john2014
commented
2 years ago I installed the nami wallet chrome extension yesterday from this link: https://namiwallet.io/
Closed john2014 closed 2 years ago
john2014
commented
2 years ago I installed the nami wallet chrome extension yesterday from this link: https://namiwallet.io/
john2014
commented
2 years ago Hello sorry for the inconvenience are you still having same problem
Yes, Nami wallet took 4.1 ADA out of my wallet and sent it out to someone else wallet. That someone else wallet keeps growing in size. I have not received a refund yet. I have version 3.1.0 installed.
Is nami wallet hacked and transferring fund to scammers wallet?
john2014
commented
2 years ago It appears other peoples nami wallet are also getting hacked.
Example: https://github.com/Berry-Pool/nami-wallet/issues/259
Here 248 ADA was transferred out of nami wallet. Around 42% went to scammers wallet (which contains around 38 million ADA) and remaining 58% was returned back to original wallet. This is similar to mine where 41% funds were sent to scammers wallet and remaining 59% was returned back.
This is a very serious issue. Please solve this ASAP.
nibarulabs
commented
2 years ago This is concerning. First off, I'm not a Nami developer. However, I've read through the code over the past few months quite a bit and I have not yet found a place in the code that would do this sort of split transaction or siphoning. Doesn't mean it isn't happening, though. I've looked at your transaction above as well and it does look like some amount it going to an address with quite a bit of ADA.
A few things that are concerning here (and I've pulled Nami support from our site for now) are:
To be clear, I have not 'audited' the code nor am I claiming I know everything it does. I have read through a lot of it, however, to learn how our site can compose transactions, send the cbor hex to the Nami side and use the api to successfully have Nami sign the transactions.
Also, I have followed the developer @alessandrokonrad for quite a few months and he has done a lot of work in the Cardano community with his own NFT collection, Berry pool, cardanocli-js, etc. So, he seems legit. However, in the world of crypto, without direct communication, that does not mean scams are not possible. Also I would say, I have not looked for him or the other committers on twitter or anywhere else, so they could be in communication and I am missing that (I'm currently dealing with these issues above and have not yet spent time tracking anyone down).
As someone that has a site that has paused creating transactions for Nami, my recommendation at this point it better safe than sorry and you might consider pausing until you can get some answer. The fact that Nami hasn't worked for me the past few days is a flag for me. But that's just me - ymmv.
Do your own research, help where you can, don't run around with hair on fire, but use caution. And, don't trust me either. :) Hopefully this is resolved soon and this project can get this back on track because I have a lot of time invested in Nami integration and I'd hate to have to rip it all out.
john2014
commented
2 years ago No way to contact developer/team directly other than issues piling up here
The developer does have a twitter account: https://twitter.com/berry_ales I found this out by going to https://twitter.com/NamiWallet/ There does not seem to be a team, just one person who (based on twitter profile) is computer science student at german university. He also do not have direct messaging on twitter enabled. So no way to reach him. His twitter post have huge amount of replies; but I dont know if he reads all of them.
No transactions I've tried over the past few days have gone through/out using Nami (I have sent them directly from cardano-cli slowly)
I wanted to buy sundaeswap token when it launched yesterday, but every single transactions were also failing. I tried around 100 times for many hours. Twitter and reddit are filled with comments saying (a) do not use nami since transactions would not go through (b) withdrawing funds also would not go through.
I finally got fed up and tried to transfer funds to another wallet. This also kept failing. Then I added the word "withdraw" in the comments section (while sending funds). Nami wallet said transaction succeeded.. This is where it transferred 41% of funds to scammers wallet and returned back 59%
To be clear, I have not 'audited' the code nor am I claiming I know everything it does. I have read through a lot of it, however, to learn how our site can compose transactions, send the cbor hex to the Nami side and use the api to successfully have Nami sign the transactions.
Two reasons I chose nami wallet is (a) it was listed as official wallet on sundaeswap and (b) youtuber I trust recommended it (which I am now doubting). I did not realize that nami wallet is built by one person still in college. One person (especially young) would simply not have the huge amount of knowledge and experience required to create a unbreakable app; especially when the hackers have decades of experience hacking these things. I have been coding for 30+ years and I alone would not feel comfortable building crypto wallet. Where money is involved there will always be hackers. Even famous CEX and DEX with hundreds of employees are getting hacked. Here is a good site which tracks these: https://rekt.news/
Also, I have followed the developer @alessandrokonrad for quite a few months and he has done a lot of work in the Cardano community with his own NFT collection, Berry pool, cardanocli-js, etc. So, he seems legit.
