Yoroi wallet hack

Hi all ,

Just returned from a 4 hiking trip out of service and noticed a transaction was made from my yoroi wallet which I didn’t do-

I am afraid my account has been hacked and someone has sent all my Ada elsewhere.

https://explorer.cardano.org/tx/f4d1018b7e92fd013441fceb3de2978e8d51fa04dad365555c6b8ca0988f7bb6

This is the transaction Id. Is it possible to freeze the account that has the Ada has been sent to?
Or are any measures able to be taken?

Has anyone else been hacked?
Thanks

1 Like

Yes, this forum is full of posts from folks that have lost their funds in one way or another.

Did this happen with your funds secured by a HW wallet (e.g. Ledger)? If not, please consider this … every time you enter your 24-words into a piece of software, your seed can get compromised. Either by the piece of software itself, one of its 3rd party libraries, something reading your keystrokes or your screen, etc., etc. Even if all goes well (and it almost always it does), there is no guarantee that your seed will not get compromised in the future while that software is the custodian of your key - you ultimately have handed over control of your key.

With a HW device, the key is secured on a special chip with all production steps monitored closely. It is guaranteed, that the key never leaves that chip - under no circumstances. Ultimately, this means that no bug/malware can access your funds unless it can also press the buttons on your device.

I feel your grief and that of many others and I know that the above does not help you. I still say it again and again it is so important not to trust any 3rd party unless you are absolutely sure that it is trustworthy (e.g. a certified chip).

The above looks like a screenshot from a phone. Who knows what else is on that phone. Perhaps that Yoroi wallet is not even genuine. We have had plenty of that in the past as well.

There are services that promise to get stolen coins back, but I haven’t seen much positive feedback on those. You may want to go to the police - perhaps they already have some sort of cyber crime department and can track the coins when they leave the target address and make their way to some fiat endpoint where KYC is required.

1 Like

you have been hacked but they let you funds available?

hmmm… strange