Attention, coins disappear from wallets

It seems like this link GitHub - cdians/FastChia: Chia奇亚 plot(P盘)快速一键化工具

However, because it is a full Chinese interface, I am curious whether any foreign friends will use it. It is also possible that it was modified from another code.

Welcome back.
Reading all these statements, I believe that the mining pool or the conspirator is unjustified here.
Note that thieves don’t have 24 words - then they would have access to your entire wallet, including all xch addresses you’ve created.
They only have an xch address that has been added to some machine that automatically sends coins to their xch address
It doesn’t matter how many coins you have in your wallet, even 0.0000000001 XCH they send to each other.
Example me and my address:

Remember that after generating another xch address on the same wallet, the funds are safe.
Address generated on same wallet id, only new xch address.


See also the attack from the same address still going on.
They keep disappearing and robbing people.

You don’t feel safe right now.
After a test conducted a few hours ago, in which the computer with the wallet and the farm were disconnected from the power supply, the transferred funds disappear automatically from the wallet, which means that the discreet one does not need a computer to transfer the funds - read the virus.

They only need the wallet address to carry out the attack! I know it sounds silly, but it’s theoretically impossible, but it happened.

NO ONE can be safe - even if you keep your coins in a cold wallet like me, you risk losing everything!

@Kris have you ever used 3rd party tools like

  • so called faster chia plotters … or plotting management tools
  • farm monitoring tools
  • farm alerting tools
  • farmed any additional forks
  • 3rd party (web based or android/ios app) wallets using the same keys

also did you protect your keys with a password? (that means if you start up chia you’ll have to enter a password to get into your wallet)

The hacker probably only monitors one or a few addresses of your wallet. It would require way more resources to actually sync the entire wallet. Currently it looks like the hacker compromised dozens of wallets. My guess is the hacker only monitors the addresses you’ve used in the past and signes a transaction using your keys when one of the addresses being monitored receives coins. That way he doesn’t have to switch wallet, like we do in the GUI.

1 Like

can’t delete 20 characters

  • so called faster chia plotters … or plotting management tools
    I only use this for drawing Releases · stotiks/chia-plotter · GitHub

  • farm monitoring tools , * farm alerting tools , * farmed any additional forks, * 3rd party (web based or android/ios app) wallets using the same keys

I don’t have

I only use CHIA Chia Version : 1.7.0-rc9

The farm works separately from the wallet. Wallet installed on the so-called. a cold computer that has no internet access - and the coins were stolen

I use these tools from the very beginning practically chia and there has never been a similar situation.

also did you protect your keys with a password? (that means if you start up chia you’ll have to enter a password to get into your wallet)

Password protected wallet

Which third-party wallet apps for XCH are you guys using (if any) ?

Adding to a list any online, offline, mobile, whatever app might help finding a pattern here.

I think another question here that’s missing:

How are people storing their keys/mnemonic’s ?

For example. A cold wallet is not so cold anymore when you store a photo of the mnemonic on your phone/ICloud whatever. And I know many people do this with their keys.

Just saying, explore all options

1 Like

I keep my words written on a piece of paper at home.
I didn’t take any pictures or anything…

can’t delete 20 characters

KeePass2 with high entropy master password and with .kdbx file stored in a private syncthing mesh :slight_smile:

I understand that it can still convince us that it’s our fault - poorly secured wallet, passwords, computer virus, etc.
However, this all happened for real and I ALERT THAT NO WALLET CAN BE SAFE.

Look for yourself that the attack from this address is still going on!

Yes, only 1 card written in a set of words.
To the next question, I will answer no, no one knows where she is and no one could have seen these words.

The machines you created any of the wallet seeds that you ever used to farm XCH or ever used a wallet with connection to the network. On these machines at the time you created your wallet seeds:

What OS was installed?
What was installed on / used the machine for besides creating the wallet seeds?
What network these machines are part of?
What Manufacturer / Model of your Internet Router?
Who else is using the network?
Any other fact that comes in your mind concering this machine?

Edit: Answers from any user that got XCH lifted could be helpful ofc!

Not a single mojo of any of my wallets missing so far …

A regular home network from an ISP that I have been using for over 10 years.
The Win 10 drafting computer is only used for drafting 24 hours a day
The farm runs on a separate Windows 10 machine running 24/7
I have over 3500 plots of chia generated by me for a long time

Malwarebytes Premium is installed on each computer

Below is the model of the router - I have had the router for about 2 years

Wallet stored on a laptop along with other cryptocurrencies that I have (eth, ethw, btc) laptop disconnected from the network and power.
System on a laptop Win 10 + Malwarebytes Premium

That’s not what it looks like. You misunderstood me.

There is only a print manager program on the device that is printing. There is no chia chain

The farm supports the chia blockchain with wallet address A
The mined funds are paid to wallet B, which is located on the laptop. ONLY ON LAPTOP

If the funds disappeared from wallet A, I would agree that there was a leak.
On the other hand, nothing disappears from wallet A,
Coins disappear from Wallet B, which is disconnected from the network

It is irrelevant if a wallet PC is online or offline when the lift happened. It is relevant if it was online the moment when the seed was created or any time after that.

A malware or corrupted piece of software could have stolen your keys and be removed a long time ago. Only when the frauders started the draining all the affected users would know, but show was over before 90% of users noticed…

1 Like

can’t delete 20 characters

The laptop (Wallet B) from which the coins disappear has access to the Internet only when it wants to make a coin transfer. Maybe once every 3 months for about 15 minutes. sufficiently…