Never ever anything else than the original chia-blockchain client
This is what I use all the time and as you can see it’s not 100%
Running 1.7.0 on Ubuntu 22.04 for a while now and farming with an official pool. No issues so far for me.
correlation does not imply causation…
It’s not a true cold wallet if you connect the device to the internet every 3 months…. With the wallet used to create the cold wallet still on the device. This is where your wallet was compromised!
So for those that have a true cold wallet, your XCH is safe. The allegations that any wallet is “not safe” is false. As the ops version of a “cold wallet” was a laptop that he would connect to the internet roughly every 3 months to make a transfer. This connection to the internet, although short and brief was the connection that allowed the breach of his seed phrase to the hacker…
When creating a new cold wallet, make sure to totally delete the wallet afterwards before connecting the device again to the internet!
Seriously, this is the purest panic of 1-2 people here.
the “small” amount of 4800 Xch which were captured here already practically excluded a compromise by HPOOL, as we would have to assume much larger amounts if this were the case. the same applies to an alleged wallet hack.
i can understand that the affected people are angry but in my opinion it boils down to a user mistake and not to some evil hacker who found a vulnerability in the chia system.
as far as i can see the primary chinese and russian farmers are affected. i think they should just think about what 3 party tools/scripts they have used that are not used in the western countries because of the language barrier so that this doesn’t happen to them again instead of spreading unnecessary panic here.
4 Likes
If you want to interact with your cold wallet, the only wallet that allows this is Pawket…
Otherwise you cannot use your cold wallet once created without compromising it to the internet…
Hoping Chia gets Ledger support sooner than later, as the paper cold wallet is not ideal for most people.
I like Pawket! They are the only wallet that supports using a created cold wallet and never having to connect that device to the internet.
and how many of those are just 1 mojo transfers, 95% or 99%?
Thanks for the support guys… There’s nothing to worry about if the problem isn’t with you yet.
I wonder if this situation happens to you, you will also speak / write the same.
There is only so much some strangers can do in some Internet forum. If you need some suggestions on how to improve your setup or maybe trying to analyze what happened find me here: xchpool
Due to the recent incident of stealing XCH, many friends are concerned about how to keep their assets safely. Here I would like to recommend you to use Pawket to create an Air- gapped (offline) wallet.
Here is the tutorial:
2 Likes
hello to all,
i read all posts and i still have no idea about my personal security.
no announcement has been released by the chia developers.
also, my personal opinion is that cold wallets are also not secure because they can be synced.
Unfortunately, I will be selling all the chia in my hand soon.
I’m in a panic of being ignorant.
Cold wallets are really not affected by this issue as long as they are really cold. Many confuse a warm wallet with a cold one, tho …
This really isn’t a “Chia developer” issue. The few folks impacted aren’t exactly providing detailed reports of their activity leading up to their hack and there’s a lot of misinformation floating around – like claims that 10% of farmers are impacted… my analysis shows just 22 farmers with more than 5 XCH stolen.
Unconfirmed theories that have been mentioned:
- SweetChia OG pool users
- ChiaYY OG pool users
- Fastchia plotting manager
1 Like
If you have a true Cold Wallet,
Which is a wallet created on a fresh device never connected to the internet after being refreshed (HD formatted and OS reinstalled), and never connected to the internet afterwards! Plus, your seed phrase that was written down has never been seen by anyone else.
Than you are perfectly safe.
So, maybe it’s just some marketing gag after all? 
Thanks for your time digging that information. Even with a margin of error, that 22 affected farmers with over 5 XCH lost is the most helpful piece of info here. At least for me.
I also think confusion happens because
- human communication is hard ( Wiio’s laws )
- many of us use English as second or third language
- saying “you made a mistake” or “it is your fault” will be taken the wrong way (who here has worked with a team from China?)
A friend of mine got 6.5XCH stolen yesterday, and it was at this hacker address.
There are still many people affected. In the Chinese community, I have directly heard more than a dozen cases.
Here is my friend’s address: xch126ga22nh0ggz8w6twxmu93nmauwdknclj4kt5mtawv0fyt3jap4shstkt2
A new piece of information I got here is that a large number of people who have used YYpool(Chiayy.com) have been stolen.
Still don’t know why.
1 Like