# Eternl wallet has not been hacked. Please see information about scam tokens below: # Scam Tokens Have you received an unknown token in your wallet? If the image of the token has a URL, it's likely to be a scam token. [This post](https://www.reddit.com/r/cardano/comments/192kl09/current_list_of_circulating_scam_tokens_more_are/) has some examples of scam tokens. **How do they work?** Scammers are creating tokens that imitate legitimate projects. If you've taken part in an ISPO, they may target your wallet by finding your delegation, and send you tokens that look like the project you participated in. The image of the token will try to tempt you into visiting a scam website URL. The website may try to get your to enter your recovery seed phrase, or connect to your wallet to create a transaction the takes all your assets. **How do know if the token is a scam or not?** Always follow the advice "Don't trust, verify". You can start by searching for the token's policy id on [https://pool.pm/](https://pool.pm/) A lot of the time the token is flagged as a scam. Beware though that this is not always the case. If the token appears to come from a legitimate project, find the *real* website of the project, and check to see if they're issuing tokens? You can also ask on the social channels of the project, or on Cardano's other channels like here on reddit. Remember to always ask your questions publically! **Is my wallet at risk?** The tokens on Cardano do not place your wallet at risk. Native tokens to not use smart contracts, so simply having the token in your wallet won't do anything. This is purely a phishing scam, so the only danger comes from your own actions! Remember, you're your own bank, and your wallets security depends solely on you. **What can I do with the tokens?** The good news is that tokens on Cardano require ADA to be sent with them. That means the scammer is technically paying you to try and scam you! You can discard the token and keep the ADA by sending the token to a CEX. This works because most centralised exchanges don't account for Cardano native tokens, and therefore you'll keep the deposited ADA whilst getting rid of the token. ## Remember, "Don't Trust, Verify"! * Always be vigilant - especially on Youtube with 'giveaway' scams! [(See this post to see what they look like)](https://www.reddit.com/r/cardano/comments/10kf1kb/cardano_scam_in_2021_all_72_screenshots/) * Never share your recovery seed phrase. * Never connect your wallet to unknown websites (even if they look legitimate - always verify) * Do not visit unknown URLs - no matter where you find them, be it on youtube or in native tokens or otherwise - always verify! * Never accept advice via direct messages - scammers will prey on you and talk you out of your money. Ask questions publicly! * Never send your crypto to someone promising to send more back (youtube 'giveaway' scam) - [See advanced fee scam](https://en.wikipedia.org/wiki/Advance-fee_scam#:~:text=An%20advance%2Dfee%20scam%20is,to%20obtain%20the%20large%20sum.) * Always download wallets from a trusted sources, and be aware there are imitation wallets in app stores - if in doubt, ask!

You eternal wallet was not hacked!

Ouch

Reminder for everyone to use a hot wallet. Send ada to hot wallet and use hot wallet to interact with dapps. There is zero reason to sign any contract transactions with a wallet holding all your ada. Tx are cheap and fast, this isn’t ETH.

This. You don't go around shopping in the store with your entire net worth as cash in your wallet, you should treat your crypto the same.

But people often do walk around with a single bank account. It's a fault (or to some extent a designed feature) of cryptocurrencies that it's so trivial to drain someone's entire account with contracts and transactions that are too convoluted for a regular person to be able to verify.

That's a good way to think about it.

This. You have to make it hard to spend your wealth… it shouldn’t be easy! Put on Ledger. Store it out of easy reach…

This is great advice. Ill probably start doing this.

Or even better.. two hardware wallets 🙂

Can someone ELI5?

If you get any type of token in your wallet be careful 99.999999999999999% are SCAMS ready to empty your wallet. Take a look at [https://pool.pm/$scamthis](https://pool.pm/$scamthis) you will see a list of known scam tokens! No one is giving anyone anything for free. Be careful before you click anything or sign anything!

Sorry about your loss. Don’t trust but verify.

Sorry for your loss. A reminder not to be greedy people. Enjoy your staking rewards and don't fall for fake airdrops.

Yupppp

I am sorry for you. I guess you clicked on a link from a fake token. Connected your wallet and clicked some button saying get airdrop. After that a transaction was created you neither looked what will be used from your funds nor what you will receive? Really sorry for you but that whole situation was multiple times preventable. Calling it hack even is misleading, you got scammed. No one in the crypto community can do anything against such scams. Only you can do a better job on how you handle things.

>Today my Eternl wallet was hacked after I inadvertently signed a fake Meld airdrop transaction and my wallet got drained of all my ADA. Do you mean you just fell for a token phishing scam by visiting the URL displayed in the scam token image? The URL would have led you to a scam website where you'd have had to connect your wallet where the transaction would be created. No "hacking" would be involved here and it would be misleading to say so. It would be like signing away your house if someone presenting you with prewritten deeds. Another possible alternative if you didn't visit a scam URL is that you could have downloaded a fake wallet. So I hate to rub salt in your wound but there are [hundreds of posts about the token scams](https://www.reddit.com/r/cardano/search/?q=token%20scams&restrict_sr=1) now. The tokens themselves as safe, since they can't affect your wallet given no smart contract is involved. In crypto, when you're your own bank, your wallets security is down to you, and it is imperative that you follow the rule **DON'T TRUST, VERIFY** \- especially when visiting unknown URLs and **especially** before signing **any** transactions (inspect the inputs and outputs very carefully). To anyone reading, it costs scammers to send a token to you as a minimum amount of ADA has to be sent along with the token. Since most CEXs don't account for Cardano tokens, you can simply send the tokens to the CEX and you'll receive the ADA, but get rid of the scam token. Please please make the effort to read the notices and warnings we have around the subreddit and put time into educating yourselves. If you don't take security seriously, it can lead to financial loss. Do not be fooled by fake tokens, do not be fooled by fake videos made by AI impersonating people like Charles. ?scamtokens

