So, ihave been staking for ada for a while using trustwallet. Today i noticed my balance was transfered to another stakeaddress: Transaction 90fbc5705cb10ca608298417e5cf8476b37fad4efd53c7f9edd7a5f7fe108d48 - Cardanoscan
On my trustwallet i only see my earned awards from ada staking. I cant unstake, it shows zero balance.
I am sorry, but to me that looks like they have been stolen.
Rather typical, the account your funds went to has a lot of transactions emptying also other accounts and in all cases moving everything (except unwithdrawn rewards) there.
Not so typical, they haven’t cashed out by now. Everything still lies on that target address. But there is nobody who would have the ability to order it back. You can just observe.
Also, you can’t withdraw rewards or unstake if there are no non-reward ADA in an account. Both operations need an input and you currently do not have one. If you want to at least withdraw and unstake, you’d have to send a couple of ADA to that account before doing that and moving everything out.
Did you give the seed phrase somewhere around the time that transaction happened? Did you have malware on the device the Trust wallet was on?
this is so weird. I never gave my seed phrase to anyone. Can the staked ada validator move the ada from one address to the other maybe?
No, that is not possible. On Cardano, staked ADA never leave your wallet and always remain under your control. Staking is just a certificate that says that you want to stake with the pool. The pool never gets control over anything (and is by the way also not responsible for paying rewards just for producing blocks, rewards are distributed by the Cardano protocol itself).
Someone must have gotten access to your seed phrase or your keys in some way or another or tricked you into signing a transaction.
OK, i have contacted trustwallet about this. seems strange that nothing the funds are just sitting there.
Did you create the wallet in the browser extension?
As far as I can see, all of the victim accounts that were emptied to https://adastat.net/addresses/addr1qypaddd24unhywyqlam9julygn7r5qhuy46f033pz96f5lx2d977jzefys7lmf3nrgv9d89u7n4e7vvgn7ukljycnlusxsyq0u – including yours – were single-address accounts first used in November 2022.
And: I earlier found this article:
“A vulnerability impacted wallet addresses created through the browser extension between Nov. 14 and 23 […]”
That fits remarkably!
So, go ahead and ask Trust! Maybe, you are at least eligible for that reimbursement?
EDIT: Reading further:
The claims process for the reimbursement seems to have ended end of June.
But they also say that they have identified vulnerable wallets and shown a notification in the wallet app.
Did you see such a notification at some point?
2 Likes
FYI this is what they (TW) responded:
Hi dear user,
Thank you so much for reaching out to our support team.
We acknowledge the issue you are experiencing and emphasize that it is a known problem on our platform, not on your end. This is a front-end issue, funds are #Safu. We are very sorry for any inconvenience caused by this situation. Please don’t worry, our developers are actively working to resolve this as quickly as possible. Your peace of mind remains our top priority.
Ehm, I have doubts.
We can see on blockchain explorers that your account (and six others) were actually emptied 14 days ago. It’s not just a display problem.
There are a lot of other users who have problems with Trust wallet not syncing and therefore showing empty wallets. But for them, blockchain explorers and restoring/importing in other wallet apps show that it is just a sync/display/frontend problem. Maybe, they confused your problem with that one.
Can’t decide for you, but I would maybe clarify that you checked on an explorer and your wallet actually was emptied. Together with others. All created around the same time.
Hi, reading through with your problem and the subsequent replies, give us newbies real education.
Have your funds been recovered, is the browser created the wallet
I have check with them, and no answer yet. I told they that i think it was due to the security breach of last year, that they gained access to my wallet now. So as of today, my funds were not recovered yet.
If your wallet has been drained, you most likely shouldnt hope for any refund from Trust Wallet.
I do recommand using a Cardano native wallet like Typhon or Eternl this time, if you are going to buy ADA again.
That is true in general, of course, but if you read through this thread:
- All Cardano accounts drained to that address were first used in exactly the time frame of the already known bug.
- They already did a reimbursement campaign for users affected by that bug.
Yes, the reimbursement campaign is already finished. But they claim that they have informed all affected users for months that they are affected, should switch wallets, and have the possibility of a reimbursement.
If they overlooked Cardano in that campaign, I’d say that just this once there is a non-zero (but maybe still small) chance that they own that error and reimburse. Just this once I would not give up that easily!
1 Like
This sucks man, I really like cardano.
I mean this hasnt anything to do with Cardano. Either its a user error or Trust Wallet fucked up.
1 Like
well, I created a new ada wallet (NOT Trustwallet lol). I Doubt they will even answer me. Will start DCA again. Any donations is welcome:
Thanks for your input @Zyroxa and @HeptaSean
This seems to be a wallet on a exchange, i definitly would recommand to create your own wallet. Also begging is not allowed here sorry.
My ADA also stakes Trust Wallet wallet, last year’s vulnerability should be fixed, I just created, the advantage of this wallet is that you can use the cloud, plus your own password, mnemonic word and cloud plus password, to prevent this mnemonic from being lost, very good to use the wallet