Scammed on Daedalus Mainnet

This really sucks. I’m sorry you lost your ADA. If anyone is generating wallet keypairs on an internet connected machine, they should use a hardware wallet. Your private keys should never be exposed to the internet.

It’s getting more and more dangerous, not to be 100% concentrated clicking on “something”. I also recommend to store in hardware wallet.

I hope you all are lucky and you will get your ADA back.

Thanks for sharing this, so we all are aware.

Right, it may help a bit using extensions like uBlock Origin or the EFF Privacy Badger.

1 Like

Hello Guys,
I was planning to open Daedalus account,
but after reading this I am glad I still didn’t.
If I understand correctly, you can get your account wiped off even when you don’t do anything wrong on your side and it has some special connection particularly with Ada?

So putting your money into online wallet is like a lottery, you never know if you find them there again.

So how this concept is supposed to work? Loosing 1000, 10k is bad, but what if you put there 1M or more and you realize they are not there like anything happened?

WTF I want to contribute, but this looks like something essential is missing.

Im also in a different kind of situation 2000 ada from Yoroi to a binance address and im sure its retreivavble but i have no clue how to get it back . I wish there was a team out there who would specilise in retreiving our coins or tokens . I wasnt even scammed i somply made a mistake
I also have everything on paper and my txid .

Good luck to you i hope you get it back

Hello, I’m currently using Daedalus and never encountered any issue with it ; as previously stated, it’s only one hypothesis amongst many possibilities. That being said, I do not have ₳1M, if that was the case I’d rather consider using a cold wallet (paper or hardware). Every service or daemon on your computer might be used as an entry point, which is why you need a firewall (preferably stateful) and should disable every unneeded service (you could list open ports with netstat). And of course no firewall will protect you if you install or execute a suspicious app or share inadvertently your recovery seed.

Then you should hurry up to file an official claim and ask Binance to freeze the assets.

Here is an excerpt of Binance FAQ

How to Handle Stolen Funds Transferred to Binance

If you’re the victim of theft and your stolen funds have been transferred to a Binance account, you must open a support ticket and provide us with the following information:

  • A detailed description of how and when the theft happened.
  • A list of all the blockchain transactions involved in the process (with clickable links).
  • A signed NDA or a statement where you’ll agree to abide by non-disclosure standards from Binance.

If there is substantial evidence that suggests the funds were indeed stolen, Binance will temporarily freeze the assets.
During the process, you must provide us with a police report within 24 hours after submitting a support ticket. From this point, Binance will work directly with law enforcement officials to handle the stolen funds and work to resolve your case.

PM me, should you need any assistance.

1 Like

use a cold wallet and never mind open daedalus. it’s simple like that.

if you want to stake a certain amount – do that, but put the remaining ada’s “in” your hardware wallet.

To be confirmed but provided you can “attach” a hardware wallet to Yoroi, then you should be able to delegate all of it without taking any unnecessary risk. And I’ve read a few articles that pretend you should keep Daedalus open in order to receive your rewards, that is obviously false.

Thank you for the replies, I think this should be made one of the priorities whether in crypto world or community itself to let people invest their funds without fear of being easily robbed.

Maybe there is a smart way how to do it when people start dealing with it as a thing of apparent importance.

1 Like

Hi raph, I’m a noobe here and to crypto. Read all the above and I understand that those losses were from mobile apps? and PC’s?
How does the Mac security (I have MacBook Pro) stand up to all this?
I don’t have any malware/antivirus apps and never had an kind of attack. Would love to hear your view on this.

Welcome then, if you read this thread, you know there is no element that could confirm or deny such a hypothesis. Generally speaking, MacOS security pertaining to malwares is at least as good as the one of GNU/Linux. That said the weak link in most attacks is the human behind the screen so you should read as much as you can on how to safely use cryptocurrencies, you’ll find many resources and people ready to help on this forum, should you have any question. And beware of the Ada giveaway scams.

1 Like

I understand, AM upto my neck in due diligence! Don’t plan to make any serious moves until I have full understanding of it all. My interest is in supporting worthwhile companies like Cardano - Charles H makes alot of sense to me. Thanks for the reply.

I don’t understand how this happend. My ada just got transffered to this address - addr1q80vwwctph4aykcy3nnj5n0mu392cs6cl00l0vhpsr5jp5x7cuaskr0t6fdsfr889fxlhez243p4377l77ewrq8fyrgq3gzy7w

I see others had same thing. So it’s a hack and you can’t get back your ada?..

Edit: I just downloaded daedalus, sent ada from binance, staked and just open from time to time to see how staking is going. That’s it. And few days transaction was made with my funds…

Top 3 way ways someone can make a transaction from your account are:

  1. They gain access to you spending password.
    Anyone who has access to your spending password and access to your Daedalus can make a transfer. This can be done in real life by using your own computer and spend password -
    or remotely trough key logger and remote access

  2. They gain access to your 24 word recovery phrase. They can replicate your wallet anywhere.
    Anyone who physically has access to your recovery words can access it and make new spend password. Also, any keylogger malware or if you took a pic of the words (that’s easies to access).

  3. Fake Daedalus wallet. There is one going around at the moment.

In all of these cases you had to either:
Make a first step by letting the hackers in: such as downloading random software, keeping your wallet on same computer as coin miners (such as Electronium miners -well known trojan access), cut and paste commands into your command prompt with out checking (such as install and/or CertUtil), leaving your camera on, have your pics automatically back up on shared cloud, etc…
-or- let someone around you actually see or take the password/phrases.

From what I’ve seen. It’s usually the case that individuals allow remote access to their computers by downloading fake wallets and coin miners or cut and paste paths that allow programs to bypass security and anti virus. They specifically target crypto owners, otherwise how would a hacker know to look for crypto if they don’t already know that you may have crypto. That would be kind of random.

Idk how this was possible. I don’t use any random mobile apps, only binance. Antivirus is always on for trojans or smth else. Still shook how this happend…

They don’t have to be random apps. FaceTime has a huge exploit, iPhones with Intel series chips had a huge vulnerability that lets hackers in from you just visiting their website… etc. The safes way is: write down your passwords/phrases on paper. Hide them (maybe make a back up copy and hide in different spot). Never have any digital copies. Tell no one where they are.

Don’t copy and paste any commands into CMD with out knowing what it is.

Use only official wallets.

a Police report this is Canada and police dont even know what is a Cold wallet im not a Victim i simply need help to retrieve it or locate my ADA .? there was a very nice gentlemen that was trying to help me and pointed me in a direction that lead me to Binance , iv already chatted with Binance with 3 different customer service , most useless horrible help i have ever had , i have my own evidence which can be provided true my Yoroi wallet from the transaction its still showing and i feel like

The tech part is on Binance, not the police. If you’re not a victim how did you find the Binance address you used for the transaction ? Does it belong to you ? If not, your only hope is in finding an agreement with Binance, for them to contact the unintended recipient.

If that was indeed a hack of Daedalus, then you would see many more occurrences of it. It is possible but all it proves so far is that your computer wasn’t compromised after the fact, it might very well have been before the fact. An antivirus offers no real protection against a program launched by the user.

My point being unless you consider honeypots and security community, most users whose computer is part of a botnet are unsuspecting. The best solution in that case would be a clean install of your OS. And since transactions on the blockchain are irreversible by design, you cannot directly get your funds back, your best hope for doing so would be if they end up on a centralized exchange wallet. In this case only could you make the assets frozen by providing the exchange with a copy of your official complaint, evidence of what belongs to you and a NDA.