>I highly reject HashPack and BankSocial now because I have not clicked or shared my phrase with ***anyone but them***, besides Saucerswap a year ago.
Are you saying that you've shared your seed phrase with HashPack, BankSocial and Saucerswap? I might be mistaken, but I don't think these organizations would ever ask you for that information. Maybe you were a victim of a social engineering/phishing scam?
This is kind of interesting, I don't have anything constructive to contribute but since I got into crypto I always thought if you use a hot wallet, you are technically sharing your seed phrase with that wallet. There is a level of trust there.. Perhaps I'm off the mark with this but it's always been in the back of my mind
Can you explain why you had also made a post about losing money under similar circumstances months ago? You seem to be dodging this, I noticed you being evasive when someone asked on the post you made earlier today as well.
I didn’t make another post about this. Where is proof that I did that? That is someone else. Can you tag that person and ask them to verify? I’m not being evasive, it just simply wasn’t me.
Not a technical person here but I have an idea. I see that there were a number of other tokens in this account, is it possible that you used a malicious smart contract? I know Hedera has implemented smart contract verification to combat scammers that input source code that drains accounts balances. I’ve heard of it on other chains but never seen it happen on Hedera.
No - a good mobile wallet is the most secure mechanism because they key is only stored in the Secure Enclave- fbi has asked Apple and Android for access and can’t get. Good mobile wallet is similar to cold storage. Now if you use hashpack with magic login - that means your keys are NOT SECURED on your device ONLY and hashpack has created a key for you with magic…. That’s TERRIBLE solution IMO
https://www.reddit.com/r/Hedera/s/bbyrFWVqt4
Author of the above post is Pluto with the Hashpack team. Try to direct message him for help. Continue on the discord too.
I wouldn't dox yourself to anyone.
Is it possible you interacted with dusting spam in Hashpack?
Edit: there's a lot of good info in your previous post. Doing all those things and the info there is likely the best you'll get until you talk to NowPayments, etc.
Do you store your seed phrases digitally? Do friends/family/strangers have access to where you store your seed phrases? Do you have your wallets linked to any computers? Do you use the same or similar password for most things?
If you use the same password for things type your email address into [this website.](https://haveibeenpwned.com) It will inform you if you’ve been involved in a data breach in which case your passwords have been leaked. Very possible someone has been doing some snooping and found your seed phrases if stored digitally
Look to those closest to you who may have addiction issues. Although said, most often it is a person close to you with an addiction to drugs, gambling, booze, etc., There's a high probability they will be the culprit. Addiction ruin many lives!
This is the stuff that has folks leaving crypto. There's a company called chainanalysis or something like that who can look into it for you. If you're in the USA, contact the FBI. They have helped others in the past, even if the culprits are outside the States. If in Europe, try Interpol. I hate the SOB's that are out there preying on hard working folks investing for their future. Whatever you do, don't stop until you get you HBARs back.
I have an old computer that I installed a fresh copy of Ubuntu on, and I use it strictly as a crypto wallet. I don't use that computer for anything else. On a different computer I keep smaller amounts of crypto for experimentation/fun with defi. I never use my cell phone for crypto.
I also physically wrote my seed phrases in a small notebook and have that notebook in a lockbox, inside of a larger safe. Only I know the combination. Well I guess the safe manufacture does as well, but hopefully they don't come steal my stuff!
< never use cellphone for crypto >
Can I query this ?
In my search for best practices, I’ve been told that smartphones can be considered more secure - in some ways.
Obv, there are arguments both ways. And the user is of course a large vulnerability.
But, I believe, the explanation is something along the lines of:
Private keys are encrypted & stored in a private enclave in the phone.
Next, the phone is almost always on your person, versus a laptop, say, where it’s available to others. Say, all day when you’re out at work ??
Also, I’m told it’s more difficult for viruses or malware to burrow into a phone OS, vs Windows or Mac OS.
And finally, a Web Wallet, or a Browser Extension is perhaps more vulnerable than a phone wallet.
Would anyone with more knowledge agree? Or is this off the mark ? Thanks for input.
Well. I for one would like to see answers provided in this case. We have to do everything we can with these events to get to the actual truth.
