Use a HW wallet If you have more ADA than you're happy to loose

This forum is full of sad stories from folks having lost their funds in software wallets. Yes, software systems do get attacked. Not only the direct code of the wallet implementation but also its dependencies. Not only past and current releases but also future releases will get attacked.

The attack surface is massive especially on a phone. Only give your private key to a piece of software when you can be absolutely sure that it will never be compromised - in fact you can’t.

Instead, put your key on a hardware chip that is especially designed for that. It comes with guarantees that the key will never leave the chip. An attacker can never move your coin unless he/she can also press the buttons on your device - no software attack can do that.

If you have less than $100 in crypto, you may ignore the above. Otherwise, please get yourself a HW wallet like Ledger for example.

PS: If you setup a stake pool … cold keys and owner accounts can be secured with a HW wallet too. Do that, instead of moving *.skey files around.

2 Likes

I have been warning guys in my pool telegram group to get a hardware wallet for several months now.
What was a few $100 a year ago is now several $1000s in value. The pain of loss is now very much more real. Whenever I help someone new get into crypto, I don’t start by getting them to set up an exchange account and wallets I tell them if they are serious to go buy a hardware wallet and then Ill help them.
I too have read and spoken to far too many people whose ADA or whatever has just disappeared mysteriously from there wallets. None were using a hardware wallet, most have probably had their pc compromised and had a spending password keylogged and their encrypted keys taken and decrypted with the spending password.
Unless you can 100% guarantee that your pc wont be compromised. Like never ever connecting it to the internet again, this can happen to you.
Also don’t take photos of your key words even temporarily - as mentioned above phones are especially insecure.

1 Like

I have a Trezor. The problem is that the Trezor does not natively accommodate ADA. I left my ADA on exchange for a couple of weeks or so while I worked how to store it.
The solution I found was the AdaLite wallet, which works with the Trezor. That is, the Trezor is used to open the AdaLite wallet and to approve SEND actions.
Still, my ADA seems to have disappeared after I delegated it to a staking pool.

That would be wrong and actually quite impossible - unless there was a phishing attack on your encoded random seed (i.e. those 24 words). What ultimately happened shows up on-chain - have you checked the address in cardanoscan.io? If funds have moved, without someone pressing the buttons on your device, your device’s private key is likely compromised.

Thank you for your advice. very helpful.

I have searched the addresses for my transfers in from the exchange where I purchased the ADA. Cardanoscan.io shows the balance and there is also a “staking key” shown.

So it appears to me that my ADA has not actually disappeared; it is just not showing up in my AdaLite wallet.

Do you have any advice about how I can now manage it? Maybe I can somehow withdraw it and send it somewhere else where I can earn a return from a CeFi platform or use it as security for a crypto loan. Do you have any advice for how I can manage it now? Is it a matter of getting better software?

When you say “cardanoscan.io shows the balance”, is it a balance of an address that your HW controls? Which is unlikely, because otherwise ADALite.io would show it.

Maybe I can somehow withdraw it and send it somewhere else

You can do that if you have the private key to the address that holds “your funds”. I put “your funds” in quotes because it is the very definition of whom the funds belong to i.e. you need to have the private key.

Where did you originally look up the address that you used when sending from you exchange? I get the feeling that it might not be an address that your HW controls.

In Cardano we have the unfortunate situation that a mnemonic created by ADALite, Yoroi, Daedalus is not compatible Ledger, Trezor, Perhaps you sent it to an address created by one of the above wallets and not to a Trezor adress.

I have a Trezor model T.

When I was researching how to store ADA, the article on said that I needed to use AdaLite or Yoroi and then use the Trezor to create/open the wallet. So that is what I did.

My usual experience with using the Trezor is that the Trezor suite holds the private keys.

Sure, but the question still remains - did you send those ADA to an address that the Trezor controls or did you send it perhaps elsewhere? In ADALite | Receive you would want to see the address that is holding your funds in cardanoscan.io

I really don’t know for sure the answer to this question. Perhaps my technical knowledge is insufficient.

