Nami wallet/Optim finance issue

Hello, this is perhaps a completely newb post, anyways, here we go.

I bought some optim finance bonds (basically lending ada staking rights - ISPO bonds) back in december for 6 epochs. Was busy and forgot all about them, then checked in the other day to claim/convert bonds back to ada only to see that those bonds have been converted back to ada and said ada was sent off approximately 3 weeks ago (I did not do that transaction). Here it is:

Bond id: asset1lxledfay0lg5jqtv98fvtajlmpdmq66g44325v

Am I interpreting this correctly in that somehow wallet seed been compromised and the nami wallet drained? Or is it some simple silly mistake?

Appreciate any help/input. Cheers.

As far as I can see:

That last transaction has nothing to do with Optim anymore, but has to have been signed by your wallet’s keys.

So, I’m afraid that you are correct that you somehow have been compromised if you didn’t do that.

Thought so, thank you for looking into it. What do you think was the likely vector of attack?(did not give the seed to anyone or store it digitally). Malware? (have Kaspersky installed) Should I raise it with optim finance/nami? I know I’m not getting the ADA back but maybe identify a potential vulnerability on their end? Beh.

Hard to tell.

It has to be either the seed phrase or the root private key together with the spending password it was encrypted with.

Giving away the seed phrase does not have to be a fake support plainly asking for it or a quite blatant fake support website pretending to “rectify” unspecified problems. It can also be some quite convincing fake wallet apps. There were scam “Nami” extensions for Firefox and scam “Nami” mobile apps in the past. Only if you haven’t restored your wallet at all in the past weeks or months, this possibility becomes very unlikely.

So, the second large possibility is malware. It would have to target the root keys stored on your hard disk. And they would additionally have to either grab the spending password or break it by brute force (if it is simple enough). An antivirus like Kaspersky is, of course, good to have, but it is never a 100% guarantee. The malware can always be new or rare enough that it does not already know about it and avoid triggering its heuristics.

Observe: If you had the same wallet imported in another wallet app before and did not delete the data from the disk completely, it does not necessarily have to be Nami that was targeted. Even if you haven’t used the other wallet app in months and years (and maybe have almost forgotten it), the secrets are still the same and if they can be found on disk a malware can get them.

Optim has little to do with it. Don’t know if it is worth contacting them.

Nami could make sense, but as long as you/we do not have a clear idea what attack vector it was, there is also not much they can do. If there was a wave of many users of a specific wallet app – e.g., Nami – getting drained at almost the same time, that should trigger a thorough investigation, but as long as there are “only” (sorry!) the occasional cases that we almost always see they can also only speculate like we are doing here.

You could use the ideas above to take a close look at your system: Other wallet apps that had the same wallet? When did you last restore maybe only thinking it was a legitimate Nami? Suspicious processes running on the system? Maybe try to monitor network connections if a potential malware is still active? … It’s a bit hard to guide through all that asynchronically from far away (and I do not know Windows well enough anymore). Maybe you have enough knowledge yourself or know someone locally who could help.

1 Like