×

26
27

28 XMR stolen from my GUI wallet today! (i.redd.it)

enviado por raph_ael

todos los 43 comentarios
ordenado por:
mejores
popularnuevopolémicoviejoq&a

[–]raph_ael[S] 32 puntos33 puntos  (13 hijos)

Follow up:

A F*CKING MASSIVE MISTAKE

Recap: I opened my GUI yesterday and I was waiting for 8 XMR to arrive. I had sent them to my GUI wallet and after synchronisation of the Blockchain as well as Daemon was complete, the 8 XMR were still not showing up. I got concerned and updated my GUI to the newest version. Still only 20 XMR and no sign of the recently transfered 8 XMR from yesterday.

Now comes the likely mistake (please don't be too mean because I am already suffering from my approx. 2.5K USD loss..)

-> I went to f*cking xmrwallet.com to check there, whether I could see the missing funds...<-The UI of the Monero Block-Explorer seems to complicated for me and I don't know how to look up an address, if that is possible at all given the whole privacy structure.

So there I was on xmrwallet and only the 20 XMR were showing up. I trusted the website because their policy states, that they cannot access private keys. I then logged out again and went to sleep.

I then checked again this morning in the GUI and it still showed my 20 XMR and no sign of the 8 XMR I waited for.

After a quick appoint in the afternoon I got back home and checked the GUI hoping, that the problem would be fixed after restarting and re-syncing everything a few times. Finally the missing 8 XMR that I was waiting for had arrived but were already withdrawn including all my other Monero. So I lost a total of 28 XMR all-together.

I guess it must have been the guys from the xmrwallet domain. SH!T :( --- The funds were showing in my synced GUI this morning but I was still missing the 8 XMR. They must have waited to see if there are more funds incoming before exit scamming...

There are quite a few services out there with browser accessible ETH and BTC wallets, such as https://coinb.in, which I am using regularly without problems.

Sorry if anyone from XMR development team got worried. The blame must be on me for blatantly being so naiv and to trust this domain. I checked and saw people were using it without problems before I proceeded but I guess I got blinded by the deception of their apparently good reputation and their website policy that looked safe.

If anyone thinks there is a bug with GUI, you cannot blame them or anyone from Monero as this was most likely a fraud scam from xmrwallet.com.

The only thing that I find so annoying is that GUI wouldn't show me the 8 XMR, which led me to try something different and resulted in a total loss of my Monero.

The scammers domain is registered in Arizona and I wonder if anyone has an idea how to sue them?

I am from Europe and have not had much experience in legal issues especially not with an untraceable cryptocurrency lol.

The least it should be possible to take that site down, right?

Thanks for all the comments, guys and I hope someone can learn from my mistake.

Domain Name: xmrwallet.com

Registry Domain ID: 2055949350_DOMAIN_COM-VRSN

Registrar WHOIS Server: whois.namesilo.com

Registrar URL: https://www.namesilo.com/

Updated Date: 2020-08-07T07:00:00Z

Creation Date: 2016-08-29T07:00:00Z

Registrar Registration Expiration Date: 2025-08-29T07:00:00Z

Registrar: NameSilo, LLC

Registrar IANA ID: 1479

Registrar Abuse Contact Email: abuse@namesilo.com

Registrar Abuse Contact Phone: +1.4805240066

Domain Status: clientTransferProhibited https://www.icann.org/epp#clientTransferProhibited

Registry Registrant ID:

Registrant Name: Domain Administrator

Registrant Organization: See PrivacyGuardian.org

Registrant Street: 1928 E. Highland Ave. Ste F104 PMB# 255

Registrant City: Phoenix

Registrant State/Province: AZ

Registrant Postal Code: 85016

Registrant Country: US

Registrant Phone: +1.3478717726

Registrant Email: pw-1926f8aa79b242a3fc8e379135582ab4@privacyguardian.org

Registry Admin ID:

Admin Name: Domain Administrator

Admin Organization: See PrivacyGuardian.org

Admin Street: 1928 E. Highland Ave. Ste F104 PMB# 255

Admin City: Phoenix

Admin State/Province: AZ

Admin Postal Code: 85016

Admin Country: US

Admin Phone: +1.3478717726

Admin Email: pw-1926f8aa79b242a3fc8e379135582ab4@privacyguardian.org

Tech Name: Domain Administrator

Tech Organization: See PrivacyGuardian.org

Tech Street: 1928 E. Highland Ave. Ste F104 PMB# 255

Tech City: Phoenix

Tech State/Province: AZ

Tech Postal Code: 85016

Tech Country: US

Tech Phone: +1.3478717726

Tech Email: pw-1926f8aa79b242a3fc8e379135582ab4@privacyguardian.org

Name Server: jade.ns.cloudflare.com

Name Server: peyton.ns.cloudflare.com

DNSSEC: unsigned

URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/

>>> Last update of WHOIS database: 2020-08-13T07:00:00Z <<<

[–]srKRtenP 6 puntos7 puntos  (0 hijos)

What information did you put into xmrwallet.com ?

