Just want to warn the community so this doesn’t happen to anyone else.
On Friday, Sept 24, 2021, all my SOl (28.5 coins) was stolen from my Phantom wallet.
Before I used Phantom, I had kept it on an exchange with 2FA and yubikee, whitelisting etc, but I was curious about the Bocachica Allbridge IDO, so staked Sol on Phantom, to gain SolPower to participate.
It wasn’t worth it.
The IDO didn’t show the correct purchase amount, there was an error, so I was trying to fix this.
Someone laying in wait, masquerading as BocaChica support sent me a link and said I needed to sync my wallet.
Very quickly I realized something was wrong when they then asked me if I had any other wallets and I should sync those too, but it was too late. I went to check on my Sol and noticed my staked Sol had started the process of unstaking. I feel ashamed that I fell for it. I tried to contact Phantom to put a stop to it, and lock the whole wallet down, but I didn’t hear back. I couldn’t restake my Sol, I knew the wallet was compromised, and I couldn’t do anything, then almost 30 hours later the criminals transferred it all out.
Solana team, please can something be done?
There are addresses where it was sent to.
Please could it be reclaimed?
Anyone reading this, please don’t click any links, please don’t try to re-connect any wallet with the 12 word phrase. I didn’t think they could steal my Sol this way, it all seemed very real, and very genuine, but it was a phishing attack. I feel so stupid, but also Phantom needs 2FA, or a firebreak, withdrawal passwords - something… something because some of these criminals are one step ahead and very prepared AND because losing all that Sol, that I just cannot hope to replace, is incredibly hard.