Hacked web AVAX wallet

Hi all! My Avalanche web wallet has been hacked and someone stolen my 57AVAX. I have no idea how this happened. so sad. does anyone knows anything i can do now. many thanks!



1 Like

the same thing happened to me. Did you figure this out?

1 Like

the link shows a list of where some of these recently stolen avax went. the 25.07 avax from dec 14 were stolen from my avax web wallet.

i reached out to [email protected] but have not heard back. perhaps you can try emailing them as well. they really need to do something to stop this address from stealing/theft: avax1hdgwz9au3ryhk35tzhnvjkr9lzxp3zmud45d7z

and perhaps some way to return the stolen coins to their respective wallets.

They say nothing they can do.

1 Like

very unfortunate. not acceptable but guess this is the risk with crypto one has to live with. and the avax web wallet seems to be one of the least safe web wallets out there. this is a strike, albeit a small one, against AVAX.

I use a ledger and still was hacked last week and lost all my avalanche funds. I had connected to the avalanche wallet, wonder if that’s the weak link. I never exposed my paraphrase so how the hack happened is a mystery

1 Like

Which site did you use to connect the wallet?

Hi Guys,

Please keep your hard earn money safe. Here are few tips, hope it helps.

Do not connect your main wallet to any gaming and shit coin websites.

when you connect wallet to a trusted site make sure no other windows are open. just one window to connect to that site.

Have a good anti virus so that it defends from key loggers.

Never validate your wallet seed phrase at any site what ever it may be.

Go to Snowtrace go to more then token approvals, copy paste your wallet public address and check how many Smart contracts you have provided the unlimited approval.

Revoke those approvals after the transaction is done. it costs only 10 cents.

there are malicious site / hackers can use these malicious smart contract to transfer funds after approval.

I can relate to your pain. I lost lot of money myself so let’s be cautious and protect ourselves. When it comes to wallet it is our responsibility to protect our asset.

Hope it helps in future.

1 Like

I share the same feeling with you. Can’t imagine it could have happened!

Here the address to which the thief transferred my Avax to:

avax1zwfgnq3huqsh8397hpjj2f04q4hv8p29m4xkjj

I had the same issue. I have no idea how in the world this happened to me.

I am not sure how possible it could be done. But I’m afraid the Avax Wallet is not at all a safe place to move money to. I have contacted the Dev team but I don’t think there’s anything they can do.

Can we compare what happened to those of us who were robbed?
How many of us had logged into the avalanche wallet?
Of those, how many with the ledger using the avalanche app?
Are there any who only used the metamask wallet?
Knowing this could help us figure out the source of the problem.
I personally can’t believe I gave out my secret phrase.

All my avalanche funds, $30000, gone from my ledger wallet aboutb10 days ago. If the issue is a flaw in the avalanche wallet, who is addressing this?

I am so sorry to hear.

My loss is nowhere comparing to yours, but it hurts me bad enough.

I agree with you that I don’t think anyone would know or had the chance to steal our seed phrase. And I noticed this happened to not only me: 5 minutes after the token got returned from the validator, they were transferred straight to another wallet. I mean how in the world that would happen right after the token got unstaked?

Having been involved in the Avalanche Wallet has been the worse experience in my crypto life! Very sad!

I truly believe there is a serious fault with this wallet. I’m not sure if the DEV team is having a look at it at all. Everyone says “protect your seed phrase, etc”. For God’s sake, no one can have a clue of my seed phrase.

Hi Guys,

I think I am repeating my self but it for the good. I did loose money too.

Most common and sophisticated way of getting hacked is not that some got hold on your seed phrase,

It’s you who have gives unlimited Token approval from your wallet. Do not give approvals to any shady websites, DAO’s , gaming sites. Even if you did a token approval make sure to revoke it after the business is done.

Go to Debank,com connect your wallet go to profile and check for token approvals. It will list you all the smart contracts you have provided approvals for and what amount, ( mostly unlimited tokens) so these
scoundrels just wait some times month to have money in your wallet and steal it.

Pleas watch this video - https://youtu.be/edWTbybtUdo

to better understand what happened.

Take care.

Do these approvals bypass the ledger, or is additional approval required for a transaction?

Token approval is a good tip, but in some cases the money is not stolen from the C-Chain, but after validating on the P chain was completed. And the money left the wallet on the X-Chain, no C-Chain or token approval involved.

In case it was with a ledger, I would like to know if the seed ever touched any electronic device other than the ledger. Photo? Notepad? Printer? And was it generated by the ledger or somewhere else and then used as input in the ledger? Was it bought directly from ledger with an unopened seal?

If you have a genuine ledger, with a seed only written on paper, generated by the device and the paper secured so nobody could have seen it. Then it is impossible that transactions happen without user input on the ledger. (ERC20 tokens are an exception, see below!) The most that could happen is being tricked into signing a fraudulent transaction, but the data would be visible on the device while signing.

This is a good question. I like to know as well.

Having lost my 31 Avax from my Avax Wallet, my conclusion is: Do not use Avax Wallet. It is very unsafe. What a scary and frustrating experience this has been.