[–]selstaXMR Contributor 6 puntos7 puntos  (1 hijo)

This is really unfortunate to hear :/

Do you still have your browser history? Did you visit xmrwallet.com or just as similar domain?

[–]raph_ael[S] 4 puntos5 puntos  (0 hijos)

It was this one

[–][deleted] 5 puntos6 puntos  (1 hijo)

What did you give them? The private key?

[–]raph_ael[S] 2 puntos3 puntos  (0 hijos)

Yes

[–]Corm 3 puntos4 puntos  (2 hijos)

You put your private keys into the website?

[–]eosmcdee 1 punto2 puntos  (1 hijo)

many people willingly do this, see how much MEW is used

[–]Corm 1 punto2 puntos  (0 hijos)

Well, they should not do that

[–]HoboHaxor 1 punto2 puntos  (1 hijo)

Well at least we have an answer. Do feel for ya!

But the registrar is in Arizona, not necessarily the domain.

The domain is at digital ocean, it seems. The cloudflare DNS is a bit odd

The domain has been live for ~4 years.

I like, for quick recon:

https://www.whoishostingthis.com/

and

https://viewdns.info/

[–]defineNothing 0 puntos1 punto  (0 hijos)

Is xmrwallet.com exit scamming?

[–][deleted] 13 puntos14 puntos  (0 hijos)

Is this Linux, Windows, or Mac OS? Most likely your computer is infected with malware. Or someone got a hold of your mnemonic seed.

[–]Informal_Sign 8 puntos9 puntos  (0 hijos)

Did you check the hash of the download? Did you download from getmonero.org or https://github.com/monero-project/monero-gui/releases ?

[–][deleted] 11 puntos12 puntos  (0 hijos)

Somebody got hold of your private keys somehow.

[–]ferlix90 10 puntos11 puntos  (0 hijos)

How is that possible ? Did u leak you worlds/priv key ?

[–]Febos 6 puntos7 puntos  (0 hijos)

0.23 cent fee.

[–]mathiros 3 puntos4 puntos  (0 hijos)

Use a ledger device next time to protect your private keys.

[–]tjc4 6 puntos7 puntos  (1 hijo)

You fucked up. How?

[–]Myflyisbreezy 22 puntos23 puntos  (0 hijos)

If I'm reading this right the user typed their 25 word seed into a website to check the content of a wallet.

[–]lol_VEVO 6 puntos7 puntos  (1 hijo)

F

[–]raph_ael[S] 2 puntos3 puntos  (7 hijos)

I don’t understand how the get on the first google page and basically steal money

[–]selstaXMR Contributor 13 puntos14 puntos  (2 hijos)

Scammers usually purchase ads for the keyword "monero wallet"

The problem is also that xmrwallet.com has been legit in the past, it could be that they started to selectively scam.

[–]pebx 1 punto2 puntos  (1 hijo)

They also might got compromised themselves and the intruder looking only for keys with a certain amount of coins. Just speculating...

[–]rbrunner7XMR Contributor 3 puntos4 puntos  (3 hijos)

Like /u/selsta, I can confirm that at least in the past, and at least for small amounts of XMR, xmrwallet.com was legit and did work: Just a few weeks ago I sent a small amount there and out again to check whether that web wallet still properly works at all, after its author has not shown signs of life for quite a while.

On the other hand there indeed has been somebody making Google adds for a fake copy of xmrwallet.com (see this thread from about 3 weeks ago); that's why people are asking you whether you indeed went to the genuine, original xmrwallet.com.

[–][deleted] 0 puntos1 punto  (2 hijos)

This is the scam:

1) Create website.

2) Let users move small amounts around.

2a) Let users report site works great.

3) When large amounts hit, steal those amounts.

4) Let users move small amount around.

4a) Let users report site works great.

Rinse and repeat. (most assuredly this is all automatic as well).

[–]in_the_small_pot 2 puntos3 puntos  (0 hijos)

RIP

[–][deleted] 1 punto2 puntos  (5 hijos)

Probably wouldn't happen with a ledger.

[–][deleted] 1 punto2 puntos  (4 hijos)

I thought ledger didnt support XMR?

[–]split41 0 puntos1 punto  (0 hijos)

it does

[–]anhdresMonerujo Dev 0 puntos1 punto  (0 hijos)

it works with the official GUI and with Monerujo ;)

[–]raph_ael[S] -1 puntos0 puntos  (1 hijo)

If anyone is able to either help me get my xmr back or take the domain xmrwallet.com down-> I will reward them kindly with 300 USD .. I am really frustrated and disappointed by what happened.

[–][deleted] 0 puntos1 punto  (0 hijos)

About the only thing you can do at this point is to beg for your XMR back. Any time you give up your mnemonic seed or private spending key to some other entity, you are no longer in control of those funds.

Even when you buy XMR on an actual exchange, those funds are still not yours until those fund are transferred to a wallet you control 100%.

I am sure at this point you probably understand this already.

Another thing to keep in mind is that the cryptocurrency space is full of idiots who will gladly steal/spend YOUR funds once they have them on useless shit/projects, and useless people. This community is no different. Caveat Emptor.