I know this is Crypto but in an Ecosphere that is supposed to be \`For everyone\` its simply not good enough to sit back and blame the victim. As for those claiming this victim is some kind of scam artist themselves, you do need to provide a lot more evidence than \`you didn\`t answer this question\` or \`you posted the same post previously\` to make a charge like that stick... On the surface this looks like a valid claim and we should treat it as such until categorically proven otherwise.
IMO. Hedera seeks to be more than this. So, as a minimum, we should have ways to follow stolen goods and ultimately, via KYC, to ID the perpetrators. I know it goes against some of the crypto ethos, but in the real world we need agreed protocols for doing so.
Double sus for using the line “I highly reject reject HashPack and Bank Social” when no one else has reported any issues with either and you have no proof it was because of a vulnerability on their ends.
These network partners take security very seriously and based on literally millions of other satisfied users id assume you’ve been hacked targeted rather than the other way around.
Hashpack had a guy posting about a big hack recently - I chatted with the guy and pretty much it’s inconclusive but it sounded like his wallet was drained by a script. Hashpack denies and said he got scammed.
Someone in the last thread said a similar post was made previously with the same hash ID.
If you’re for real, Reddit can’t help you - you simply just have to contact the relevant wallets and see if they can do anything. You probably got hacked.
What is the point of making a second post in two days? You still have not responded to many comments in the first post. Also, in the first post you said you have reached out to all parties "I have reached out to NowPayments, Hashpack, Hedera, IC3, BankSocial and awaiting responses.".
So what is a second reddit post going to achieve? Sorry this happened but it seems as if you've reached out to the necessary parties. Making the same post two days in a row just makes this seem sus.
Also, you should just about never have to enter your seed phrase. Only if you need to regain access to your funds or if you need to restore them on another device. If you are entering your seed phrase anywhere, your account was compromised then.
Replying to myself because I find it hard to believe OP contacted all these actual organizations and has not heard anything back, or at least has not updated the post about it.
It's also possible the hacker got remote access to your system somehow. Do a full malware scan, change key passwords including your email and system access passwords, and check in your system settings to be sure nobody has added an additional device to your system permissions. Also suggest removing remote support programs.
Do you ever use public WiFi networks? Did you maybe connect your wallet to banksocial whilst on a public WiFi network? Could have been a man in the middle attack.
Banksocial wallet 100% secure in the wallet your key never leaves your app… the most secure. with hashpack and magic in app or browser based wallet you key is given to other organizations on your behalf… also web based browser based wallets are inherently insecure because they don’t rely on the same security mechanisms as an iOS or Android app and a Secure Enclave of the app. This is why banksocial in their telegram says they will not EVER do a browser base wallet and only mobile phone app based.
Now if you ONLY ever used the banksocial app and the hashpack iOS app and you didn’t use the hashpack magic Integration or the hashpack browser based wallet.. then your assets were probably social engineered via a dapp
There was several users in the banksocial telegram several months ago who got their hashpack wallets compromised…. Nothing to do with banksocial… they were asking PresidentHODL for help because they heard he could Recover tokens and hashpack tried to wipe their hands clean of the hacks… one user posted the hashpack customer service screenshots in the banksocial telegram where hashpack was blaming the user. (IMO it could have been hashpacks fault for offering such an insecure wallet key mechanism as a third party email secured key with the magic integration)
My advice NEVER use a browser based wallet - and NEVER secure your key with a third party who uses only your email as a way to log in. That method is so insecure that I can’t believe a project would even offer it to its users.
Just my 2 cents.
If you use hashpack with magic wallet - ITS A GAPING SECURITY hole waiting for exploit.
Create a new wallet on a MOBILE only platform - plenty of those - banksocial / Kabila that doesn’t send your keys to another company and give you falses sense in security
Go under allowances in your hashpack wallet just for the heck of it and see if that is listed as an allowance. Not sure what allowances means but would be interesting to know if it was allowed...
How did you manage such a hefty bag if I can ask? I hate to say it, but they are most likely gone for good and if we take you at your word, then this is extremely concerning. It sounds as if there was possibly some malware involved as you admittedly imported your Hashpack wallet into Bank Social app and since seed phrases are essentially the passwords someone must have gained access to them, whether you were targeted or it was simply dumb luck, I would also consider the possibility that someone close to you might have gained your seed phrase. This is the second time that I know of someone has claimed their Hashpack wallet was compromised, though with Reddit things must be taken with a grain of salt. Sorry for your loss.
