Tokens disappeared from the wallet

After several days of using the Phantom wallet on the Rydium platform, all tokens from my wallet = 35YHDn4ZBPSHUGQgWFy8TjC37wgKCzX8RxqKR6vx5PE2 using the “CreateAssociatedAccount Spl-Transfer” command were transferred to an unknown address = DzRVmn4GUbjCudZG7z3wgKsEXRwReruaqDk8pM8LHPRQ . I did not conduct these transactions, my tokens are still on the wrong address. How this could happen, and how to get the tokens back?

1 Like

Hi @nemetscom and welcome to the forum! :wave:

It sounds like you might have gotten hacked somehow. See this post for some ways it might have happened and how you might be able to help avoid it in the future:


Or, maybe there’s some other confusion here. Once I get the chance I’ll check out the transactions on Solscan and see if I an figure anything out.

Well thank you I will wait

Yeah, after looking at it looks like whoever it was just swiped your tokens. Sorry about that!

You’ll want to generate a new wallet phrase at least, don’t put anything else in that wallet.

Strange, but his account type is different from the usual one. Maybe it’s some kind of pool. And the type of transaction for which the tokens may have been stolen are also different from the usual ones.

@nemetscom Where did you get those details screenshots?

Normal wallet accounts are owned by the System Program, so that’s normal.

On your account, the owner is none, and the rent reserve is not available because all of your SOL has been exhausted, so there isn’t any SOL to pay rent and the account doesn’t have an owner because it’s account file has been deleted I think. ( Though the transactions are still permanent, so it’s not like your account is gone ).

So everything looks in order ( other than the fact that the guy stole your tokens ).

Also the “Create associated account” instruction is used every time somebody transfers an SPL token to a wallet for the first time. So that just means that whatever tokens he stole from you, he didn’t have that kind of token in his wallet before he stole them.

I had the same issue, and I think I know what happened !
I downloaded a fake version of one of the wallets that seemed off but thought that it was just a bug but that Fake version of Solflare* on Google PlayStore is the reason because there’s a Reddit article about it as well
So as the Zicklag suggested try to transfer whatever is left to a newer once and be careful with the wallets you use even if they’re on PlayStore

1 Like

Now it’s all clear. Thank you. Screenshots are taken from https://solana.surf

1 Like

Yes, exactly, I have a fake Solflare wallet installed on my phone. Now I will be more attentive. Thank you for the clarification.

Does Solana have the ability to blacklist this scammers wallet on the blockchain so that they cannot take advantage of the loot? They should be punished.

Ah, good job noticing that! Thanks for sharing.

No there isn’t a way to do that.

The issue is that if there was a way to do that, then there would be a way for people, companies, governments, etc, to lock other honest people’s accounts just because they want to.

Fundamentally, the blockchain has to give everybody the full right to do what they want with their money, even if it was stolen. This is motivation for us to try and come up with ways to help protect people from scams, and educate people so that they can protect themselves.

Like maybe you guys should leave a review on the app store for that app to help alert people to the scam.

There is also a list of banned usdc addresses.

https://support.usdc.circle.com/hc/en-us/articles/360016060352-Can-a-customer-send-USDC-tokens-to-any-address-Can-addresses-be-blacklisted-#:~:text=to%20any%20address%3F-,Can%20addresses%20be%20blacklisted%3F,ERC-20%20compatible%20digital%20wallet.&text=A%20global%20blacklist%20is%20maintained,order%20or%20global%20sanctions%20restriction.

@nemetscom You’re not the only one… definitely a professional hack, looks like that address was taking tokens from hundreds of other addresses around that date.