Phantom Wallet - Phished - LOST ALL MY SOL

Just want to warn the community so this doesn’t happen to anyone else.

On Friday, Sept 24, 2021, all my SOl (28.5 coins) was stolen from my Phantom wallet.

Before I used Phantom, I had kept it on an exchange with 2FA and yubikee, whitelisting etc, but I was curious about the Bocachica Allbridge IDO, so staked Sol on Phantom, to gain SolPower to participate.

It wasn’t worth it.

The IDO didn’t show the correct purchase amount, there was an error, so I was trying to fix this.
Someone laying in wait, masquerading as BocaChica support sent me a link and said I needed to sync my wallet.

Very quickly I realized something was wrong when they then asked me if I had any other wallets and I should sync those too, but it was too late. I went to check on my Sol and noticed my staked Sol had started the process of unstaking. I feel ashamed that I fell for it. I tried to contact Phantom to put a stop to it, and lock the whole wallet down, but I didn’t hear back. I couldn’t restake my Sol, I knew the wallet was compromised, and I couldn’t do anything, then almost 30 hours later the criminals transferred it all out.

Solana team, please can something be done?
There are addresses where it was sent to.
Please could it be reclaimed?

Anyone reading this, please don’t click any links, please don’t try to re-connect any wallet with the 12 word phrase. I didn’t think they could steal my Sol this way, it all seemed very real, and very genuine, but it was a phishing attack. I feel so stupid, but also Phantom needs 2FA, or a firebreak, withdrawal passwords - something… something because some of these criminals are one step ahead and very prepared AND because losing all that Sol, that I just cannot hope to replace, is incredibly hard.

Hi @ASTONMV8, I’m sorry to hear about how you were ripped off.

As you know, there are so many scammers and so many despicable people in the crypto space. I hope we will be rid of most of them with better security and greater education, some day.

Thankyou for sharing your story so that others can learn from your misfortune.

I’m hoping you are in it for the long term, that some good kharma will come to you and over time, you will make up your loss and so much more, many times over …

Thank you so much Neil for your kind and thoughtful words today, much needed and appreciated encouragement.

2 Likes

So sorry you got your tokens stolen!

Yes, unfortunately, I am almost certain that there is no way to reverse transactions, freeze accounts, or anything similar. Once a transaction has been made and finalized ( which takes less than a second ) it is permanent, and the only way for you to get the tokens back is to have the other side transfer it back willingly.

This is the only way the blockchain can remain secure without us having to trust even a company or organization such as Phantom or the Solana Foundation. Unfortunately this takes out the ability of those organizations to help us when we run into trouble as well.

Because of this we’re going to have to learn how we can help each-other as a community and you posting your experience here is one way to start! We’ve got to raise awareness and help educate people so that they are more ready for these things before they happen.


I’ve found that on this forum there seem to be a lot of people who run into the same issues, either scammers or transferring tokens to an account that doesn’t exist ( which effectively moves their tokens to a black hole ), and I’m sure there are other things too.

I was thinking that maybe we should start working on user-targeted documentation for Solana, and maybe blockchains in general, with a big focus on safety best-practices and calling out common problems that people have so that they can be aware of them early on, instead of after they run into trouble.

I’ve found that cryptocurrencies are often somewhat complicated and hard to tell what’s going on for new users. There is so much out there and so many different tools that it is hard to get a clear picture of how it works. Even things that seem simple such as restoring your account from the seed phrase can have surprising behavior as found by another user on the forum ( see this post ).


It also seems like there are lots of other common things that users want to know how to do as well, such as bridge between different currencies, etc. Now that I’m thinking about it, maybe we should make a blog site or something with tips and guides for people. And then we could even integrate with Like.co so that writers could get rewarded for writing useful guides! We’d want to have some sort of board or approval group that would make sure that all of the info posted to the site is of a high quality and accurate, but that could be really neat.

This kind of got off-topic ( sorry! ), but that might be worth looking into if I can find the time.