He also appears to be legit. But the nami wallet code could still be infected and he may not be aware of it. This is how XSS and many similar attack works where the site owner do not know their site is infected and downloading malware in visitors computers.
The fact that Nami hasn't worked for me the past few days is a flag for me. But that's just me - ymmv.
Yeah, all other DEX, CEX and wallets can transfer cardano coin successfully within 30 minutes. But transferring funds out of wallet either does not work on nami wallet (transaction failed) or 41% goes to scammers and rest is returned back to senders wallet (transaction succeeded). Based on reddit and twitter comments this is definitely an issue going on for much longer.
Do your own research, help where you can,
Yeah, I should have checked reddit, twitter, etc and read all comments before transferring funds into nami wallet. Funds go in successfully and but does not go out :)
Scammer Wallet 1: https://cardanoscan.io/address/addr1wxaptpmxcxawvr3pzlhgnpmzz3ql43n2tc8mn3av5kx0yzs09tqh8 (wallet contains around 38 Million ADA) Scammer Wallet 2: https://cardanoscan.io/address/addr1wy2mjh76em44qurn5x73nzqrxua7ataasftql0u2h6g88lc3gtgpz (wallet contains around 500000 ADA).
Also I checked the incoming transactions for both of the scammers wallet above. And it seems every single incoming transaction is a split where some percentage is going to scammers wallet and rest is returned back to senders wallet. This is a HUGE red flag.
Do you know anyone on cardano team where these issues can be escalated?
john2014
commented
2 years ago I just checked github issue page: https://github.com/Berry-Pool/nami-wallet/issues and there are now more than 100 issues; most of which either says (a) transaction fails while buying crypto, (b) unable to transfer funds out to another wallet or (c) crypto simply disappears from their wallet.
People who are complaining simply keep increasing. The worse part is developer of nami wallet has not replied to a single issue.
BillJones50
commented
2 years ago Other people are having problems with ADA simply disappearing from NAMI Wallet:
More user complains on twitter (scroll to bottom): https://twitter.com/berry_ales/status/1484285151647522819
katie20
commented
2 years ago One twitter user says you have to set the collateral in your settings, so that transaction does not fail
https://twitter.com/kiwwizz/status/1484285016859463681
Can the developer or someone confirm this?
HeptaSean
commented
2 years ago These “scammer wallets” are the smart contract addresses of SundaeSwap. The transactions are just you all trying to play around with that thing, coming through many hours later, because everybody wanted to play around with it.
Part of the transaction going back to you is also totally normal for a transaction. They always have to take whole UTxOs in and if that does not by a very small chance fit exactly what you want to send, the desired amount go to the target and the change is coming back. No “huge red flag”, there.
john2014
commented
2 years ago The transactions are just you all trying to play around with that thing, coming through many hours later, because everybody wanted to play around with it.
Did you even read the detailed posts above or are you simply blabbering? I was not playing around. I have already done hundreds of transaction with other online wallets. In this case, I sent a transfer from my nami wallet to another of my wallet. 41% of funds went to a completely different wallet and 59% of funds were returned to my original sender (nami) wallet. I was not playing around.
They always have to take whole UTxOs in and if that does not by a very small chance fit exactly what you want to send, the desired amount go to the target and the change is coming back. No “huge red flag”, there.
The reg flags are (a) the desired amount did not goto "target". Exactly 0 ADA was received by the target. Instead 4.1 ADA was sent to completely random wallet (b) Other people (as listed above) are also experiencing this issue [funds sent to random wallet, wallet becoming completely empty, etc] (c) there is no reply from the developer on this issue or other issues users are posting.
No one is talking about "mempool full" error. Speaking of congestion, all other DEX, CEX and Wallets are able to send/receive ADA. But nami wallet keep giving transaction erroreven after 100+ tries for many hours.
I was doing more research on this issue and came across cardano forum where this was posted: https://forum.cardano.org/t/is-nami-wallet-hacked/93319/2
You have also replied over there. So here are my answers:
I don’t see anything suspicious in that transaction.
Of course you don't since you did not even read the issue properly.
He did some transaction with SundaeSwap, like obviously everybody did, the past 24 hours.
This has nothing to do with sundaeswap. I sent 10 ADA from my Nami wallet to another of my wallet. It instead sent 4.1 ADA to random wallet. In addition it deducted around $0.18 as transaction fees. Again nothing to do with sundaeswap.
The target address is the SundaeSwap smart contract.
So why are my crypto been sent to sundaeswap smart contract when I am sending them to my wallet. Do you not see a huge problem with this?