It was recommended to connect to AdaLight using my HW device, so that is what I did. Perhaps this was a mistake because if I had used a mnemonic I would have made a copy and then I could use it to get back to where my funds are held. But I have never seen a mnemonic for my AdaLite wallet, because I just used my Trezor.

The addresses were generated from within the AdaLite wallet. There were two addresses for two transactions - to reduce risk, I always start by sending a small amount first to check that everything works before sending a large amount. When I saw the small amount (about 16 ADA) appear in my wallet, I initiated the second transaction.

Perhaps , before initiating the second transaction, I should have closed the wallet and logged back in to see if the first amount was still there.

Probably I should learn from this not to dabble in altcoins as it always seems to end badly for me. They are often difficult to store and to manage (for old technologically challenged persons such as me).
Bitcoin on the other hand (despite a number of limitations) is relatively safe and I have never lost any.

Don’t worry, we get to the bottom of this

That is correct, ADALite does not give you a mnemonic when you connect a HW. A mnemonic is the encoded (not encrypted) form of a large random number, which your private key and all public addresses are derived from. That random seed is securely stored on a special chip on your HW wallet - with a guarantee that it will never leave the that chip. This is how you want it. You probably have a mnemonic for your Trezor - you don’t need another one.

ADALite does not have access to your private key. Instead it drafts the transactions and because it cant sign them itself, it send the raw Tx to the HW to get it signed - this happens when you confirm the Tx on your HW device. Then, the signed Tx is returned to ADALite, which now can send it to the network.

The addresses were generated from within the AdaLite wallet.

No, ADALite only displays addresses that Trezor derives from the random seed on the chip. Specifically, it uses the BIP44 standard (deterministic hierarchical wallets) to do that.

When I saw the small amount (about 16 ADA) appear in my wallet

Can you show me that Tx on cardanoscan? The address should also appear here …

That would be proof that you indeed sent 16 ADA to an address that your HW device controls.

Thanks Tomdx

There were 2 transactions - after paying for gas, the first was for 12.81601 ADA (landed) and the second was for 399.9722 ADA (landed). That was a total of 415.51 that left my exhange account, less gas and any staking fees.

Here is a copy of my cardanoscan search.

But it has truncated the addresses. Here are the addresses:

1q9z5hgmm0vfuzkm8r6mhwvy3amh3rppgccaeh8q062e7tst3gqf02f4pvarujqjyzce3up2999rewappw8m9wxvg02mq0370cq

addr1qxete2zuuuju6ytykvhddjaz203zp0zvvw68fyh52j9h6an3gqf02f4pvarujqjyzce3up2999rewappw8m9wxvg02mq3xa2y8

Here is a scan I’ve just done that seems to show the staking details:

on adalite.io, do you see any transactions on history (not authorized by you)?
can you check inside trezor settings if you have enabled/activated the passphrase option? if yes can you disable and try to connect again the wallet on adalite.io?

Thank you Alexd1985 - that seems to have solved the problem. I can now see 412.788210 in my AdaLite wallet. Not sure why the balance is less than I received, it must be staking fees or something.

But I have now found most of it, so now I just need to figure out hown to send it somewhere where it increases rather than shrinking.

Thanks to all who have helped me with this.

when u registered the stake address (when you delegated 1st time) you paid 2ADA for registration + ~0,2 ADA for transaction fee…
you will receive back 2ADA when you will deregister the stake address

Thanks Alex

If I want to stop staking and send my ADA somewhere else, in what order to I do that? Do I deregister the staking address first and then “withdraw”. I think there is a withdrawal fee . . . .

remember that the rewards are delayed with 2 epochs… best practice is to move everything but keep 1 ADA inside the wallet, then after 2 epochs press withdraw and choose - deregister the address ; after this you can move all funds …

PS: to avoid to much transaction fees, withdraw the rewards once/month or… when you will need them (not each epoch)

Thank you so much for your advice.

1 Like