Spyware able to access Daedalus wallet?


#1

Hello Ada-community!

Just a question:
Unfortunately I have the suspicion, that I accidentally installed some js-malware when I downloaded a crypto trading software…
I gave my PC to a specialist for analysis the day after this accident - until mid of next week I won`t get it back.
I have my Daedalus wallet installed on this PC and my question is: is there a high danger or probability that this malware was able to get access to my wallet enabling thieves to withdraw my ADA´s???

I did not opened or used my Daedalus wallet within this crucial timeframe and its also not installed in the folder the Dadalus software automatically is proposing, but directly onto my main hard disk... I can check the wallet only in a few days when I get back my PC - now Im feeling like a cat on a hot tin roof, I can`t sleep anymore…!!!

Somebody here who can valuate this situation?


#2

First, did you put a password on your wallet?


#3

No - after it synced it opened automatically…


#4

Password or no it would do that, a password is for sending ADA.
Did you add one?


#5

I not yet sended ADAs so I surely not yet used one - but I think I set up one because I noted a pass in my documents…


#6

He will probably check if you installed a keylogger with this malware accidentally…

If you have the slightest doubt, you should make sure that you have your Daedalus wallet secret words + password + wallet name with you on a sheet of paper (NEVER on your computer), back up your data on a external hard drive, then reset your PC with the “remove everything” option before reinstalling everything. Then recover your Daedalus wallet with your secret words. Don’t worry, deleting Daedalus won’t delete your coins, they are not stored physically on your computer but on the blockchain.

Ask him also to check your hosts files. It never hurts to see if you are hacked. See this link of this guy who got stolen 100K$ a few months ago by clicking on a spoofed phishing site, and read carefully the first answer from all_is_all_to_all who gave great instructions on how to check it yourself

Personally, I think the best protection is to have a dedicated machine for financial stuff like this and nothing else. :slight_smile:


#7

Good, no one can send/spend your ADA without that password as it is tied to your wallet, not on the blockchain like the 12-word restore is.


#8

Thank you - you are totally right, my secret words are already on paper, pass and wallet name on external drive - but I will change this also… Thanks for your hints with the host files - will ask for it!


#9

Thank you so much - this spends me some hope now!
Thank you and thanks again to Cosmos for your quick help and efforts!
Have a great weekend - and all the best for our ADA invest!