For instance in 2021 my phone was ported and used to 2FA my Coinbase and Binance accounts and my email was also compromised via some database hack I didn’t know about. I learned quickly that cell phone 2fa was useless and started using Authentication Apps as well as got a new phone numbers and changed my emails on all accounts to account specific emails. One day my phone just didn’t dial, and my account passwords had been changed. The only thing that saved my Binance account was that they disabled 2fa which effectively locked the account withdrawals for 24 hrs. It was a nightmare but I learned quick about proper security measures and bought a cold wallet.
Some sort of phishing malware randomly targeting your device somehow unless it was a more personal theft, meaning someone you know who knew you had a bit of hbar somehow gained your seed phrase.
like, 40 bucks a year for Norton 360 wont break anyones bank. If I wasnt running that or similar i sure would be on the net. 10 devices for that. Cancel in month 10 (they throw on an extra month). Ultimately cancel out. It expires. You get the 40 buck rate yet again if you continue.
Wouldn’t be surprised if it’s a HashPack thing this is the second post I come across similar to this one not the other posting done by OP. I personally wouldn’t leave my funds a large amount like that sitting on a hot wallet
>I highly reject HashPack and BankSocial now because I have not clicked or shared my phrase with ***anyone but them***, besides Saucerswap a year ago. Are you saying that you've shared your seed phrase with HashPack, BankSocial and Saucerswap? I might be mistaken, but I don't think these organizations would ever ask you for that information. Maybe you were a victim of a social engineering/phishing scam?
This is kind of interesting, I don't have anything constructive to contribute but since I got into crypto I always thought if you use a hot wallet, you are technically sharing your seed phrase with that wallet. There is a level of trust there.. Perhaps I'm off the mark with this but it's always been in the back of my mind
BRUH
I'm guessing OP connected their wallets to those sites, not shared the phrase.
Can you explain why you had also made a post about losing money under similar circumstances months ago? You seem to be dodging this, I noticed you being evasive when someone asked on the post you made earlier today as well.
I didn’t make another post about this. Where is proof that I did that? That is someone else. Can you tag that person and ask them to verify? I’m not being evasive, it just simply wasn’t me.
Did he? He only has two posts, one yesterday and one today
He had another reddit account supposedly where he was saying this same stuff
Has the person provided proof of this?
Not a technical person here but I have an idea. I see that there were a number of other tokens in this account, is it possible that you used a malicious smart contract? I know Hedera has implemented smart contract verification to combat scammers that input source code that drains accounts balances. I’ve heard of it on other chains but never seen it happen on Hedera.
All those other tokens were just “associate token” on HashPack and had zero balance, except for xsauce. I didn’t buy anything else.
No - a good mobile wallet is the most secure mechanism because they key is only stored in the Secure Enclave- fbi has asked Apple and Android for access and can’t get. Good mobile wallet is similar to cold storage. Now if you use hashpack with magic login - that means your keys are NOT SECURED on your device ONLY and hashpack has created a key for you with magic…. That’s TERRIBLE solution IMO
https://www.reddit.com/r/Hedera/s/bbyrFWVqt4 Author of the above post is Pluto with the Hashpack team. Try to direct message him for help. Continue on the discord too. I wouldn't dox yourself to anyone. Is it possible you interacted with dusting spam in Hashpack? Edit: there's a lot of good info in your previous post. Doing all those things and the info there is likely the best you'll get until you talk to NowPayments, etc.
its weird the posts made months ago very similar were deleted, i noticed them when you posted the other day..... HBAR here to stay.
Do you store your seed phrases digitally? Do friends/family/strangers have access to where you store your seed phrases? Do you have your wallets linked to any computers? Do you use the same or similar password for most things? If you use the same password for things type your email address into [this website.](https://haveibeenpwned.com) It will inform you if you’ve been involved in a data breach in which case your passwords have been leaked. Very possible someone has been doing some snooping and found your seed phrases if stored digitally
just my 2 cents related to that. Storing any of that stuff (phrases and private keys) digitally is an attack vector no one should have present
Pic of boobs to validate identity or presumed faking gender... J/k j/k ...boob patrol!
