XCH stolen, no log found

XCH was stolen to xch1zrjfw4eh50ktm5h23te45p222dr4rzkww7785a0ppn6nfcgvy9dsqk2y3a
No transaction is logged on Chia Gui, I only found out about this through xchscan.com

If someone has your pvt key / mnemonic.
You wont see any transaction in your gui.
They would enter it into a light wallet to remove your coins.

So id consider your pvt key compromised.

You can possibly get round it by creating a new address and sending rewards there.
But that could also fail at some point if not instantly.

Did you ever download a copy of the database?


There seems to be a lot of this going around - sorry for the luck. Agreed on considering these keys compromised (or worse, your system) and steps should be taken.

1 Like

I was wondering about that.

If your keys to your main wallet got compromised, I have read in many posts that you should create a new wallet and re-plot.

What is the concern with updating your config.yaml file’s “xch_target_address” value to a new, cold wallet, so that your wins will go to that new, uncomrprimsed wallet?

If the above is a viable remedy, then no re-plotting will be necessary.

Fail in what way?
What is the risk?

i changed xch_target_address in config.yaml but rewards still come to the compromised wallet. maybe need to restart?

My config.yaml file has two lines that contain the xch_target_address.
Did you change them both?

of course i did both

If the bad actor has the mnemonic he can control any addresses created with it. Even new ones, or else you wouldnt bother keeping a backup.

Some have reported lost coin , creating a new address and using it, and funds being safe.

But if the bad actor starts trying all his keys on all new addresses, he may compromise the new address.

Or if they figure out which keys are likely to be for which sddresses, then try them.

I am seeking additional clarity.

Given two computers:

Computer #1 is compromised. It is the one that created the now compromised keys. It is the one that created all of the plots.

Computer #2 is a fresh OS install, never connected to the internet.
Using computer #2, you install Chia (still off-line) via a USB flash drive, and have #2 create a new wallet. You never use computer #2 again (but you wrote down your new 24 words).

On computer #1, you direct your wins to the wallet address that was created by computer #2.

What is the risk of farming plots created with the keys from computer #1, and having wins go directly to the receive wallet address that was created by computer #2?

I thought that having the mnemonics only allows you access to wallets associated with those mnemonics? But if the cold wallet was created by computer #2, then how will an attacker, having the mnemonics from computer #1, gain access to the wallet created by computer #2?

The wallet created by computer #2 will have its own, different, 24 words, and it is #2’s wallet that will receive the mojo won by farming the plots created by #1.

Isn’t it like as if I set my receive address to your wallet, then I would have to have your 24 words to get to any wins that I directed to your wallet?

I think you right in that computer #2 would be okay. The question is how was #1 compromised… if they got the 24 words by compromising the whole system (meaning they have control of the computer) then they could just update the config.yaml also to a new address and you make not notice for until much later. But yeah a second cold wallet like that would be ideal I think.

1 Like

Yes, reinstall the OS on computer #1.
But as I understand it, no need to re-plot.

in order to not open another thread, could somewone clarify why is official chia client is not safe anymore? why do i need to bother moving coins between several(cold) wallets. lets summarize this to a simpler question:

if you never install any 3rd party software, nobody has access to your systems but you and you only, are you safe with NOT moving won XCH to another wallet?

1 Like

While we are on this subject, I was recently looking into a cold/alternative wallet and came across this, which appears to work but is it secure:

In the Chia GUI create a second wallet with a new set of keys.
Transfer some XCH to the new wallet.
Delete the wallet from the computer.
Transfer some more XCH to this second wallet.
Open up the second wallet by entering the 24 word key.
Lo and behold the two transactions are there.

So the question is: while the second wallet is deleted from the computer, if my computer is hacked, is there any way some lo-life can get to the XCH in that wallet without knowing the 24 word key?


New mnemonic and your safe.

If i interpreted what i read here correctly, just using a new address from the compromised mnemonic is resulting in coins not being taken.
But it would be bad advice to suggest that.

You create the new address from the new mnemonic on a airgapped pc.
Never connected to the internet.
For a truly secure cold wallet.

If you are connected to the internet, you can be hacked, no matter what software you use or don’t use.

Cold wallet is safe, because it is created on a air-capped machine (never connected to internet or network)
Fresh OS install from USB, then use the chia install from a usb and create a new set of keys. Write down the 24 words and store them safely offline and also copy the wallet (receive) address so you know where to send XCH to.

1 Like

If pooling, you need to replot :

  • They can steal pool future farmed chia : just doing chia plotnft get_login_link and they can change many things that do not depend on config.yaml file … like pool payout address …
  • They can leave your pool, join another …
  • Self pooling is not even secure with plot NFT anymore.

To be clear, your NFT plots are compromised with your keys.


@Oulalahakabu That is very informative and helpful.

@Voodoo Ditto for your comment.

1 Like