As for the reviews: As can also be seen here in the forums, when something is not running as smoothly as wanted, everybody screams “Scam!” the next minute.
No one is screaming "Scam" in this thread. We have genuine concerns, faced by multiple people, that needs to be resolved. No answers from developers is also not helping. If the wallet has bugs (which is always a possibility), it is in everyones interest to have it fixed.
Heck, noone forces you to try trading Mickey Mouse money on the first day.
Are you saying Cardano or SundaeSwap is actually mickey mouse money? Please stop posting. You have added nothing useful and are simply wasting everyones time.
john2014
commented
2 years ago While doing more research I came across how you can import or "transfer" funds to either ccvault.io or adalite.io if you have transaction problems on nami wallet,
Here are the steps:
You should now see funds that were available in nami wallet also appear in ccvault/adalite wallet. You should now be able to send/receive coins. If you are sending coins to another wallet, it may take upto 10 minutes for coin to appear in new wallet.
HeptaSean
commented
2 years ago Did you even read the detailed posts above or are you simply blabbering?
I did look in detail at the transaction you are claiming to be fraudulent.
In this case, I sent a transfer from my nami wallet to another of my wallet.
How do you know that the transaction you linked is actually the one, where you sent ADA to your other wallet?
It's much more plausible – given the congestion of the backend used by Nami – that your transfer to your other wallet did not go through (by now).
And the transaction, you/we are looking at is another one, probably done many hours earlier.
41% of funds went to a completely different wallet and 59% of funds were returned to my original sender (nami) wallet.
The percentages are totally irrelevant. As previously said, in almost every Cardano transaction, change goes back to the originating wallet. Just look at the transaction that you used to fund your Nami wallet: https://cardanoscan.io/transaction/4cfc1d63a2e77140a291fdf4e2891d422a9242900cc496421af17d9a9dead144 99.9% returned to the original wallet. Does not say anything.
I was not playing around.
Look at the metadata of the transaction that you think is fraudulent: https://cardanoscan.io/transaction/b848175625866e1ef829d39ad0edc7b81a96fa6c3de70cc75e6172a996815dfe?tab=metadata
It is an order for worldmobiletoken. Did you try to get worldmobiletoken through SundaeSwap, perhaps many hours before that transaction finally arrived in your history?
The reg flags are (a) the desired amount did not goto "target". Exactly 0 ADA was received by the target. Instead 4.1 ADA was sent to completely random wallet
As above: Two different transactions? The one you are linking looks like a totally legitimate order to SundaeSwap that just has nothing to do with you trying to send to your other wallet.
(b) Other people (as listed above) are also experiencing this issue [funds sent to random wallet, wallet becoming completely empty, etc]
Wild mixture of consequences of the congestion, confusion and user errors. It is astonishing, how many people swear that they are using the right seed phrase and hours later find the really right one.
(c) there is no reply from the developer on this issue or other issues users are posting.
Probably has not found the time.
Speaking of congestion, all other DEX, CEX and Wallets are able to send/receive ADA. But nami wallet keep giving transaction erroreven after 100+ tries for many hours.
Main point of congestion was the backend that Nami uses. Even if he wanted to change that, it would require an update of the whole app. Of course, other apps that use other backends can work, at the same time. It was not the whole Cardano network that was congested.
I was doing more research on this issue and came across cardano forum where this was posted: https://forum.cardano.org/t/is-nami-wallet-hacked/93319/2
I don’t see anything suspicious in that transaction.
Of course you don't since you did not even read the issue properly.
I have. Also confer the answer there.
The target address is the SundaeSwap smart contract.
So why are my crypto been sent to sundaeswap smart contract when I am sending them to my wallet. Do you not see a huge problem with this?
Did you try out SundaeSwap earlier on the same or the previous day? Did you authorise to try to buy worldmobiletoken for a couple of ADA?
Heck, noone forces you to try trading Mickey Mouse money on the first day.
Are you saying Cardano or SundaeSwap is actually mickey mouse money?
No, I'm not referring to ADA themselves.
But, up to now, you can only exchange native tokens on SundaeSwap that have very little connection to the real world. All these tokens can mostly only be exchanged for other tokens or ADA. A wholly self-referring game. Looks like Mickey Mouse money to me.
john2014
commented
2 years ago How do you know that the transaction you linked is actually the one, where you sent ADA to your other wallet?
In NAMI Wallet, whenever there is a successful transaction (transfer 10 ADA to my wallet), it display the transaction ID with link to cardanoscan website. This is the transaction ID in the very first link.
