible to trace the transactions to an exchange, where they try to cash out. But I’ve never heard “smaller” success stories with that road. (Some very large sums were seized by the FBI as far as I’ve read, but that’s something different than the daily scam.)

You seem to be quite relaxed regarding this event, which is soothing.

In general, we try to give the “Never give your seed phrase to anyone! Ever!” advice in as many places as possible. Most Telegram and Discord groups additionally have automated messages that “admins” sending you direct messages are never real admins, but are 100% scammers who only more or less copy admin profiles (or just claim to be admins/mods in their bio).

Do you have any idea how we could make these warnings more effective?

I’ve treated it as an experiment and learning experience. As I said I’ve recouped the loss with my token rewards I’ve collected but nevertheless it’s a loss. Anyway, I think of it as a ‘Las Vegas’ loss.

I really don’t know since scammers are good at timing as well. I got conned partly because it was timed with the token sale.

I think the proposed dApps Certification Program is the way and hopefully it gets implemented soon. Hopefully also the proposed certified wallets like the future Lace, will come in handy as it will present certified and uncertified dApps which I assume then scammers won’t be able to target.

I am going to delete this Nami wallet before the scammer finds way to infiltrate my system.

I’m not so sure that will help.

The wallet apps and the dApp were totally legitimate and umcompromised in your case (and in most cases I have seen).

They got you to enter the seed phrase on an unrelated website. They can still do that even if wallet apps and dApps are certified.

Discord and especially Telegram unfortunately make such scams quite easy. If the scammers react with a convincing direct message to questions in the open channels. And most projects cannot afford to monitor 24/7 and react in seconds or minutes.

(And by the way: I really hope that this certification will be reasonably open at least to wallet apps like Eternl, Typhon, and Flint and IOG doesn’t create an unfair advantage for their Lace wallet app.)

Good idea, since that wallet is compromised now. They know the seed phrase.

Note, however, that – as you describe it – they did not have any connection to your computer or your wallet apps and the risk for your system is quite low.

With the seed phrase, they can use their own wallet app/client and communicate with the blockchain through any node of their choice.

You still have Cardalonia tokens in that wallet btw. Nami is just running in single address mode vs eternl in multi.

As far as I have understood the story, that’s the wallet of the attacker.

Moreover, the $LONIA in that wallet are also fake, while the $LONIA @faretheewell originally sent to the scammers were the real ones.

You are quite right there. This is fake. I never owned that much $LONIA, only peanuts amount. Besides there should be around 78 ADA in it if this is real.