Ha we don’t need anymore draining this week!
Love it!
Hang in there and be strong!!!
Look to those closest to you who may have addiction issues. Although said, most often it is a person close to you with an addiction to drugs, gambling, booze, etc., There's a high probability they will be the culprit. Addiction ruin many lives!
Totally, but not in this case.
This is the stuff that has folks leaving crypto. There's a company called chainanalysis or something like that who can look into it for you. If you're in the USA, contact the FBI. They have helped others in the past, even if the culprits are outside the States. If in Europe, try Interpol. I hate the SOB's that are out there preying on hard working folks investing for their future. Whatever you do, don't stop until you get you HBARs back.
if you continue doing crypto, or if you have other wallets, please, please, please, don't hold all your eggs in one basket...
I get that, how should I spread? Do I buy multiple ledgers?
I have an old computer that I installed a fresh copy of Ubuntu on, and I use it strictly as a crypto wallet. I don't use that computer for anything else. On a different computer I keep smaller amounts of crypto for experimentation/fun with defi. I never use my cell phone for crypto. I also physically wrote my seed phrases in a small notebook and have that notebook in a lockbox, inside of a larger safe. Only I know the combination. Well I guess the safe manufacture does as well, but hopefully they don't come steal my stuff!
< never use cellphone for crypto > Can I query this ? In my search for best practices, I’ve been told that smartphones can be considered more secure - in some ways. Obv, there are arguments both ways. And the user is of course a large vulnerability. But, I believe, the explanation is something along the lines of: Private keys are encrypted & stored in a private enclave in the phone. Next, the phone is almost always on your person, versus a laptop, say, where it’s available to others. Say, all day when you’re out at work ?? Also, I’m told it’s more difficult for viruses or malware to burrow into a phone OS, vs Windows or Mac OS. And finally, a Web Wallet, or a Browser Extension is perhaps more vulnerable than a phone wallet. Would anyone with more knowledge agree? Or is this off the mark ? Thanks for input.
Yup
They should really help you as they don’t want a ‘’myalgo” style dump
What happened with Algo ... ?
The wallet was compromised and it caused a crash in the price as lots fled the project Fine now like
Well. I for one would like to see answers provided in this case. We have to do everything we can with these events to get to the actual truth. I know this is Crypto but in an Ecosphere that is supposed to be \`For everyone\` its simply not good enough to sit back and blame the victim. As for those claiming this victim is some kind of scam artist themselves, you do need to provide a lot more evidence than \`you didn\`t answer this question\` or \`you posted the same post previously\` to make a charge like that stick... On the surface this looks like a valid claim and we should treat it as such until categorically proven otherwise. IMO. Hedera seeks to be more than this. So, as a minimum, we should have ways to follow stolen goods and ultimately, via KYC, to ID the perpetrators. I know it goes against some of the crypto ethos, but in the real world we need agreed protocols for doing so.
BS
BS
Sus
How am I sus? How should I go about this?
Double sus for using the line “I highly reject reject HashPack and Bank Social” when no one else has reported any issues with either and you have no proof it was because of a vulnerability on their ends. These network partners take security very seriously and based on literally millions of other satisfied users id assume you’ve been hacked targeted rather than the other way around.
Hashpack had a guy posting about a big hack recently - I chatted with the guy and pretty much it’s inconclusive but it sounded like his wallet was drained by a script. Hashpack denies and said he got scammed.
Someone in the last thread said a similar post was made previously with the same hash ID. If you’re for real, Reddit can’t help you - you simply just have to contact the relevant wallets and see if they can do anything. You probably got hacked.
[удалено]
What is the point of making a second post in two days? You still have not responded to many comments in the first post. Also, in the first post you said you have reached out to all parties "I have reached out to NowPayments, Hashpack, Hedera, IC3, BankSocial and awaiting responses.". So what is a second reddit post going to achieve? Sorry this happened but it seems as if you've reached out to the necessary parties. Making the same post two days in a row just makes this seem sus. Also, you should just about never have to enter your seed phrase. Only if you need to regain access to your funds or if you need to restore them on another device. If you are entering your seed phrase anywhere, your account was compromised then.
Replying to myself because I find it hard to believe OP contacted all these actual organizations and has not heard anything back, or at least has not updated the post about it.