Just look at the transaction that you used to fund your Nami wallet: https://cardanoscan.io/transaction/4cfc1d63a2e77140a291fdf4e2891d422a9242900cc496421af17d9a9dead144 99.9% returned to the original wallet. Does not say anything.
To clarify what this means is: After installing NAMI wallet, I did a small transfer of 10 ADA (11 ADA - 1 ADA transaction fee) to nami wallet. Though it says around 15000 ADA was sent, I only sent 10 ADA from my wallet to nami. And no 99% of funds did not return to my original wallet because I do not have that much ada in original wallet.
Look at the metadata of the transaction that you think is fraudulent: https://cardanoscan.io/transaction/b848175625866e1ef829d39ad0edc7b81a96fa6c3de70cc75e6172a996815dfe?tab=metadata It is an order for worldmobiletoken. Did you try to get worldmobiletoken through SundaeSwap, perhaps many hours before that transaction finally arrived in your history?
I did not place order for WMT. I could have already purchased this token many weeks back from muesliswap (first cardano dex). If 4.1 ADA was used to purchase WMT that is incorrect/fraudulent. Also I do not see any WMT in my wallet. Shouldnt WMT token appear in nami wallet?
As above: Two different transactions? The one you are linking looks like a totally legitimate order to SundaeSwap that just has nothing to do with you trying to send to your other wallet.
Whenever I place an order or send coins - the amount is different. This lets me easily identify which transactions go through. The 10 ADA outgoing from my nami wallet was to my external wallet. Out of this 4.1 ADA was deducted and 5.9 ADA was returned back.
But, up to now, you can only exchange native tokens on SundaeSwap that have very little connection to the real world. All these tokens can mostly only be exchanged for other tokens or ADA. A wholly self-referring game. Looks like Mickey Mouse money to me.
IIRC sundae swap had initially planned to also have a stablecoin (D-JED) but they were unable to integrate it by this timeframe. Hence they chose to launch with these coins.
I noticed you are still posting both here and in cardano with different comments? Why not post everything here in one place? https://forum.cardano.org/t/is-nami-wallet-hacked/93319/4?u=mm2000
I have already answered most of your questions above in this post. The question below I already answered in post above.
But accusing Nami of being a scam with so little insight is just not okay.
Again - NO ONE in this thread is calling NAMI a scam. Here is my original quote from above:
No one is screaming "Scam" in this thread. We have genuine concerns, faced by multiple people, that needs to be resolved. No answers from developers is also not helping. If the wallet has bugs (which is always a possibility), it is in everyones interest to have it fixed.
I really do not understand (a) why you post different answers to different places, (b) keep thinking we are saying nami is scam (when we specially said we do not think so), (c) if there is a genuine bug, let the developer look into this instead of simply been dismissive.
I am waiting for developer to respond. If he doesnt respond in few days, I will close this issue.
HeptaSean
commented
2 years ago Just look at the transaction that you used to fund your Nami wallet: https://cardanoscan.io/transaction/4cfc1d63a2e77140a291fdf4e2891d422a9242900cc496421af17d9a9dead144 99.9% returned to the original wallet. Does not say anything.
To clarify what this means is: After installing NAMI wallet, I did a small transfer of 10 ADA (11 ADA - 1 ADA transaction fee) to nami wallet. Though it says around 15000 ADA was sent, I only sent 10 ADA from my wallet to nami. And no 99% of funds did not return to my original wallet because I do not have that much ada in original wallet.
That is interesting. Have you considered the possibility that the suspicious transaction is not really a transaction of your wallet?
Because the wallet/address that send these 4.1 ADA is this: https://cardanoscan.io/address/addr1qy2r82ckll58xjdjjjugd74wlqu6krcudhjk4hw9c3tgauaxk6xhdh23sgcde7mkqnm77v8xc4lplv0qcd548lzmvfesftgp0c (Your suspicious transaction is the third one – from bottom as well as top – at the moment.)
And it definitely got its first 11 ADA and then another 2620.2038 ADA from this wallet with 1.2 million ADA in it: https://cardanoscan.io/address/addr1q9kj2rver35xl4xa3nlz0fmenpp7n200vsfj30ccl7ve2ppvep55nfane06hggrc2gvnpdj4gcf26kzhkd3fs874hzhss6fl4y
Is that your wallet, nevertheless?
Does the suspicious transaction show up in your history right now?
Since you found out about the ability to restore/import in other wallet apps (something the friendly people in the Cardano Forum would have told you in the first 20 minutes): Did you import your wallet there? Does the suspicious transaction show up there?
How do you know that the transaction you linked is actually the one, where you sent ADA to your other wallet?
