Cardano balance, staked in Bloompool via C Wallet.
C Wallet depricated. Balance of wallet misappropriated.
Feedback from Bloompool support:
Funds transferred to another wallet, and then to an enterprise wallet / exchange.
I have a series of transactions that can be seen in Cardano explorer.
Can anyone help in the process of finding the name of the exchange and identifying the account holder?
According to
you can just restore your wallet from C Wallet in Eternl, Typhon, or Lace using your seed phrase.
But that sounds like that won’t help much if the funds are really already gone.
Do you know how and why your account was drained? For other users, it was just a hassle that they went out of business, but it was still a non-custodial wallet where they – C Wallet – couldn’t just disappear with the funds.
Not that easy. There is no registry of which address belongs to which exchange or individual. Sometimes the address of the main address of the exchange (the one with a huge amount of tokens and really many transactions) can give hints. For example if you see them trading native tokens in addition to ADA, this narrows down to the exchanges that have that native token listed. Sometimes googling the address leads to some questions indicating which exchange it was.
And if it really already is on an exchange, only that exchange can tell who of their customers received it (if they even do KYC). And even if you, your lawyer, or the police convince them to release that information (if they have it), chances are high that the scammers already cashed out, registered with stolen or faked information, and/or are in a jurisdiction where nobody can reach them.
Bottom line: If the transaction is done, chances are very, very slim to find the fraudsters, let alone get back the funds, and they grow slimmer the longer ago the drain happened.
Here is the info from Bloom Support. This doesn’t mean a lot to me - so I am reaching out for help:
Bloom Pool
Okay, let me see if I can display this via messenger so it’s not too confusing. Let’s start with the original address. This is your wallet that received the 153k https://cexplorer.io/address/addr1q9wellxdtcdnu583dlln86rv2ccqq782tsjx7z42hvylht7p7azvuygeggfwlgzwqp7auyalsykh8w802ttlu4tyvztsgpf9ym
Bloom Pool
This was the transaction where 153.22k Ada was sent out of that wallet on 5/8/23. https://cexplorer.io/tx/8410413cd77ab40286bf63b9609a04e551bb7f4cdd9ca5cab2f679c9d9404f12
Transaction 8410413cd77ab40286bf63b9609a04e551bb7f4cdd9ca5cab2f679c9d9404f12 | Cexplorer.io
There are other links that it will not allow me to post - I will try to load on a pdf
No file upload option, but the comment below ties in with what you are saying:
You sent
is there any way to trace this to a person?
You sent
or the name of the Wallet or exchange. Any help appreciated. Bloom Pool
Yes, it seems as though this Ada hopped a few times then hit an enterprise wallet, which is an exchange. People are KYCd at exchanges so I know they have everyone’s identity. I don’t know the process of filing a report of theft and how to get that data from the exchange.
Bloom Pool
It doesn’t say the name of the exchange unfortunately.
I think it would be good to try and take this through too the end and try to find the exchange address and ID of the person, even if the funds are gone for good.
For sanity and closure, if nothing else. Also to try and understand HOW does 153,000 ADA disappear like that… maybe this will help others in the community to avoid the same loss.
Any help much appreciated.
Final Address of the ADA:
addr1q9wellxdtcdnu583dlln86rv2ccqq782tsjx7z42hvylht7p7azvuygeggfwlgzwqp7auyalsykh8w802ttlu4tyvztsgpf9ym
I am clueless how to dig any deeper.
I cannot see more than BLOOM already told you (by the way, the stake pool has very little to do with such things, delegating does not give them any control about what is happening).
I can also only look at it with an explorer (I’m using Adastat instead of CExplorer, but they all just show the same data from the blockchain).
This is your account/wallet:
https://adastat.net/accounts/7fbb4a9ac9e4d3027c5ec3c2bd4749457f3977c9e1d67529e7157a14
In the “Transactions” tab, there are a lot of transactions from before and after the one stealing the 153k, basically only outgoing, you only loaded this account once on 2022-07-21 and then transferred amounts of different values out over the whole time. Were those other transactions – also the ones after the hack – all yours?
The transaction going out on 2023-08-05 is this one:
https://adastat.net/transactions/8410413cd77ab40286bf63b9609a04e551bb7f4cdd9ca5cab2f679c9d9404f12
The 153 222 ADA went to this address:
https://adastat.net/addresses/addr1q9wellxdtcdnu583dlln86rv2ccqq782tsjx7z42hvylht7p7azvuygeggfwlgzwqp7auyalsykh8w802ttlu4tyvztsgpf9ym
This address belongs to this account:
https://adastat.net/accounts/c1f744ce11194212efa04e007dde13bf812d73b8ef52d7fe55646097
It also received another 95 ADA from your account 5 minutes later. And then send out nearly everything in smaller batches 14 days later.
For example, the first 50k ADA go out in this transaction:
https://adastat.net/transactions/d0ae5b72e5704aa4a6ec8aed11b1bbba062d3dc3a26ce0884fb0a774e059ecd5
To this (enterprise) address:
https://adastat.net/addresses/addr1v8t758rcggqg6z4yfxhkfma5za9dgwug3086mg29l2n6jzqphyteh
By the way: Not all enterprise addresses are from exchanges and not all exchanges use enterprise addresses, but it can be an indication. Stronger indication is the transaction pattern: Everytime something arrives on this address, it is forwarded minutes later. That is quite typical of the deposit addresses of exchanges.
The 50k ADA are forwarded in this transaction:
https://adastat.net/transactions/bee0e7b13e4593ac41c2bd3f9bd191965ce1f826703c2d7fcb146ace4910d602
The vast majority goes to this enterprise address:
https://adastat.net/addresses/addr1vypr00ss7hkqejmvh53xkyf0p9q0a4z2uprxmx6njc463vgst3pe4
Now, that definitely looks like one of the main addresses/wallets of an exchange: Transactions every few minutes up until now and a quite high balance.
With Googling, I found this Reddit post:
https://www.reddit.com/r/CoinBase/comments/pcccz8/cardano_nft_recovery/
It claims that this address belongs to Coinbase. So, it might be worth a try reaching out to them.
Most often, it are seed phrases getting in the hands of scammers. Did you give your seed phrase anywhere in the days and weeks prior to August last year?
Other possibilities are always malware on the device where your wallet is imported or you signing the transaction yourself without noticing what is going to happen (this is happening a lot lately, but if you were using C Wallet exclusively at the time not very likely, since C Wallet could not connect to dApp as far as I’m aware).