Jump to content

XRP Hacking is happening with some bug in XRP (?)


Recommended Posts

24 minutes ago, Swhip_ said:

The reason for my search is that I believe my XRP was stolen and received by this account when I accessed my Toast Wallet account today (browser link: https://toastwallet.app/)

That link looks suspicious. But I've never used Toast online so not 100% sure. Can anybody else vouch for the authenticity of that site?

Reasons it looks suspicious:

  • Toast is discontinued, and the official Github links to a different URL: see https://github.com/ToastWallet/browser
  • The toastwallet.app domain was only registered on the 4th of March this year. Odd for a discontinued project to register a new domain. Look it up here: https://lookup.icann.org/lookup
  • The XRP account that your XRP were sent to looks like an account used for hacks - lots of incoming transactions from a large number of unique addresses, with no other activity... and the first transaction was on the day that the toastwallet.app domain was registered.

 

I'm sorry, it looks like another scam.

And unfortunately, it's right at the top of Google (as an Ad for me) for a search for Toast Wallet :(

Edited by at3n
Link to post
Share on other sites
  • Replies 25
  • Created
  • Last Reply

Top Posters In This Topic

Top Posters In This Topic

Popular Posts

Both Droplet and Toast Plus appear to be scams, which probably steal secret keys and funds. Stay away from them. If possible, report them to Apple so that they can maybe be removed from the app store.

The account you list is receiving XRP from several wallets, but those transactions look legit and the couple I spot-chceked carry valid signatures. There's no bug, as far as I can tell.

That link looks suspicious. But I've never used Toast online so not 100% sure. Can anybody else vouch for the authenticity of that site? Reasons it looks suspicious: Toast is discontinued,

Scam verified...

I created a new account using the toastwallet.app site, and look at what shows up in the Chrome console...

image.thumb.png.2d18ec8f853053e9b88ae2e31fa69e44.png

I redacted some things, but it sent the secret for the newly generated account to our good friend at Peninsula Software, who was responsible for Toast Plus and Droplet.

What a persistent scumbag.

Link to post
Share on other sites
40 minutes ago, at3n said:

Scam verified...

I created a new account using the toastwallet.app site, and look at what shows up in the Chrome console...

image.thumb.png.2d18ec8f853053e9b88ae2e31fa69e44.png

I redacted some things, but it sent the secret for the newly generated account to our good friend at Peninsula Software, who was responsible for Toast Plus and Droplet.

What a persistent scumbag.

Is there anyway to retrieve the XRP once the investigation concludes that its a scam?

Has it ever happened that all transactions have been reverted?

Link to post
Share on other sites
3 minutes ago, Swhip_ said:

Is there anyway to retrieve the XRP once the investigation concludes that its a scam?

Has it ever happened that all transactions have been reverted?

Transactions can't be reverted, the only small hope is if the scammer is prosecuted and convicted criminally, and the stolen XRP confiscated and sent back.

Judging by the amount of time it's taking for Gatehub to go through that procedure with their hacker, that could take years.

Link to post
Share on other sites
20 hours ago, Swhip_ said:

Is there anyway to retrieve the XRP once the investigation concludes that its a scam?

Has it ever happened that all transactions have been reverted?

XRP Forensics might be able to alert exchanges of this address that was used in fraud, exchanges might be able to freeze the account associated with this address also

https://twitter.com/xrpforensics

https://xrplorer.com/forensics/help

Link to post
Share on other sites
On 4/16/2021 at 10:51 AM, at3n said:

Scam verified...

I created a new account using the toastwallet.app site, and look at what shows up in the Chrome console...

image.thumb.png.2d18ec8f853053e9b88ae2e31fa69e44.png

I redacted some things, but it sent the secret for the newly generated account to our good friend at Peninsula Software, who was responsible for Toast Plus and Droplet.

What a persistent scumbag.

His name is Josue Armenta. Full details here: https://doxbin.org/upload/ToastPlusandDropletXRPJosueArmenta

 

Gotta get this guy shutdown ASAP!

Link to post
Share on other sites
On 4/16/2021 at 10:51 AM, at3n said:

Scam verified...

I created a new account using the toastwallet.app site, and look at what shows up in the Chrome console...

image.thumb.png.2d18ec8f853053e9b88ae2e31fa69e44.png

I redacted some things, but it sent the secret for the newly generated account to our good friend at Peninsula Software, who was responsible for Toast Plus and Droplet.

What a persistent scumbag.

Would you mind taking a look at https://toastwallet.com/browser/index.html as well?

 

The .app site is down for some reason :)

Edited by Badlinker
Link to post
Share on other sites
12 minutes ago, Badlinker said:

Would you mind taking a look at https://toastwallet.com/browser/index.html as well?

It doesn't behave in the same way. THIS DOESN'T MEAN THAT IT'S SAFE.

But there are no console logs showing connections back to the Peninsula Software site (or any other site) that I've seen so far. The only testing that I've done is to create a new wallet within the app. I haven't tested importing, and I haven't done a thorough review of all functions.

All that it proves is that it's not the exact same code that's running on the toastwallet.app site.

Link to post
Share on other sites
2 hours ago, at3n said:

It doesn't behave in the same way. THIS DOESN'T MEAN THAT IT'S SAFE.

But there are no console logs showing connections back to the Peninsula Software site (or any other site) that I've seen so far. The only testing that I've done is to create a new wallet within the app. I haven't tested importing, and I haven't done a thorough review of all functions.

All that it proves is that it's not the exact same code that's running on the toastwallet.app site.

Thanks, my testing showed the same but wasn't sure exactly what you were doing. Trying to decide if I should take it down too but for now i'll leave it and keep an eye on it. 

Link to post
Share on other sites
36 minutes ago, Badlinker said:

Thanks, my testing showed the same but wasn't sure exactly what you were doing. Trying to decide if I should take it down too but for now i'll leave it and keep an eye on it. 

How would you take it down? Or do you own it?

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.