In NAMI Wallet, whenever there is a successful transaction (transfer 10 ADA to my wallet), it display the transaction ID with link to cardanoscan website. This is the transaction ID in the very first link.
Also interesting. Maybe there is a bug showing wrong transaction IDs. Or Cardanoscan had a hickup. Or you clicked somewhere else too fast.
I did not place order for WMT. […]
Would also fit the “We are not even looking at your account the whole time.” explanation.
Can you agree that sending a meager 4.1 ADA to a contract that obviously really does successful swaps would be a really, really strange scam?
I noticed you are still posting both here and in cardano with different comments? Why not post everything here in one place? https://forum.cardano.org/t/is-nami-wallet-hacked/93319/4?u=mm2000
I came here because of that thread. Copy and paste answers would be rude. It's different conversations with different people.
But accusing Nami of being a scam with so little insight is just not okay.
Again - NO ONE in this thread is calling NAMI a scam. Here is my original quote from above:
No one is screaming "Scam" in this thread. We have genuine concerns, faced by multiple people, that needs to be resolved. No answers from developers is also not helping. If the wallet has bugs (which is always a possibility), it is in everyones interest to have it fixed.
Okay, acknowledged.
Still, you are speaking of “Scammer Wallet 1”, “Scammer Wallet 2”, speculating about the abilities of the Nami developer, … And the Cardano Forum post (which originally prompted me to this) is even worse spreading FUD.
Yes, the developer is not very responsive. Did he promise to be? I would also not be if hundreds of nervous people want my attention for things that can 99% be fixed by waiting, switching wallet apps, or searching for the correct seed phrase. You cannot pay the customer service team of a real bank with the profits of a small stake pool and a free app.
First thing in an issue should be finding out what really is happening.
I really do not understand (a) why you post different answers to different places,
Different conversations with different people. I promise you if a resolution is found here, I'll correct it there.
(b) keep thinking we are saying nami is scam (when we specially said we do not think so),
Acknowledged.
(c) if there is a genuine bug, let the developer look into this instead of simply been dismissive.
I'd like to find out, what's really going on. That also helps fixing the bug. If there even is one.
mickfatal
commented
2 years ago It has to be related to nami because when I put in the wrong seed phrase it highlighted in red, it knew it was wrong before I submitted it
john2014
commented
2 years ago Since there is no response from developer, I am closing this issue.
rxdn
commented
2 years ago Scammer Wallet 1: https://cardanoscan.io/address/addr1wxaptpmxcxawvr3pzlhgnpmzz3ql43n2tc8mn3av5kx0yzs09tqh8 (wallet contains around 38 Million ADA) Scammer Wallet 2: https://cardanoscan.io/address/addr1wy2mjh76em44qurn5x73nzqrxua7ataasftql0u2h6g88lc3gtgpz (wallet contains around 500000 ADA).
"Scammer Wallet 1" is the contract address for SundaeSwap and "Scammer Wallet 2" is the contract address for MuesliSwap.
Also I checked the incoming transactions for both of the scammers wallet above. And it seems every single incoming transaction is a split where some percentage is going to scammers wallet and rest is returned back to senders wallet. This is a HUGE red flag.
This is not a "HUGE red flag" - this is how Cardano's eUTXO model works.
HeptaSean
commented
2 years ago "Scammer Wallet 1" is the contract address for SundaeSwap and "Scammer Wallet 2" is the contract address for MuesliSwap. This is not a "HUGE red flag" - this is how Cardano's eUTXO model works.
Tried to explain that. To no avail. He wants to speak to the manager. And since the manager was not available, this issue is closed.
I tried to transfer 10 ADA from NAMI Wallet to another cardano wallet. Here is the transaction ID: https://cardanoscan.io/transaction/b848175625866e1ef829d39ad0edc7b81a96fa6c3de70cc75e6172a996815dfe
The from address is correct. However it deducted 4.1 ADA and transferred it to someone else wallet: https://cardanoscan.io/address/addr1wy2mjh76em44qurn5x73nzqrxua7ataasftql0u2h6g88lc3gtgpz and it refunded 6.72 ADA back to original wallet. My new wallet where I was expecting the funds is still 0 ADA.
The wallet address above (where it incorrectly transferred 4.1 ADA) keeps getting bigger and already has around 500000 ADA already and growing very fast.
I checked the address of the wallet where I want to send ADA to, multiple times. But it still incorrectly sent it to this huge every growing wallet.
Why is NAMI wallet transferring funds to someone else wallet. Can you please resolve this issue and refund the funds.