Used adalite to convert funds to stakable, enabled delegation, funds now ZERO

[q20]

Hey, guys

As per the title, my Byron wallet (accessed via passphrase) funds were converted to stakable and my balance shows zero. adalite provided a staking address the funds were to be sent to and I can confirm funds were received on that address but, minutes later after delegation (again performed in adalite), those funds hopped over to another address, then another, not listed as one of my wallet addresses.
Clearly, I'm no expert in these matters... I don't understand how to access those funds now.

I am expecting someone to tell me I'm a fool and should have done this all in Daedalus... my bad. I thought adalite would be the "lightest", quickest way to go, without having to sync the entire blockchain.

Regardless, I'd really appreciate some help here. Where are my funds now?

Thanks! :D

[MichalPetro]

Can you please provide your latest transaction IDs?

[q20]

Sure thing.
d8b3bae4e1eb53a2af44e6c5692dee9e2e571ce859e1633e43863424e3bec1ae

The address the funds are moved away from is the address adalite gave as the target for the converted funds, as you can see in this screenshot:
https://imgur.com/a/cA1HLxm

[q20]

Here are all three transactions from today, in order:
cfe1946c4c1f890d5d182ddf0de703aae96f7cf3d74769f562896dc92e737072 (conversion to Shelley, I believe)
fedbf702a2cfbf18c9f52f739355d733121e7aab45433d6b4a0e156985bb5117 (enabling delegation)
d8b3bae4e1eb53a2af44e6c5692dee9e2e571ce859e1633e43863424e3bec1ae (no idea)

[MichalPetro]

Hi,

it looks like you really did the conversion, after that you delegated, and 24 minutes after that your funds were moved away from your address. Unfortunately, we dont know who transferred those funds or how he got his hands on your mnemonic passphrase. Didnt you give away your mnemonic on some other website? Are you sure you dont have any viruses or spyware on your computer? I am sorry for this but if you dont know anything about the 3rd transaction it just means that somebody stole it from you. Sorry for that, this is the reason why we recommend using hardware wallets.

[q20]

I genuinely cannot believe that. I run a pretty tight ship here on my mac, a combination of firewalls, blockers, pihole, monitoring software, etc. Definitely didn't give away my key.

[q20]

Well, I guess there's nothing you can do... that's a bummer. I was hoping some sort of bug simply hid the address from my wallet. Guess I'll have to live with this. : (

[MichalPetro]

I am really sorry for that and I don't understand how this could happen if you followed all good security practices. I am 99.99999% sure this is not a security issue on our side because billions of ADA were transferred today and only you reported such incident.

[q20]

Understood. Not the end of the world; still hurts, though. : /

[ppershing]

Michal, can we track if the transaction was thorough adalite? While we can't track the transaction because of privacy cleanups, can we can perhaps check whether our backend did something at that time? El vie., 7 ago. 2020, 4:42 p. m., q20 <notifications@github.com> escribió:

…

Understood. Not the end of the world; still hurts, though. : / — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#684 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAGMQMNNZEB2A3NKLAXKQSLR7QHFPANCNFSM4PXUJLVQ> .

[PeterBenc]

@xdzurman

[xdzurman]

@PeterBenc don't see anything unusual

[PeterBenc]

@xdzurman d8b3bae4e1eb53a2af44e6c5692dee9e2e571ce859e1633e43863424e3bec1ae

this is tx hash of transaction with which the ada was send to another wallet. Is there a way to check whether this tx went through adalite? By its time or tx hash?

[xdzurman]

Yes it did go through us @PeterBenc

[q20]

Hmm, so how did it go through you guys (adalite) then? I absolutely did not initiate the final transaction.
Can you tell if it was from a different IP to the previous two IDs?
Not that it'd help, I simply wouldn't mind understanding more about how this happened...

[xdzurman]

@q20 I'm sorry but we do not track IP addresses along with transactions for security reasons. The info you see on the screenshot is the only information we log about transactions.

[ppershing]

We should try to get to the bottom of this. I fear you may have been scammed somehow.

1. did you visit adalite.io by entering it directly in your browser or did you use some link to get there
2. can you check your browser history if you see something unusual just before/after visit to adalite.io?
3. Do you have some browser extensions with full rights to access webpage content? Can you give us the full list?
4. Can you try virus scan of your whole computer?

[ppershing]

5. Did you access adalite.io via some insecure infrastructure (e.g. public wifi)?

[q20]

1. entering directly
2. I browsed to adalitewallet.com and am pretty sure I then entered adalite.io directly
3. "Access your data for all websites"? In Firefox the following extensions have this permission:

• DownThemAll
• 1Password
• Facebook container (installed with Firefox)
• Flagfox
• Javascript QR code
• Mactionary
• Metamask
• Mouse Gesture Events
• OneNote web clipper
• Privacy pass
• Proxy toggle
• Tab mix - links
• uBlock origin
• Unpaywall

4. I have scanned with MalwareBytes which returned zero dodgy items
5. Nope, trusted network (my own)

[ppershing]

@MichalPetro adalitewallet.com is NOT OURS, right?
I believe this is the scam site. It uses some https://cors-escape.herokuapp.com/https://explorer2.adalite.io/api/bulk/addresses/summary to overcome our cross-site-access policy and get the data directly from us
We should warn our users on twitter/redit + figure out how to take down the site

[q20]

@ppershing Nope. A whois on adalite.io and adalitewallet.com shows they have nothing in common.

[q20]

I can confirm I definitely did some browsing around adalitewallet.com, while researching staking. Their site displays:

We are currently implementing staking delegation interface so our users can easily stake their ADA to any stakepool directly from AdaLite. We also plan to operate our own AdaLite stake pool with reasonable fees and we hope AdaLite users will be willing to stake with us. You can check out the new balance check feature here.

I cannot say whether or not I entered my key. It's not looking good, though. : (

Browsing their pages, it becomes obvious it's not the real deal:

If you are experiencing problems, please try the following troubleshooting suggestions before contacting us. You can also reach us out via support@test.test.

[ppershing]

FYI, I already sent an email to abuse@namecheap.com but I am not sure how/if they will be responsive.
@q20 I suggest you may try to file complaint here https://complaint.ic3.gov/ (to be precise, namecheap suggests that, it might perpahs help with takedown).
@MichalPetro - we need to get this out on twitter/reddit/telegram ASAP!
@xdzurman or @PeterBenc can we get up banner on adalite.io that says "BEWARE OF adalitewallet.com SCAM, they are stealing adalite.io mnemonic credentials!"

[ppershing]

Also reported via https://safebrowsing.google.com/safebrowsing/report_phish/?hl=es to google-managed blacklist.
At this point, I don't think we can do anything more.
I am truly sorry @q20 :-(

[q20]

@ppershing Sorry for the delayed response; was out drowning my sorrows with a mate. : /
Yup, as soon as I’d done that whois I sent an email off to abuse@. Let’s hope that something comes of it.
I guess I’ll have to DCA to get my 27k ADA back. Early adopter, I was! :D