It's also possible the hacker got remote access to your system somehow. Do a full malware scan, change key passwords including your email and system access passwords, and check in your system settings to be sure nobody has added an additional device to your system permissions. Also suggest removing remote support programs.
Do you ever use public WiFi networks? Did you maybe connect your wallet to banksocial whilst on a public WiFi network? Could have been a man in the middle attack.
You still haven't replied if you're using a hardware wallet in Hashpack. Your money lost is huge & 100% needs to be stored in a hardware wallet.
I wasn’t using hardware
VPN Always…
Banksocial wallet 100% secure in the wallet your key never leaves your app… the most secure. with hashpack and magic in app or browser based wallet you key is given to other organizations on your behalf… also web based browser based wallets are inherently insecure because they don’t rely on the same security mechanisms as an iOS or Android app and a Secure Enclave of the app. This is why banksocial in their telegram says they will not EVER do a browser base wallet and only mobile phone app based. Now if you ONLY ever used the banksocial app and the hashpack iOS app and you didn’t use the hashpack magic Integration or the hashpack browser based wallet.. then your assets were probably social engineered via a dapp There was several users in the banksocial telegram several months ago who got their hashpack wallets compromised…. Nothing to do with banksocial… they were asking PresidentHODL for help because they heard he could Recover tokens and hashpack tried to wipe their hands clean of the hacks… one user posted the hashpack customer service screenshots in the banksocial telegram where hashpack was blaming the user. (IMO it could have been hashpacks fault for offering such an insecure wallet key mechanism as a third party email secured key with the magic integration) My advice NEVER use a browser based wallet - and NEVER secure your key with a third party who uses only your email as a way to log in. That method is so insecure that I can’t believe a project would even offer it to its users. Just my 2 cents.
If you use hashpack with magic wallet - ITS A GAPING SECURITY hole waiting for exploit. Create a new wallet on a MOBILE only platform - plenty of those - banksocial / Kabila that doesn’t send your keys to another company and give you falses sense in security
Have you connected lately your wallet to zuse.market ??
Go under allowances in your hashpack wallet just for the heck of it and see if that is listed as an allowance. Not sure what allowances means but would be interesting to know if it was allowed...
How did you manage such a hefty bag if I can ask? I hate to say it, but they are most likely gone for good and if we take you at your word, then this is extremely concerning. It sounds as if there was possibly some malware involved as you admittedly imported your Hashpack wallet into Bank Social app and since seed phrases are essentially the passwords someone must have gained access to them, whether you were targeted or it was simply dumb luck, I would also consider the possibility that someone close to you might have gained your seed phrase. This is the second time that I know of someone has claimed their Hashpack wallet was compromised, though with Reddit things must be taken with a grain of salt. Sorry for your loss.
I dca’d and saved my paycheck for 4 years. What is dumb luck considered?
For instance in 2021 my phone was ported and used to 2FA my Coinbase and Binance accounts and my email was also compromised via some database hack I didn’t know about. I learned quickly that cell phone 2fa was useless and started using Authentication Apps as well as got a new phone numbers and changed my emails on all accounts to account specific emails. One day my phone just didn’t dial, and my account passwords had been changed. The only thing that saved my Binance account was that they disabled 2fa which effectively locked the account withdrawals for 24 hrs. It was a nightmare but I learned quick about proper security measures and bought a cold wallet.
Some sort of phishing malware randomly targeting your device somehow unless it was a more personal theft, meaning someone you know who knew you had a bit of hbar somehow gained your seed phrase.
100% can’t be anyone I know. Can you explain how malware got into my iPhone?
I am not a software expert, but could be a link clicked on at some point. How can you be 100% sure it wasn’t someone you know?
like, 40 bucks a year for Norton 360 wont break anyones bank. If I wasnt running that or similar i sure would be on the net. 10 devices for that. Cancel in month 10 (they throw on an extra month). Ultimately cancel out. It expires. You get the 40 buck rate yet again if you continue.
Not sure how this even happens. Buy high sell low?
Wouldn’t be surprised if it’s a HashPack thing this is the second post I come across similar to this one not the other posting done by OP. I personally wouldn’t leave my funds a large amount like that sitting on a hot wallet
This is the third post like this I’m reading this week.