Jump to content
Sign in to follow this  
ahrapattoni

Toast wallet compromised

Recommended Posts

Looking for help,

Has anyone on this forum, that stores their xrp in  toast wallet had any unauthorized transactions? I recently went to check my balance of xrp after not logging into my toast wallet for a few months only to discover that all but 28 xrp have been withdrawn from my account. I did not authorize this transaction nor did I initiate this transaction. I thought my xrp was safe being stored in my toast wallet. To make matters worse, there appears to be no customer support for toast wallet. I have tried reaching out to them on this forum numerous times only to be met with silence. I would appreciate any information anyone can give me as to how I can go about getting my xrp back and or how I could get toast wallet customer service to respond. Thank you

Share this post


Link to post
Share on other sites
22 minutes ago, ahrapattoni said:

Looking for help,

Has anyone on this forum, that stores their xrp in  toast wallet had any unauthorized transactions? I recently went to check my balance of xrp after not logging into my toast wallet for a few months only to discover that all but 28 xrp have been withdrawn from my account. I did not authorize this transaction nor did I initiate this transaction. I thought my xrp was safe being stored in my toast wallet. To make matters worse, there appears to be no customer support for toast wallet. I have tried reaching out to them on this forum numerous times only to be met with silence. I would appreciate any information anyone can give me as to how I can go about getting my xrp back and or how I could get toast wallet customer service to respond. Thank you

That should not happen if you have a password that is required to authorize transfers.  Do you have a password that is required before transactions are confirmed?

Share this post


Link to post
Share on other sites
Guest
1 hour ago, ahrapattoni said:

all but 28 xrp have been withdrawn from my account.

The XRPL is publicly visible, so what account did they go to? Have you looked up that account at https://bithomp.com/explorer/fraud.html ? Have you reported it there?

Toast Wallet is non-custodial (at least, the real Toast Wallet is, I don't know about any fake Toast Wallets that might out there). If you were using the real Toast Wallet, its non-custodiality means the problem is more likely to be malware on your computer/phone. Therefore, the following details are relevant:

  • What operating system were your running Toast Wallet on (iOS, Android, Windows, Mac or Linux)?
  • Do you have any other sensitive information on the same computer/phone and have you checked for evidence of that being compromised too? Bank details? Credit card details? Other crypto keys?
  • Have you checked that the toast wallet executable on your computer is the same as the official Toast Wallet download (allowing for any updates)?
50 minutes ago, richxrp said:

I thought my xrp was safe being stored in my toast wallet

Wallet-files store private keys, not XRP. If a thief gains access to your wallet-file, he can copy your private keys and then use them in his own wallet-software. If he's a clever thief, he may wait years between accessing your wallet-file and stealing your funds, silently watching your account until your balance increases. In other words, your computer/phone may have been compromised long before the theft (but human nature makes quick opportunistic theft more likely).

Share this post


Link to post
Share on other sites
4 hours ago, richxrp said:

That should not happen if you have a password that is required to authorize transfers.  Do you have a password that is required before transactions are confirmed?

Yes I do have a password to authorize transactions. I'm beginning to think that my phone was hacked. 

Share this post


Link to post
Share on other sites
3 hours ago, tev said:

The XRPL is publicly visible, so what account did they go to? Have you looked up that account at https://bithomp.com/explorer/fraud.html ? Have you reported it there?

Toast Wallet is non-custodial (at least, the real Toast Wallet is, I don't know about any fake Toast Wallets that might out there). If you were using the real Toast Wallet, its non-custodiality means the problem is more likely to be malware on your computer/phone. Therefore, the following details are relevant:

  • What operating system were your running Toast Wallet on (iOS, Android, Windows, Mac or Linux)?
  • Do you have any other sensitive information on the same computer/phone and have you checked for evidence of that being compromised too? Bank details? Credit card details? Other crypto keys?
  • Have you checked that the toast wallet executable on your computer is the same as the official Toast Wallet download (allowing for any updates)?

Wallet-files store private keys, not XRP. If a thief gains access to your wallet-file, he can copy your private keys and then use them in his own wallet-software. If he's a clever thief, he may wait years between accessing your wallet-file and stealing your funds, silently watching your account until your balance increases. In other words, your computer/phone may have been compromised long before the theft (but human nature makes quick opportunistic theft more likely).

Yeah, i currently use an Android 8.0 device and noticed that an iPhone was added to my profile list of one of my apps that contained my password for my toast wallet. I shutter to think that my phone was compromised given an the sensitive data that was stored in my note taking app. I probly screwed on getting back my funds. I have the address the xrp was sent to, but Idk the first thing about trying to retrieve it. 

Share this post


Link to post
Share on other sites

Don't use these types of wallets and phones for long term storage only use for small amounts if you are trading or need a small amount of crypto on your phone etc.. 

Use a Ledger and lock up your crypto

Share this post


Link to post
Share on other sites
Guest
4 hours ago, ahrapattoni said:

I have the address the xrp was sent to, but Idk

If the thief eventually sends funds directly or indirectly from that address to a KYC/AML-compliant business (e.g. some cryptocurrency exchanges), the evidence against him will become linked to his name. This is why it ought to be a good idea to report the theft to the police. Unfortunately, unless you're a Freemason or otherwise wealthy &/or well-connected, the police will fob you off with patronising smugness about your misplaced faith in magic internet money. Bithomp's fraud-reporting service could be a better bet.

Share this post


Link to post
Share on other sites
17 minutes ago, tev said:

"Bithomp's fraud-reporting service could be a better bet." 

Not sure how that fits in, but I think "Warbler" on XRPChat, here. IS creator/Bithomp's guy. Interested in the thread info here because my brother has a "toast wallet". 

Share this post


Link to post
Share on other sites
Guest
44 minutes ago, SilverSailor said:

Not sure how that fits in,

Two ways in which it might help:

  1. Multiple independent reports of fraud associated with the same address ought to carry more weight with police & courts.
  2. If victims make themselves known through Bithomp's form, it's easier to return funds to them after the thief gets caught.

Share this post


Link to post
Share on other sites

So I found out how the xrp was stolen. I had my recovery passwords and phrases stored in my Evernote app which was fingerprint protected. However they still managed to obtain my credentials for that app, added their "iPhone" device to my profile and scanned my notes for crypto currency related information. Found what they were looking for and boom. Now I'm chasing it to ground with Evernote but they'll probly tell me to **** off since I didn't have 2FA enabled, even though it was their fault security was breached. Let this be a lesson if you don't already know, store sensitive information in a physical location and/or use 2FA if you don't. 

Share this post


Link to post
Share on other sites
54 minutes ago, Flintstone said:

Make sure you report the account to Bithomp.

Not sure how to do that. Here's their address. 

rwmUeFZnxCDe8KBQSR9or7fYPSJsCzRRZz

Do whatever you want with this, they hacked me so IDGAF. 

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...