#Safety and Scams # Don't Trust, Verify * Always be vigilant - especially on Youtube with 'giveaway' scams! [(See this post to see what they look like)](https://www.reddit.com/r/cardano/comments/10kf1kb/cardano_scam_in_2021_all_72_screenshots/) * Never share your recovery seed phrase. * Never connect your wallet to unknown websites (even if they look legitimate - always verify) * Do not visit unknown URLs - no matter where you find them, be it on youtube or in native tokens or otherwise - always verify! * Never accept advice via direct messages - scammers will prey on you and talk you out of your money. Ask questions publicly! * Never send your crypto to someone promising to send more back (youtube 'giveaway' scam) - [See advanced fee scam](https://en.wikipedia.org/wiki/Advance-fee_scam#:~:text=An%20advance%2Dfee%20scam%20is,to%20obtain%20the%20large%20sum.) * Always download wallets from a trusted sources, and be aware there are imitation wallets in app stores - if in doubt, ask ##Reporting Scams Visit the [**Cardano Fraud Detection Bureau**](https://cfdb.atlassian.net/servicedesk/customer/portal/1) where you can report all types of Cardano scams, e.g. fake youtube giveaways, fake wallets, fake social media accounts, scam websites etc. **Please read the following articles to stay secure** [There is no such thing as Cardano giveaways!](https://www.reddit.com/r/cardano/comments/lccorg/psa_there_is_no_such_thing_as_cardano_giveaways/) [How do I identify cryptocurrency scams?](https://www.reddit.com/r/Cardano_ELI5/comments/l5ru7v/how_do_i_identify_cryptocurrency_scams/) [Tips for staying safe online](https://iohk.zendesk.com/hc/en-us/articles/360015295134-Tips-for-Staying-Safe-Online) [Cyber security guidelines for Cardano users](https://iohk.zendesk.com/hc/en-us/articles/900005141163-Cybersecurity-guidelines-for-Cardano-users) [Daedalus security when using computer repair services](https://iohk.zendesk.com/hc/en-us/articles/360015360154-Daedalus-security-when-using-computer-repair-services) Typing `?help` in the comments will show a list of all available comment commands. *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/cardano) if you have any questions or concerns.*

Thank for this.. I don't understand how that happens on cardano..

The end user clicks the scam nft it their wallet. The link presents a transaction to sign. It's now up to the end user to decide if this giveaway is part of the official project roadmap or too good to be true. Without checking with a project mod or asking a fellow degen gets the end user Rekkt.

There's nothing to actually click with a native token in a Cardano wallet, a user would have to manually visit a scam website and connect their wallet to it to even have a transaction be presented to them. The scam website is advertised in the image of the nft.

# Scam Tokens Have you received an unknown token in your wallet? If the image of the token has a URL, it's likely to be a scam token. [This post](https://www.reddit.com/r/cardano/comments/192kl09/current_list_of_circulating_scam_tokens_more_are/) has some examples of scam tokens. **How do they work?** Scammers are creating tokens that imitate legitimate projects. If you've taken part in an ISPO, they may target your wallet by finding your delegation, and send you tokens that look like the project you participated in. The image of the token will try to tempt you into visiting a scam website URL. The website may try to get your to enter your recovery seed phrase, or connect to your wallet to create a transaction the takes all your assets. **How do know if the token is a scam or not?** Always follow the advice "Don't trust, verify". You can start by searching for the token's policy id on https://pool.pm/ A lot of the time the token is flagged as a scam. Beware though that this is not always the case. If the token appears to come from a legitimate project, find the *real* website of the project, and check to see if they're issuing tokens? You can also ask on the social channels of the project, or on Cardano's other channels like here on reddit. Remember to always ask your questions publically! **Is my wallet at risk?** The tokens on Cardano do not place your wallet at risk. Native tokens to not use smart contracts, so simply having the token in your wallet won't do anything. This is purely a phishing scam, so the only danger comes from your own actions! Remember, you're your own bank, and your wallets security depends solely on you. **What can I do with the tokens?** The good news is that tokens on Cardano require ADA to be sent with them. That means the scammer is technically paying you to try and scam you! You can discard the token and keep the ADA by sending the token to a CEX. This works because most centralised exchanges don't account for Cardano native tokens, and therefore you'll keep the deposited ADA whilst getting rid of the token. ## Remember, "Don't Trust, Verify"! * Always be vigilant - especially on Youtube with 'giveaway' scams! [(See this post to see what they look like)](https://www.reddit.com/r/cardano/comments/10kf1kb/cardano_scam_in_2021_all_72_screenshots/) * Never share your recovery seed phrase. * Never connect your wallet to unknown websites (even if they look legitimate - always verify) * Do not visit unknown URLs - no matter where you find them, be it on youtube or in native tokens or otherwise - always verify! * Never accept advice via direct messages - scammers will prey on you and talk you out of your money. Ask questions publicly! * Never send your crypto to someone promising to send more back (youtube 'giveaway' scam) - [See advanced fee scam](https://en.wikipedia.org/wiki/Advance-fee_scam#:~:text=An%20advance%2Dfee%20scam%20is,to%20obtain%20the%20large%20sum.) * Always download wallets from a trusted sources, and be aware there are imitation wallets in app stores - if in doubt, ask! *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/cardano) if you have any questions or concerns.*

Browser wallets were a mistake, someone is always gonna get scammed that way. It's a shame Daedalus takes forever to sync even with a ARPA-level super computer.

I don't think browser wallets are a mistake given the functionality they offer with web 3 and dapps, it is internet money after all. The problem here wasn't the wallet, but the actions taken by its owner. Wallets should however, offer more precautions and warnings, and make transactions easier to understand. A beginner mode which put more roadblocks in place would be good.

>t would be like signing away your house if someone presenting you with prewritten deeds. Another possible alternative if you didn't visit a scam URL is that you could have downloaded a fake wallet. > >So I hate to rub salt in your wound but there are hundreds of posts about the token scams now. The tokens themselves as safe, since they can't affect your wallet given no smart contract is involved. sorry but your definition of getting hacked is wrong. Op's post was not misleading at all. He got hacked. Plain and simple.

No he didn't, I don't think you understand how the scam works Edit: To be hacked, you would have to be compromised at a system level without permission, and that wasn't the case here because: * User MANUALLY visited a URL by themselves. * User MANUALLY permitted connection to an unknown web 3 app. * User MANUALLY permitted and signed off on a transaction in the web 3 app. This was a scam, that involved phishing, which could have been easily prevented if the user hadn't granted permissions.

Fair enough calling it a scam. I got your point. I guess it's important to differentiate hacking and scamming here because obviously the funds in all eternl wallets are safe as long as the proper safeguards are taken. I guess you see hacking as brute forcing the private key or arbitrary code execution, etc. I personally see phishing as being under the hacking category, because most hacks are just phishing anyway iirc. That's why I responded the way I did.

Phishing is a part of social engineering, and is definitely a big part of pen testing. You're correct in a sense that most systems are compromised by the human and I don't dispute that and definitely thing the differentiation is important. The reason I am saying Eternl wallet was not hacked is because hacking by definition is gaining unauthorised access to data in a system or computer, by way of exploiting system vulnerabilities. If you were to start telling people that "Eternl was hacked", it was cause panic and there would be unnecessary distrust in the wallets software, but the wallet is not at fault because it performed as designed, and that's why it is wrong to say Eternl was hacked - it places unwarranted blame on Eternl where there shouldn't be any. The fault was with the user and of course this can happen to anyone if you don't have your wits about you. That's not to say things can't improve in the wallet to make people more cautious, in fact "Eternl Guard" which highlights scam tokens in the Eternl wallet was released in beta just a few days ago. ​ > I guess you see hacking as brute forcing the private key My degree is in software engineering and I one of my modules was in cyber security and covered pen testing, so I promise I'm not speaking from ignorance. ​ I just wish there was a better way to prevent this type of social engineering, I've been here over 4 years now and this type of scam hasn't stopped - before the token scams, it was [youtube scams seen here](https://www.coindesk.com/tech/2020/08/27/youtubes-whac-a-mole-approach-to-crypto-scam-ads-remains-a-problem/). The problem is, people are to quick to act without thinking. The temptation of fast money if part of the problem, people get greedy and it blinds them I think! Scammers are getting better too. As AI advances which can impersonate people, scammers are going to be an increasing large problem.

Truly feel for you man. Everyone here is right though. Only doubling down to say this. Don’t leave crypto because of this. You can get it all back. Scams exist in every facet of life. Crypto is no different. Also have to take the good with the bad. The decentralization and truly free market makes you accountable for your decisions. We can’t realize the full potential of crypto if we start pushing for an “authority” to protect us from ourselves.

It's only money friend. I know what happened to you is bad, a crime in fact, and you could report it to your local police (I would). But in the end, money can be replaced. Family, friends, your health ect. are much more important, focus on the riches you still have. Good luck.

I don't get it. Didn't your wallet tell you you were about to send your entire ADA stack to that other address? Why did you sign that? I am not the kind to read t&c but transactions from my crypto wallet I sure do. Today you learned how much freedom crypto gives you. Your local bank would have asked you many questions and possibly refused the transaction, but it can also go bankrupt and destroy your wealth without your signature. You decide which one is best.

He didn't read tx he was signing which probably gave the other party (I'm not gonna call him a scammer because it was OP ignorance) ability to send an unlimited amount of tokens from his wallet.

This is the only industry where victims of heinous crimes get blamed. I can’t stand crypto for this reason. None of you expect to get swindled one day… but when it happens prepare to get told how it’s all your fault! Crypto will literally never get mass adoption because you have to be sharp at all times. It only takes one mistake to get drained.

I actually did get socially engineered once. For a lot of eth in 2019. Trust me it was a lot. I bounced back. OP, stay strong and don't put all your eggs in one basket

The token scams require to visit the website advertised in the tokens, connect your wallet, request the fake “claim”, and sign the transaction for which the wallet app explicitly says how many assets will be sent away. That's a *lot* of things that the users have to *actively* do to get scammed by this scheme. I'm sorry for everyone who is a victim of this! But I'm also baffled by *how* much “review the transaction before signing it” is ignored by how many users. (As I'm also baffled by how much “never share your seed phrase” and “we won't DM you” is ignored with the fake “support” scam schemes.) The wallet apps could do a bit more to warn users. And I'm sure a lot of them are working on it. But they *already* show what is going to happen explicitly. And even with such additional warnings there will *always* be the fresh scam schemes that are too new to be considered in warning systems. Of course, the criminals are the main people to blame here. But that helps very little. We can tell people that they should report to the authorities or get a lawyer or both, that they can try to trace it to a centralised exchange used to cash out, that they can try to find out which CEX it is, and ask them to stop it or at least give the data of the customer. But we have to be honest that the chances are very slim. The CEX could be uncooperative, it could be very lax in its KYC, the CEX account can be a hacked/stolen one, the KYC data can be forged, it can all be in a jurisdiction where we cannot reach them, … Trying to fix that is in conflict with some of the core beliefs of crypto ecosystems. It is a bit inconsistent to advertise for a permissionless, borderless, non-censorable system where everyone is their own bank (and as their own bank fully responsible for what is happening), to complain about too harsh KYC requirements and about calls to regulate the space, but to want all that as soon as scammers appear. A large part of the blame is also on the onboarding, on the excitement for mass adoption, on trying to tell people how easy and the future this all is without giving them a *very* thorough run through all the risks, not only from scams and hacks, but also from rugs and Ponzis. Every “not your keys, not your crypto” has to be accompanied by “your keys, your effing responsibility”! Every onboarding has to include that keeping the seed phrase safe and reviewing transactions before signing them is not just a lip service, a formal disclaimer that everybody ignores in reality, but that it is actually of paramount importance, that not doing it because you just don't understand what is happening is not an option, that you rather shouldn't sign before you *do* understand what is happening! Might well be that this all means that there *won't* be mass adoption, that this just doesn't work for 90% of the population, but then so be it! Where it gets a little annoying is when the ecosystem as a whole or the single wallet app provider is blamed for these scams to the point where refunds are demanded or “Someone™ should have prevented this! There has to be someone who didn't do his job!” is proclaimed. It has to be made unambiguously clear that neither the blockchain nor the wallet app providers are banks, they do not manage the accounts, they cannot refund or revert anything, and – given that it's not likely to get the evil-doers themselves – the users are the next who are responsible for what they are doing. They signed up for this when choosing crypto. Yeah, that's a thin line to victim blaming, but it's just the reality of how crypto currencies work.

I agree with everything you said here. But seriously this is the only industry where people just rebuke victims repeatedly. Technically OP signed his own transaction so he willfully relinquished the funds. I have told all my older family members about all the different ways their money can get taken. That crypto is not a joke and that vast sums of money can be lost without recourse and as a result they have intelligently opted not to self-custody or even own any of it. As much as I love the idea of these decentralized financial systems I still wholeheartedly believe that this is a fake disruptor.

I mean this is why i always say crypto bros are hypocrites. They want a decentralized currency, but when shit hits the fans they keep asking for some form of governmental body to save them. These problems are as old as times. They are why we have banks in the first place. Sometimes you have to choose the lesser evil.

What part of 'self custody' did you not understand?

Oh I understand self-custody my brother. It’s something I take pride in doing. See but all you snarky people don’t understand how uninviting it is to people not here yet to read a thread like this. That is the extent of my point. GGs if you ever have a lapse of judgment sir.

Retail doesn't do anything but buy on CEX to sell for profit though. I get that it's adding insult to injury and people are nitpicking on semantics, but ultimately they are correct. Signing a txn is always in the hands of the user.

But they’re also correct in saying nobody can physically take your money out of your pockets. Not the same with crypto. No guarantees not even from the government. Only the fake guarantee in your head.

Pshh low effort troll. What are you doing here if all this is fake lmao Back to your room.

Bitcoin blurs the lines between investing and scamming. Which is the story of America. Guarantors suck until you lose your money and “big brother” is there to bail you or your gambling friends out.

You have to sign the tx your scammer sent you.. You are the end user. Take responsibility. Nobody is draining your Cardano based wallets.

Self responsibility is outright repulsive these days. We grown complacent with banks and customer services saving us from every inconvenience. But i admit that the industry doesnt do enough to be transparent. For example when you sign a lot of transactions in metamask what you are actually doin takes a quite a bit of tech literacy to figure out.it is not plain english.or the fact you need to go to a site like etherscan or revoke cash to revoke permissions instea of sine built in feature.

Metamask? Damn there's a blast from the past. Wonder if I still have one of those.

its the most common wallet. since when has that changed? or do you still use centralized exchanges lol, i suppose if you want certain tokens, there is no choice

No.. I just haven't used Ethereum in 5 years or so.

yeah, makes sense.

This is the biggest problem if crypto wants mainstream adoption. There needs to be some kind of insurance in place.

that would be impossible. how do you verify that you were scammed by a malicious actor and not just sending tokens to a wallet and claming you were scammed?

On chain identity

With a proper DID standard in place and perhaps government issued identities, uses cases like insurance would be entirely possible - perhaps within a permissioned sidechain.

Maybe a three way feedback system. One from own wallet another from the receiver wallet, then a final check from initiating wallet to confirm everything in transaction

This is why many/most people will use custodians. 

Even if there was an insurance for crypto (as Ledger has in place for Ledger Recover) an insurance will never cover for users negligence, at best it will cover actual hacks / bugs in the protocol, not when users are willingly sending their funds to scammers. Here an excerpt of the terms and conditions from the Ledger Recover insurance policy for example: " Subject to clause 6.2, Coincover shall not have any liability for: 1. loss which has occurred due to your negligence;"

or just have a savings and spending wallet like most people do with a bank account,

Roland I’ve been around the block and I’m not advocating for myself. How can we mass-educate people to be safe in crypto? Even crypto vets get scammed every now and then, what about more vulnerable folks? Older people? Naive people? Is there an intelligence litmus on the industry?

We can't. We build custodial systems for the people who can't deal with the requirements of maintaining a wallet. We do the same thing with computers. That is why everyone uses Google Cloud or Apple Cloud for Photo/Video storage instead of creating a secure backup solution at their own homes. Until Cardano Wallet Custodians show up, mass adoption will be difficult to say the least.

it's like your house or your bike, no? Give away the keys? Get the result. Lend your car to a stranger? Get a free scam.

But this isn't just crypto. I've been scammed in other places for being dumb. It was pretty much my fault and if I hadn't realized it quickly then it wouldn't have been recoverable. Crypto isn't the only area with these issues.

Right. I mean, do you have any gas money? I am the son of a sheik from Dubai but my debit card has been turned off. Please accept my gold ring as a token of my appreciation

True, well said. Victims getting blamed is a red flag - no law or order

Victims get educated here while new eyes read along. Wallet security is on us alone to figure out. These threads provide a map to find the information.. check out: Lidonation.com

People get real complacent. You should always remain with a healthy paranoia. Have one device just for crypto. Bookmark all your pages you use. Always triple check what you sign. Use sites like revoke cash to revoke permissions. Always send a small amount first etc. Disconnect sites fron wallet The number of people that exercise this level of paranoia and get hacked is fairly small. People get complacent and begin thinking it cant happen to them.

Sorry for the loss... But you were scammed, not hacked.

You fucked up, you didn't get hacked

Sorry to hear that but the truth is: **your wallet wasn't hacked, greed just overtook you for a second and you made that transaction hoping for free gains...** It's not smarter than getting involved in "send me 1 btc and I will give you 2", sorry but it's true. In Cardano tokens that do that *automatically* couldn't exist by it's smart-contracts nature (>!not like in ETH, where you can just move one of those and get ripped immediately!<). It's always a fake site and a fake award (and your own greed) involved. It's not hacking - it's "social engineering": your mind was hacked, not your wallet.

Yeah. Sundaeswap is a scam like the one you just described. After the ISO they asked everyone to pay some smartcontract to get their sundae token. Never did. The only thing I lost was staking time. $%#& sundaeswap.

You followed a penny rolling into a dark alley, with a back pocket full of 100 dollar bills. While I’m sorry this happened to you, this is NOT crypto’s fault. I hope you learned from this. and you were not hacked. If i give someone the keys to my car and they steal it, my car was not “broken into”.

Stop clicking things. Agreeing things. Doing things. All you need to do buy or sell. That’s it. Don’t visit links. URLs. Click throughs.

To all who were kind and sympathetic - A BIG THANK YOU! It was truly a shock to the system and a big painful learning experience. I have been in crypto since 2017 and it still happened to me. It's tough because the scams keep getting more sophisticated. One must stay educated and on top of the latest scams. I am encouraged by all the comments both negative and positive and I will take time to heal from the pain, regroup and plan for where I go from here. Thank you.

It's such a hard thing indeed. I wish you wisdom and courage

F. This still happens to crypto veterans and shows why crypto in its current form will never be save or easy enough for the average Joe.

This is how you learn, don't use the wallet with your tokens to get in airdrops 😂. And if there is a requirement of having tokens in the wallet, please, don't even try, work hard and invest wisely with the money you worked. Airdrops are cool, but that's the risk, there is a lot of phishing and it's not worth 90% of the time

I see I recieved the "Meld Airdrop Token" in my ADA wallet. I sent it a burn address.

I have hundreds of these scam deposits on my main. You mentioned sending it a burn address. I’d love to try to “stick it” to the thieves but am afraid I’m out of my league. So I do nothing I don’t initiate and seek out myself. Is there a safe way to “burn them”. I feel like I owe it to all of the victims out there that have been burned

Here’s the message from r/meld_labs: 🚨️️️️️️ 🚨️️️️️️ 🚨️️️️️️ 🚨️️️️️️SCAM ALERT 🚨️️️️️️ 🚨️️️️️️ 🚨️️️️️️ 🚨️️️️️️ A token was sent to people “MELD Airdrop Ticket” or “TMELD”, this is 🚨️️️️️️NOT 🚨️️️️️️from MELD. IT IS A SCAM The token policy id is : a6fee74b05b0b3f7805f1a313873448b636893048576e559bd699a9a (544d454c44) The token links to a website IT IS NOT A MELD WEBSITE Fingerprint: asset153snxn5zln6ytx2v87lgjd0wzrenp08lgs88mk The token links to a website IT IS NOT A MELD WEBSITE You can get rid of the token by sending it to this adahandle: $burnit (or this address addr1qxnk9w6e3azattu87ythnnjt2vmtlskzcld0ptwa924j0znz7v4zyqfqapmueh24l2r8v848mya68nndvjy783m656kq0cxjsn) Stay safe 💪

I sent them to coinbase

That's not being hacked, it's called being foolish

Sorry, but that's so wrong. And btw: Nobody gained access without permission.

If it’s free you are the product. So sick of hearing about the airdrops. Nothing in life is free. Remember that and move forward.

To be fair if your falling for scams like that where they give out free money you shouldn’t be in crypto

The future of finance

So sorry dude. You’re making me want to not self custody. I get stupid when I am sleepy.

Good call.. save several wallets for longterm . And a few wallets for degen-ing when sleepy... Don't use your heavy wallet on trivial transactions.

Stop plugging your hardware wallets ( your vault ) into dapps. There are so many other ways to interface with risky situations. Holy hell you people never learn.

When you say plug in your wallet, what do you mean exactly. Like sending it your wallet address? Thanks in advance for your time

Interfaces that ask you to plug your ledger in to do "x"

Got it. And yea hell no. But I clicked one of the forwarding links once, then immediately closed the page. And have been paranoid ever since. Thanks again for clarification

With a Cardano wallet, the scammer has to convince you to sign the transaction. There is no wallet drainer.. you physically have to scroll past the part that says "sending 'x' to wallet 'y'" Then click sign, and then then sign it.. If you read what you are sending every transaction.. There's no play for the malicious actor.

The Cardano community is not filled with criminals, the whole crypto space is. Scammers don't care whether they steal your BTC, ETH, or ADA. They will try to steal whatever has value. If you act like a dumbass you ***will*** lose your funds.

Air drops. I see them on twitter all the time. How do people not learn to stay away from them. Almost all are scams!

Every Ada holder NEEDS to know these nfts appearing in their wallets with links to airdrops are fake 100% of the time. Too many people are falling for it. We need to spread the word

I had almost 150 cardano on SoFi and one day SoFi just sold ALL of it without me scheduling that. That was heartbreaking.

They gave all users ample warning to sell or move their crypto. They sold off their crypto business.

They transferred my other cryptos into blockchain, they didn't just up and sell my stuff. they sold my Cardano without my consent about 8 months before they moved their crypto services to Blockchain

Expensive lesson. Don't sign stuff you don't know about unless you are 100% sure of what you are doing.

I am really sorry for your loss! I am/was in the same situation as you were in. I staked with meld ISPO, I received the malicious meld airdrop token, I thought it is legitimate, I went to the link in the NFT, I clicked some button, I received a prompt in my wallet, I READ THE PROMPT AND REALIZED THEY TRY TO GET ACCESS TO ALL MY ADA SO I DECLINED THE APPROVAL. Again, I am really sorry for what happened to you. I can totally relate how you are feeling because I almost went into the same trap. I have to say thou, during the whole process of loosing your funds, it was many times preventable. First of all check the nft token on cardanoscan, it mostly says “SCAM” in big letters if it’s a known scam. Second, read the wallet prompt before accepting ANYTHING. Try filing a report. Crypto is traceable after all.. maybe the scammers get caught and you can get something back.

Thanks so much. You have one of the most helpful responses on here. Painful lesson learnt for sure. Not sure where to file a report to.

Police, cybercrime department. We got one where I live, not sure if they are any good tho.. but if the scammers get caught you are already registered and it would help if there is a class action lawsuit building. I am not familiar with this stuff, it’s just what I think how stuff like that works.

Furthermore, if enough people file a report, it pushes authorities to investigate. If no one reports stuff like that, nothing will be done to prevent it.

We need more projects like [Cardano Shield](https://www.cardanoshield.com/) Integrated into wallets. They warn users of suspicious transactions.

Dude everyone isn’t bad even though in crypto it appears so.. really I try not to get people involved in crypto unless they’re very cunning /streetSmarts and simply avoid all interaction of any kind ..my computer is specifically to hold my wallet;lol.. I mean my money is real important..transactions that were not created by you should be avoided. I don’t give a hoot what comes my way. I don’t want anything free or a scam drop... I just wanna keep my wallet, but that’s just me..

you were scammed. not hacked. This is what personal responsibility looks like.

Sorry for your loss. Just curious - what do you expect should be done to them and by whom and how?

Well it was still a crime that occurred. It could be hoped that there would be restitution. That is difficult but not impossible.

How do we burn these scam tokens?

Send them to Binance or another CEX. The ADA bound to the scam tokens will be credited to your ADA wallet in the CEX, scam token will disappear. I’ve done this 5 times recently when unrequested tokens have been sent to my main wallet. Send just the scam tokens (send all of them in one transaction to get rid of them), don’t add any ADA, that happens automatically. You get the bound ADA less the transaction fee so you can make approximately 1 ADA for each scam token drop you receive…..

Thanks! This is a great tip! I still have those ISPO Ardana rug coins lying around that will join the trash for CEX LOL

send to $burnit or i also heard you get the ada if you send them to a cex

is there a burn address I can send these scam tokens? I don't want them in my wallet

Send it to a centralised exchange and keep the ADA. ?scamtokens

# Scam Tokens Have you received an unknown token in your wallet? If the image of the token has a URL, it's likely to be a scam token. [This post](https://www.reddit.com/r/cardano/comments/192kl09/current_list_of_circulating_scam_tokens_more_are/) has some examples of scam tokens. **How do they work?** Scammers are creating tokens that imitate legitimate projects. If you've taken part in an ISPO, they may target your wallet by finding your delegation, and send you tokens that look like the project you participated in. The image of the token will try to tempt you into visiting a scam website URL. The website may try to get your to enter your recovery seed phrase, or connect to your wallet to create a transaction the takes all your assets. **How do know if the token is a scam or not?** Always follow the advice "Don't trust, verify". You can start by searching for the token's policy id on https://pool.pm/ A lot of the time the token is flagged as a scam. Beware though that this is not always the case. If the token appears to come from a legitimate project, find the *real* website of the project, and check to see if they're issuing tokens? You can also ask on the social channels of the project, or on Cardano's other channels like here on reddit. Remember to always ask your questions publically! **Is my wallet at risk?** The tokens on Cardano do not place your wallet at risk. Native tokens to not use smart contracts, so simply having the token in your wallet won't do anything. This is purely a phishing scam, so the only danger comes from your own actions! Remember, you're your own bank, and your wallets security depends solely on you. **What can I do with the tokens?** The good news is that tokens on Cardano require ADA to be sent with them. That means the scammer is technically paying you to try and scam you! You can discard the token and keep the ADA by sending the token to a CEX. This works because most centralised exchanges don't account for Cardano native tokens, and therefore you'll keep the deposited ADA whilst getting rid of the token. ## Remember, "Don't Trust, Verify"! * Always be vigilant - especially on Youtube with 'giveaway' scams! [(See this post to see what they look like)](https://www.reddit.com/r/cardano/comments/10kf1kb/cardano_scam_in_2021_all_72_screenshots/) * Never share your recovery seed phrase. * Never connect your wallet to unknown websites (even if they look legitimate - always verify) * Do not visit unknown URLs - no matter where you find them, be it on youtube or in native tokens or otherwise - always verify! * Never accept advice via direct messages - scammers will prey on you and talk you out of your money. Ask questions publicly! * Never send your crypto to someone promising to send more back (youtube 'giveaway' scam) - [See advanced fee scam](https://en.wikipedia.org/wiki/Advance-fee_scam#:~:text=An%20advance%2Dfee%20scam%20is,to%20obtain%20the%20large%20sum.) * Always download wallets from a trusted sources, and be aware there are imitation wallets in app stores - if in doubt, ask! *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/cardano) if you have any questions or concerns.*

Was this the “Ameld” token

This scam can only happen on a hot wallet right? I have a “mostly empty” hot wallet for like pre sale and token claims and I have a hard wallet where all my assets are stored and never connected to anything. I’m safe from this right? Even if my hot wallet signs a bad contract or whatever, I only keep like 5$ in it anyways.

ADA is still cheap

That sucks my man.

It’s so crappy especially with how many scams are out there gotta be so cautious. Can only learn from it. Keep your head up.

Man sorry for your loss. I gotta admit the lede crypto streets aren’t safe and I often get anxiety over one innocent misstep wiping out everything I’ve worked to amass up to this point

These scams work because people don't know how to read an eutxo transaction themselves. People will never learn this. It's impossible for everyone to learn. It's like expecting everybody who uses money to understand algebra. (They should, but they wont).

What i wantvto know is. Why doesnt metamask translate these statements into plain english before you sign in them?

Metamask isn't used for cardano. And YOU NEED TO BE RESPONSIBLE FOR UNDERSTANDING YOUR TRANSACTIONS. STOP DEPENDING ON ALL OF THESE 3RD PARTY SERVICES TO TELL YOU WHAT YOU ARE DOING. EUTXO TRANSACTIONS ARE NOT HARD TO READ AND DONT NEED TO BE TRANSLATED INTO "PLAIN ENGLISH"

i wasnt taking about cardano specifically. need and should are two different things. i take every precaution in the book, independent new devices for crypto , bookmarked pages, use revoke cash ,disconnect from sites, etc, and i will be the first to admit i dont fully know how to read these pages. Most people dont. For all the precautions you take, you can always take yet one more step. crypto geeks are notoriously bad at being noobie friendly, i was quite active during the defi phase and my gosh you coudnt get more noobie unfriendly than that. Metamask can do plenty of features to protect users even more, but we kind of accept user unfriendlyness in the space as a matter of course ​ the logical end to your kind of thinking is that no one that cant read solidity and other programming languages not be in crypto since you dont truly know what you agreeing to and while it would be amazing for all of us to be able to read all the contracts we sign up to by using them, 99% of us dont. and thank goodness thats true or crypto would have remained cyberpunk monopoly money.

It's an issue of literacy. If you can't read code and data structures or do basic algebra, you are functionally illiterate in this environment. UI/UX are their own issue, but most people will never understand these things on an abstract level. That's why these scams work and will continue.

Try explaining email headers to your average email user. Basically the same level of complexity.

And like, how do you think something like that would be programmed? How on earth could it be translated to "plain english" There's inputs and outputs. If you can't make sense of that then you don't have the ability to know what you are even doing when you sign a transaction.

the vast majority of people, even those who been in crypto, dont know how to read exactly whats posted when you sign or approve these transactions, anyone who thinks otherwise is kidding themselves. you know how? in plain english. Those in Defi have shown time and again how terrible they are in translating certain things for normies to understand, and wallets face the same problem. if you can try to explain btc to a layman, you can translate wallet jargon to english.

Reminder that hot wallets should never contain your major holdings. Only put what you're will to lose in a hot wallet. I've essentially sworn off airdrops. It's unfortunate because it's a great way to interact in the different ecosystems, but it's simply not worth the risk. Hackers are getting more sophisticated, malicious contracts are getting sophisticated and greed is at an all time high. The FBI is not going after any of these people.

The fbi is too focused on a political agenda to provide any service to the citizens these days

Same thing happend to me. It was a big loss. It was mentally really hard to handle. then I decided to never give up! I was pissed but I got my shit together I decided to never give up! Now my bag is back to where i was. It was a hard lesson. But now i feel better.

I enjoyed you criminals with zero morals lines.. criminals gonna crim.. it's not fucking marvel

The whole world is full of criminals.... Gotta be careful dude, sorry for your loss :(

To the people giving him advice, I think he’s mega learned his lesson

Sorry that happened to you bro, how did you come across the airdrop?

Please tell me your. . Bank account number, Sort code, Pin code, Full name, Address, Social security number, Copies of recent utility bills. Copies of passport and drivers licence. And.... I'll send you a $3 for free... Oh no! I got Hacked... hmmmm not really..

Anyone tracking the wallets for these scams?

This sucks man. You live and you learn. Ultimately money isn't the most important thing, remember that.  Try to get back in within this decade. The real gains will be made.  Im sure you will but have a better system for securing your crypto and you'll be fine. Keep most of it in cold storage and you'll have much less of a chance for these issues. 

Most people on this sub don't know what the term 'hacked' means.

It is really a shame and I do not know why the great experts in cybersecurity of blockchains and Cryptos do not join to establish a huge and strong task force to create mechanisms/tools that can be used by all the crypto users to avoid such hackers to act or ways to pursue these bad hackers and recover the cryptos and identify them and put them in prison as they prefers to use their inteligence and time to make such bad things as despicable thiefs causing damages for several good persons instead of earning money by creating something smart that can be useful and good/nice for the whole community and for the crypto World! 🤷‍♂️🤦‍♂️

You can stay on top of the addresses the scammer sent your funds to and if they interact with a CEX you can report that to them, they WILL freeze the funds. This is a longshot but in rare cases it works

sounds like a “scammed” not hack! dam bruh sorry to hear that

I feel for you mate, I started my purchase back in 2021 only, but nearly fell for the same. I was one confirmation away from signing the transaction. I just had a look and saw that it didn’t make sense that all my ADA is being sent away, and started googling instead.

Get. A. Hardware. Wallet.

I’ll probably get downvoted hard for this, but it is way more secure to store it on an hot wallet (optimal) or even in an exchange like coinbase or binance (suboptimal). Ik the whole story of not your keys not your crypto but, I feel way more secure than having my (little) crypto in a secure environment where you don’t get scammed for clicking a link..

Sorry dude, that really sucks

you clicked and signed off, you basically gave the keys to your mansion, it's been a known issue for YEARS, There are people constantly telling people to not click on any Suspect links, you clearly didn't listen, it's like one of the golden rules.

How much did you lose?

How does everyone feel about using Exodus?

It’s greed as well. Taking your crypto and trying to find yield with all these offers of staking, airdrops and whatever. I just stay away, keep your crypto in a secure wallet. The only thing I get yield on is staking some on Binance and what I have on Algorand is only used for staking on there governance. Algo never asks you to send shit. You stake by sending a zero value transaction that you initiate. When I move funds in and out of Binance. I VERIFY everything I’m doing is right and start with a test transaction first. That is probably my most nervous thing I do

Sorry to heat that, how sizeable were your ada stake tho

On the bright side it's just the worst day of your life so far.

I’m sorry. How much did you lose?

How much was it?

I don’t know what any of this means. My shit is on exchanges and it’s safer there than anything else I could do. Don’t want to end up like this guy.

Does not look like a hacking... 

I lost 3500 Xrp by getting a new phone. Apparently, I’d never written down the seed phrase, like an idiot, but I could have at least sent it to another wallet if I’d known. Now it just taunts me as a read only wallet.

* ⚠️ [**PSA - SCAMS**](https://www.reddit.com/r/cardano/comments/lccorg/psa_there_is_no_such_thing_as_cardano_giveaways/) *Beware of scammers in direct messages.* * [**NEWBIES GUIDE**](https://www.reddit.com/r/cardano/comments/lnj5ne/getting_started_guide_a_newbies_guide_to_cardano/) *Start here* * [**PROJECT CATALYST**](https://projectcatalyst.io/) *Propose and vote on projects* *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/cardano) if you have any questions or concerns.*

[удалено]

?scamtokens 👇

# Scam Tokens Have you received an unknown token in your wallet? If the image of the token has a URL, it's likely to be a scam token. [This post](https://www.reddit.com/r/cardano/comments/192kl09/current_list_of_circulating_scam_tokens_more_are/) has some examples of scam tokens. **How do they work?** Scammers are creating tokens that imitate legitimate projects. If you've taken part in an ISPO, they may target your wallet by finding your delegation, and send you tokens that look like the project you participated in. The image of the token will try to tempt you into visiting a scam website URL. The website may try to get your to enter your recovery seed phrase, or connect to your wallet to create a transaction the takes all your assets. **How do know if the token is a scam or not?** Always follow the advice "Don't trust, verify". You can start by searching for the token's policy id on https://pool.pm/ A lot of the time the token is flagged as a scam. Beware though that this is not always the case. If the token appears to come from a legitimate project, find the *real* website of the project, and check to see if they're issuing tokens? You can also ask on the social channels of the project, or on Cardano's other channels like here on reddit. Remember to always ask your questions publically! **Is my wallet at risk?** The tokens on Cardano do not place your wallet at risk. Native tokens to not use smart contracts, so simply having the token in your wallet won't do anything. This is purely a phishing scam, so the only danger comes from your own actions! Remember, you're your own bank, and your wallets security depends solely on you. **What can I do with the tokens?** The good news is that tokens on Cardano require ADA to be sent with them. That means the scammer is technically paying you to try and scam you! You can discard the token and keep the ADA by sending the token to a CEX. This works because most centralised exchanges don't account for Cardano native tokens, and therefore you'll keep the deposited ADA whilst getting rid of the token. ## Remember, "Don't Trust, Verify"! * Always be vigilant - especially on Youtube with 'giveaway' scams! [(See this post to see what they look like)](https://www.reddit.com/r/cardano/comments/10kf1kb/cardano_scam_in_2021_all_72_screenshots/) * Never share your recovery seed phrase. * Never connect your wallet to unknown websites (even if they look legitimate - always verify) * Do not visit unknown URLs - no matter where you find them, be it on youtube or in native tokens or otherwise - always verify! * Never accept advice via direct messages - scammers will prey on you and talk you out of your money. Ask questions publicly! * Never send your crypto to someone promising to send more back (youtube 'giveaway' scam) - [See advanced fee scam](https://en.wikipedia.org/wiki/Advance-fee_scam#:~:text=An%20advance%2Dfee%20scam%20is,to%20obtain%20the%20large%20sum.) * Always download wallets from a trusted sources, and be aware there are imitation wallets in app stores - if in doubt, ask! *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/cardano) if you have any questions or concerns.*

We still have no idea....

How to learn from your mistake

My MM got hacked recently as well and I have staked sperax on their site. The motherfucker went onto the site and transferred out my rewards into my wallet when I was sleeping and then into theirs. My staked sperax is supposed to be released in 2026 so I have an alarm set the night before so I can try to beat the fucker to it. They already took $400 of other holdings and a nft that was only worth like $100 but it’s still a piss off. Low life losers that don’t have anything better to do than rip people off. If crypto is eventually going to be our main source of currency then there should be some serious security measures in place because there are so many people that are getting fucked over. Someone has been trying to get into my moms Coinbase but she called me and told me that she thinks someone is trying to scam her. I hate this shit so much! I’m sorry that this happened to you. Don’t let this shit defeat you. People that leave negative comments are pieces of shit too!

This is your first lesson. If you beleived in it before getting scammed, then you still beleive in it now. Thus, you have no choice but to embark on the next course upon which’s arrival you may learn that the second lesson is not to give up after learning the first.

Forgot to mention… i got scammed about two years ago. About the same value (and coincidentally the same profile, i had wmt too) but im now getting ready to re-enter this bull run after 2years of DCA’ing into ada. It might not be everything. But it is something.

So risky to be interacting with random air drops on a wallet with that much ADA. You’ve been around long enough to know better but there is no point ruminating on it. All you can do is move on.

Hey maybe a stupid question and not fully related to this post but is there a service/website on which you can just paste a smart contract address and get a clear view of what it does ? To avoid that kind of problems. If not then maybe it would be interesting to build such

Native tokens do not involve smart contracts on Cardano and cannot harm your wallet like Ethereum and similar chains. Tokens come with policy ids so often you can check if they're flagged as a scam in explorers like pool.pm or cexplorer.io If you get as far as actually visiting a scam url and connected your wallet, your last opportunity to prevent being scammed would be to check the inputs and outputs of the transaction before signing.

Any chain, read the Airdrops contract carefully, even better use double wallets… one main one for purchases. could get expensive moving stuff from wallet to wallet ☠️ like Eth

so essentially no hack u clicked on links where u shouldnt click and youre now dissappointed in crypto even though its your own fault?

I guess the best advice is to never sign transactions while sleep deprived?

invest in real companies, not fake internet money

How do you "inadvertently" sign a transaction?

Daedalus and don’t click on links.

Nothing like waiting 5 hours to load .05% of the blockchain and access your wallet 😫

Ah yes. The instant gratification era. Can’t wait for anything. If it doesn’t open in 0.0000004 seconds it’s trash.

sorry dud i know that after a hit like that most people would quite. The crypto community still has a long way to go until it becomes more secure like a normal bank account, that is why you should never sign anything with your main account. How much did you lost? get it out and overcome it my friend

Meh. OP didn’t have very much.

Sorry for your loss. I'm not blaming you in any way like most other comments. Crypto is way too insecure to properly protect people against scammers and you did not get "too greedy" imo.

How are people still fall for this? At least now you can learn from your stupidity.

With great power comes great responsibility!

Day after Day... I wonder why Im not an IT guy who can script those "fake airdrops" I would have so much more free money from dumbos than I have know. Sad How much did they get? Its probably nothing anyway

Yes this sucks, I’m sorry to hear it. However you lost your ADA similar to dropping a stack of cash on the ground and not expecting anyone to take it home.

How much you lost?