I was attempting to check my eligibility for an airdrop, and when I connected my wallet it was immediately drained. I lost about $13K in tokens. I have 400 SOL staked in that wallet. Since I think my 12 words were compromised, is there any way to recover those staked tokens? I can see they are still staked and active.
Never EVER interact with any contracts with your wallet that is staking SOL. Setup a stake wallet, write down the seed and delete the wallet from your phone. Create a new wallet just for interacting with contracts, deposit a small amount of SOL. 98% of risk is mitigated with this strategy
Yeah never do everything on one wallet.
Multiple wallets for different purposes and NFTs. And I always have a burner wallet if I feel degen about interacting with shady sites. A couple “piggybank” wallets are used to send funds to other wallets, but they are never connected to any site except for a staking site (Marinade).
And if you want to participate in some NFT mint or token mint or whatever high risk, definitely only use the burner wallets. Then send them away from the burner wallets.
Definitely start setting up this flow - tough lesson for sure.
Let’s hope this helps saving your staked SOLs:
https://www.youtube.com/watch?v=wN1cN4Sn6Lw
It seem the Hacker isn’t using an automated bot to steal your staking authority YET.
Good luck with that and so sorry for your loss.
As soon a you do that, move them to a fresh new wallet.
PS: Please next time NEVER link your hot wallet that contains such a big amount of money to any dApp like you did.
yall gotta stop messing with airdrops & giveaways
Shit :/ where did u find this? Was it related to the jupiter airdrop?
Rule #1, never use main wallet to random click on site you don’t know.
Always use a dummy wallet for airdrop.
You weren’t hacked. You willingly gave your private info to a third party. What did you think would happen?
Oh shit. Yeah man I would get a couple wallets together like a savings wallet, and then other wallets that you connect to sites randomly
So did you sign a transaction or just give authority to a dAPP to do whatever it wanted?
I’m curious because if using a hardware wallet, wouldn’t you have to sign the transaction from the device in order for your wallet to be drained?
The nicest beneficiaries of ai are hackers. Am any of bots that never sleeps will find cracks in human error eventually.
Bee safe out there
I think I figured out what I did wrong. I used the phantom app from the microsoft store instead of going directly to the Phantom website to get the extension. Absolutely grateful for the Mods who helped salvage my staked SOL😃 The fast and accurate information saved me a good chunk of coins. Thank you.