Yoroi Wallet Hacked?

I opened my yoroi wallet today to notice that practically all of my ADA had been sent to an unknown address. A significant amount. I did not authorize a transaction. It has been a few weeks since I added funds and staked them in the waller and I have not even opened the wallet for several days. The transaction occurred yesterday . I am using an Iphone app. Is there anything I can do? The transaction is still showing in red. Does that mean it has not totally gone through yet? Is there a way to freeze a transaction on my end? I have all the transaction information. I have emailed support and have not heard back. Help!

1 Like

If the transaction has been confirmed by the network, there is nothing you can do anymore.

Your seedphrase has probably been compromised in someway so the scammer had access to your funds…

Im sorry for you but the funds are gone.

Just out of interest, what spending password did you use? But make sure you don’t use it for any other service before posting, and that you change it for your wallet, in case there is still Ada in it or you plan to use it. You might have some malware on your computer which stole the wallet and hacked the password.

I think the spending password test for Yoroi is a disaster. Looks like it just checks if the password is 10 characters long. Here is a nice password test tool, which tells you how long criminals need to crack a password:

Of course, don’t enter any of your real passwords in it, they might collect it. But they are using a wordlist to check the secuirty, so if you try “helloworld”, it can be hacked in less than a second. Worse for something like “1111111111”, which is all accepted and perfectly fine for the Yoroni wallet software.

And always report such thefts to the police. They have more possibilities to get the money back, e.g. collaborate with exchanges and then catch them, when the criminals want to exchange the Ada, or examine your computer to trace the malware back to the originator (but they might do this only for lots of stolen Ada).

Hi, I am experiencing same hacking issue and can’t understand how anyone can hack my wallet. I left an inquiry to Yoroi customer support but is this something that they can’t recover?

Unfortunately, there is no way to stop a transaction once it has been submitted to the network. One tell-tale sign of a hack is if your ADA ends up at a Byron address (begins with DdzFF). A few of the smaller exchanges still use these; that’s where hackers tend to launder the stolen ADA.

To any hodlr reading this, please buy a ledger Nano X (directly from Ledger). Hardware wallets will prevent such hacks.

2 Likes

are you all hacked using ledger or something else?

They arent hacked. They compromised their seedphrase somehow.

1 Like

Thanks for the kind explanation. I have staked my ADA to one of the staking pool and is there any chance that it was hacked during the staking process? There was in-wallet transaction before it was sent out.

2021년 10월 8일 (금) 오전 5:12, Chris Graffagnino via Cardano Forum <cardano@discoursemail.com>님이 작성:

Yes, I am waiting for the Yoroi customer support 's answer but is there 24/7 support Live Chat support in Yoroi Wallet? Their response is too slow.

I only access Yoroi Wallet from my smartphone and left untouched after the staking. So I contacted Staking Pool company, Pilot Pool, and their answer is that it’s not normal.

I trusted Yoroi Wallet security and can’t believe what has happened to my account. SOS!

2021년 10월 8일 (금) 오전 6:50, Norah via Cardano Forum <cardano@discoursemail.com>님이 작성:

1 Like

Thank you so much!

2021년 10월 8일 (금) 오전 7:31, Norah via Cardano Forum <cardano@discoursemail.com>님이 작성:

But this is more suspicious. Why are they asking Seed phrase?

2021년 10월 8일 (금) 오전 7:48, Norah via Cardano Forum <cardano@discoursemail.com>님이 작성:

1 Like

Norah is clearly a scammer that is phishing. Don’t contact that number!

1 Like

As @ADAproblems mentioned lately there are many bots and scammers on the forum. The administrators are not able to remove those immediately. So be cautious and NEVER give away your seed phrase to anyone.

For sure! Thanks for your advice.

2021년 10월 8일 (금) 오후 5:10, Nik via Cardano Forum <cardano@discoursemail.com>님이 작성:

Of all the advice I’ve read, and believe me, I’m still reading, the information about Byron era addresses being used by hackers has by far shed the most light. I just can’t figure it out. Some of the advice about just leaving seed words lying around doesn’t apply to everyone. PLEASE comment some more about hackers’ use of Byron era wallets and some of their known techniques. :pray:t5: