All Crypto assets stolen from Exodus - Anything I can do?

[devincox5]

I had about $33k of Crypto assets in my Exodus wallet spread out across Bitcoin, Bitcoin Cash, Litecoin, Dash, and EOS. I logged in an hour ago and all my balances were at 0, and every coin had been transferred out an hour earlier.

I don't know how the theft occurred. I specifically stopped using online wallets, and switched to a software wallet to be more secure. I used a unique password to login to Exodus, and my laptop that Exodus is installed on has been in my possession the entire time.

Right now though I am trying to figure out if there is anything I can do to recover some or all of my funds. I emailed Exodus support already.

This is really bad. I keep throwing up. Apparently that is how I react to having that much money stolen from me.

My first thought was that there is nothing I can do. But I thought I would ask. Are there any companies or specialists that can assist in this? I am eager to pay someone if they actually think they can help me recover some funds. Anything I can/should do right now? Any help is greatly appreciated. Thank you.

[1714114893]

1714114893

[1714114893]

1714114893

[1714114893]

1714114893

[1714114893]

1714114893

[1714114893]

1714114893

[1714114893]

1714114893

[EthanB]

If everything you have said is true, then unfortunately not. I do not believe you have any ability towards recourse. The best advice I can give you moving forward would be to utilize cold-wallets or offline wallets for better security. Paper wallets have been proven pretty secure as well, but as far as retrieving your stolen funds go, there is nothing that can be done. Your biggest hope should be that the wallet is experiencing a glitch or desynchronization of some kind that is causing your balance to be displayed incorrectly. I would check to make sure that indeed there are outgoing transactions that resulted in the funds being taken. If there are no transactions that have gone out, then your funds should still be there and accessible through a re scan or importing your private keys to another wallet.

[dumplingsandsushi]

I had about $33k of Crypto assets in my Exodus wallet spread out across Bitcoin, Bitcoin Cash, Litecoin, Dash, and EOS. I logged in an hour ago and all my balances were at 0, and every coin had been transferred out an hour earlier.

I don't know how the theft occurred. I specifically stopped using online wallets, and switched to a software wallet to be more secure. I used a unique password to login to Exodus, and my laptop that Exodus is installed on has been in my possession the entire time.

Right now though I am trying to figure out if there is anything I can do to recover some or all of my funds. I emailed Exodus support already.

This is really bad. I keep throwing up. Apparently that is how I react to having that much money stolen from me.

My first thought was that there is nothing I can do. But I thought I would ask. Are there any companies or specialists that can assist in this? I am eager to pay someone if they actually think they can help me recover some funds. Anything I can/should do right now? Any help is greatly appreciated. Thank you.

Wow, that is terrible.

The sad thing about all of this, is that you can not get your funds back, it is gone.
I would be throwing up too.

If someone was able to hack your exodus wallet, then you most likely have a trojan horse or exe command buried deep in your computer.
then they would be able to manually access your wallet.

The other way, but to me more improbably way, is if there was spyware or some kind of phishing bot on your computer that was able to see your login password and also get access to your keys.  They would then be able to use exodus on any computer and back up your adresses and keys to your computer.

The first step is to clean up your computer.  Norton or McAffee just won't do.  I suggest taking it to an expert but at least start with something like malwarebytes.  But the problem is, a lot of these trojan horses are designed to be undetectable by anti virus programs so it's better to seek out an expert.

The next step is to seriously evaluate your financial situation and move forward.  You can basically treat this the same as getting mugged.  Listen, there might be some people who will be like, "You should have used a hardware wallet!" but you should never blame yourself in this situation.  When someone targets you, sometimes they will get what they want no matter what you do.

There was a guy in the altcoin forum a couple months ago who had put his entire life savings (around 50k) into crypto and lost it all.
He chronicled his recovery process for awhile, venting in these forums seemed to help.
But he basically had to reevaluate everything in his life to move on.

[devincox5]

They were definitely all transferred out. I have the addresses each asset was sent to. Would that help anyone identify the thief? I have tried Googling for Crypto recovery services, but they don't seem to exist. Surely there are white hat hackers out there that could do something with each of the addresses my money was sent to? At least tie a name to the addresses or something? Definitely willing to pay someone for help.

It was a pretty sophisticated hack. My phone number also got switched to a different phone. It looks like that is how they got my Gmail password. They transferred my phone number to their phone somehow, then used that phone number to recover the password for my email address. I already got the phone number back, but I had no idea it was so easy for hackers to just steal your phone number for password recovery purposes.

I received an email reply back from Exodus, and had a question maybe someone here could help with:

"You see, everything is stored locally on your computer, protected by heavy encryption. Nothing is stored on our servers. So, in order for someone to steal your funds they need to have one of the following:
1. Your Private Keys
2. Your 12-word phrase
3. Your Exodus password and physical access to your computer
4. Your Exodus password and your Email Backup Link."

All of that makes sense to me except #4. I wrote my 12-word phrase down on paper, and never stored it digitally, but I did still have the backup link in my email. So that means to steal all my funds all someone needed was the link that was in my email and my password? That seems incredibly insecure to me, and I had no idea keeping that email was a vulnerability. Why would Exodus create such an obvious vulnerability.

I still don't know how they got the Exodus password because that was different than my email password or any other password.

[EthanB]

You mentioned that they switched your phone number to their phone and this is how they were able to nullify 2FA, acquire access to your e-mail and effectively compromise your entire system of accounts. I think that this is a problem that T-Mobile had in the past, with popular youtubers having their phone numbers transferred to another phone fradulently. I believe the schemer pretends to be an employee and requests a new SIM card to be shipped. They simply pop in the delivered SIM card and they have your phone number and access to anything that is locked behind 2FA involving your phone. Once they've done this, the rest of the access is basically an open door for them to walk through. It is unfortunate when a single vulnerability can grant access to an entire web of information. Try to avoid having this single point of attack that will grant such access.

Identifying the attacker will not do you much good as far as I know. It is possible, certainly, but to what benefit? The vulnerability of E-mail back-up links, I agree, is foolish. These are the types of things to look out for when considering the security of a particular wallet or company. If a simple link, sent through email is enough to compromise $30,000+, then that should be made perfectly clear or avoided all together. This is a good indicator that the perpetrator is involved in many other shady or illegal activities. It might be of some benefit to track them down, it certainly is possible, but it will be difficult and the outcome even if identified is uncertain.

[Kakmakr]

Your problem is the Gmail account that you used. One of my friends lost 4 weeks of income from his Ethereum mining, because someone hacked his Gmail account and then changed his password for his local exchange. These webmail services are the weak link in the chain.

If you do not enable 2FA for everything you do on these services, then you are opening yourself up to hacks like this. I am very sorry to hear about your loss. You could contact your webmail provider to try and trace the computers IP address, but most of these hackers will remote to other computers that they hacked to do this. So you would be re-directed to the computer that they hacked.

The coins will move through several services that would mix the coins, so you will only be able to trace it to the first service they used and then it will be gone. <illegal gambling operations & mixer services>

[crocozino]

wow, seems someone cloned your phone and then he got the access to your wallet
I guess in order to clone your number he should has access to your phone?
but before doing that, he has to be sure you have some digital assets cause in other way there is no point for him to clone the phone.
that leads me to conclusion that the guy who stole money, should have to know you.

[Heisenberg_Hunter]

33k is really a huge amount, and some people have those as their lifetime savings. I stead of going with exodus, you could have gone for a hardware wallet. Hardware wallets are so safe, that is stealing of funds would occur only if you lose the hardware wallet. Having the address alone is not enough to find out to whom does the wallet belong. Gmail is a poorly secured mail where even the newbie hackers can go through them. As most people try to use multisig wallet, it would really be difficult for you to find out who stole your funds.

Once in this forum, someone launched a campaign and handed over the funds which was in eth to a newbie campaign manager which had a value of 10k$. When the campaign ended, he didn't even reply and when his wallet was checked, the funds were sent to various addresses and when those wallets were checked,  the funds moved to another wallet establishing a long chain of connected scam accounts and it was very difficult to track down. Similarly your funds could even move to many connected accounts and some would have even moved to some mixers which makes us quite very difficult to track down.

I suggest you to post a topic in Technical Support, so that anyone could help you and it is not like Bitcoin Discussion were your thread would be buried with spams.

[bob123]

I had about $33k of Crypto assets in my Exodus wallet spread out across Bitcoin, Bitcoin Cash, Litecoin, Dash, and EOS.

You should never store an amount which you cant afford to (or don't want to) lose on a desktop wallet.
Desktop wallets are the second unsecured wallet right after web wallets.
For larger amounts you should either use a paper wallet or a hardware wallet (60$+).

I logged in an hour ago and all my balances were at 0, and every coin had been transferred out an hour earlier.
I don't know how the theft occurred. I specifically stopped using online wallets, and switched to a software wallet to be more secure. I used a unique password to login to Exodus, and my laptop that Exodus is installed on has been in my possession the entire time.

A new exodus vulnerability has been spotted a few weeks ago.
This may have been the cause for your loss.
I'm not sure what kind of vulnerability this exactly was, but most probably your PC would have to be infected to make use of it.
Did you check your pc for malware?

Quite a lot of people had problems with exodus. Not everyone has lost funds due to exodus, but its still a buggy wallet.

My first thought was that there is nothing I can do. But I thought I would ask. Are there any companies or specialists that can assist in this? I am eager to pay someone if they actually think they can help me recover some funds. Anything I can/should do right now? Any help is greatly appreciated. Thank you.

Unfortunately nothing can be done to retreive your coins.
The only thing you could try is to go to your local law enforcements and register the theft.
But the chances of getting your coins back is very low.

[Lucius]

They were definitely all transferred out. I have the addresses each asset was sent to. Would that help anyone identify the thief? I have tried Googling for Crypto recovery services, but they don't seem to exist. Surely there are white hat hackers out there that could do something with each of the addresses my money was sent to? At least tie a name to the addresses or something? Definitely willing to pay someone for help.

It was a pretty sophisticated hack. My phone number also got switched to a different phone. It looks like that is how they got my Gmail password. They transferred my phone number to their phone somehow, then used that phone number to recover the password for my email address. I already got the phone number back, but I had no idea it was so easy for hackers to just steal your phone number for password recovery purposes.

I received an email reply back from Exodus, and had a question maybe someone here could help with:

"You see, everything is stored locally on your computer, protected by heavy encryption. Nothing is stored on our servers. So, in order for someone to steal your funds they need to have one of the following:
1. Your Private Keys
2. Your 12-word phrase
3. Your Exodus password and physical access to your computer
4. Your Exodus password and your Email Backup Link."

All of that makes sense to me except #4. I wrote my 12-word phrase down on paper, and never stored it digitally, but I did still have the backup link in my email. So that means to steal all my funds all someone needed was the link that was in my email and my password? That seems incredibly insecure to me, and I had no idea keeping that email was a vulnerability. Why would Exodus create such an obvious vulnerability.

I still don't know how they got the Exodus password because that was different than my email password or any other password.

It seems to me that this was done by someone who knew the exact value of your wallet,so try to remember have you mentioned someone that you are involved with cryptocurrency?I do not see a different way that you are become target,except that you post your e-mail somewhere and when hacker is cracked your e-mail password he see opportunity in that e-mail backup link for Exodus.

I can not believe that Exodus left such a security risk to users,and since this is multi-asset wallet when you get hack you lose everything.Although Exodus does not take responsibility for such a case, I think part of the responsibility is on them just because they allow such a possibility as it is Email Backup Link.

Regarding Exodus password,is it possible to reset that password with e-mail?Since the hacker get access to your e-mail,maybe he just reset that password.

In any case, I'm sorry for your loss.

[hugeblack]

I've had a discussion about the same problem two days ago Exodus and Neon Wallets: “Quite Vulnerable”
This user from YouTube has proved that Exodus wallet can be hacked ("script is written using the Python programming language in the background and dumping the memory onto a notepad.")[1]

In this video, I demonstrate how unsafe it is to run cryptocurrency wallets on vulnerable PCs. Simply by having the wallet running, your private key is exposed in plaintext and can be stolen by malware in a matter of seconds.[2]
Please post transactions ID of Bitcoin, Bitcoin Cash, Litecoin, Dash, and EOS maybe someone can track hacker.

Sources:
#1 https://cryptocoremedia.com/exodus-neon-wallets-hackable/
#2 https://www.youtube.com/watch?v=VU3Zfrvsm8k&feature=youtu.be

[Joel_Jantsen]

Your problem is the Gmail account that you used. One of my friends lost 4 weeks of income from his Ethereum mining, because someone hacked his Gmail account and then changed his password for his local exchange. These webmail services are the weak link in the chain.

What the fuck does that have anything to do with OP's case ? You sure it's the gmail account ? How did the hacker take his Exodus password ? By running a theft across his memory lane ?

If you do not enable 2FA for everything you do on these services, then you are opening yourself up to hacks like this. I am very sorry to hear about your loss. You could contact your webmail provider to try and trace the computers IP address, but most of these hackers will remote to other computers that they hacked to do this. So you would be re-directed to the computer that they hacked.

Did you even cared reading the entire thread ? Just so you know,they had 2fa and their phone number was hacked.Tell him something that he doesn't know already.

OP,best bet is to post the addresses money were sent to in this thread and keep a track of wherever the money is moved.Pretty sure it will hit some exchange at some point of time and then you can contact the exchange to freeze those funds by presenting your case.

[Wind_FURY]

OP, if it's ok, can you post the transaction IDs in the thread? There is no chance for you to recover those coins, but it is fun to follow the hacker's movement, do some "community forensics" and make a conjecture on what he is trying to do next.

[Lucius]

I've had a discussion about the same problem two days ago Exodus and Neon Wallets: “Quite Vulnerable”
This user from YouTube has proved that Exodus wallet can be hacked ("script is written using the Python programming language in the background and dumping the memory onto a notepad.")[1]

In this video, I demonstrate how unsafe it is to run cryptocurrency wallets on vulnerable PCs. Simply by having the wallet running, your private key is exposed in plaintext and can be stolen by malware in a matter of seconds.[2]
Please post transactions ID of Bitcoin, Bitcoin Cash, Litecoin, Dash, and EOS maybe someone can track hacker.

Sources:
#1 https://cryptocoremedia.com/exodus-neon-wallets-hackable/
#2 https://www.youtube.com/watch?v=VU3Zfrvsm8k&feature=youtu.be

I have to admit that after I looked at the video,the way Exodus can be hacked is pretty easy even for an inexperienced hacker.Only problematic thing is how to trick user to download that bad script,and we all know how easy is to do that these days.I do not know is this vulnerability can be fixed and how much time it will take for it,but the way the OP lost all his coins and this additional vulnerability should be a big warning to all users-this is not safe wallet.

OP, if it's ok, can you post the transaction IDs in the thread? There is no chance for you to recover those coins, but it is fun to follow the hacker's movement, do some "community forensics" and make a conjecture on what he is trying to do next.

Maybe I'm mistaken, but OP has experienced a great shock and the question is in what health condition is it now-however these transactions would help for sure,especially if hacker is send coins to some exchange.

[DigitalFox]

Breaking into people's computers and data theft haven't changed much over the past couple of decades. Either OP had a trojan/keylogger or he entered his data on a phishing site. Other options are sniffing while using wi-fi in public places, etc, etc.

[bob123]

Either OP had a trojan/keylogger

The malware on OP's PC being a trojan is the most probable.

or he entered his data on a phishing site.

There is no way funds get stolen from a desktop wallet by phishing.
(I am assuming people are not dumb enough to paste their seed into an online site)

Other options are sniffing while using wi-fi in public places, etc, etc.

Sniffing is not an option in this case.
With sniffing you are listening to (or recording) the wlan traffic.
Using a public wifi with a desktop wallet installed does not imply a higher risk of losing the private keys.

[DigitalFox]

Either OP had a trojan/keylogger

The malware on OP's PC being a trojan is the most probable.

or he entered his data on a phishing site.

There is no way funds get stolen from a desktop wallet by phishing.
(I am assuming people are not dumb enough to paste their seed into an online site)

Other options are sniffing while using wi-fi in public places, etc, etc.

Sniffing is not an option in this case.
With sniffing you are listening to (or recording) the wlan traffic.
Using a public wifi with a desktop wallet installed does not imply a higher risk of losing the private keys.

Why or why people still don't understand the basics. Do you honestly believe that someone needs you to enter your seed on any phishing website in order to get compromised? No mate. A simple injection through an exploit on the page is all that's needed and voila, I now control your computer, be it via botnet, keylogger or whatever else, the rest is just details.

[Joel_Jantsen]

Why or why people still don't understand the basics. Do you honestly believe that someone needs you to enter your seed on any phishing website in order to get compromised? No mate. A simple injection through an exploit on the page is all that's needed and voila, I now control your computer, be it via botnet, keylogger or whatever else, the rest is just details.

-  It's not just basics when ethical hacking is involved.
-  What page ? Which exploit ? What if OP never opened their browser ? How did the payload got injected in his computer ?
-  BotNet really ? I hope you have a fair idea of what you're talking.Keylogger,yes.There are higher chances of getting his account compromised though a keylogger in this case.

[bob123]

or he entered his data on a phishing site.

There is no way funds get stolen from a desktop wallet by phishing.
(I am assuming people are not dumb enough to paste their seed into an online site)

Why or why people still don't understand the basics. Do you honestly believe that someone needs you to enter your seed on any phishing website in order to get compromised? No mate. A simple injection through an exploit on the page is all that's needed and voila, I now control your computer, be it via botnet, keylogger or whatever else, the rest is just details.

A phishing site does one thing: Phising.
This has NOTHING to do with any exploits/malware at all.

I'd suggest you to read this wikipedia page about phishing before trying to correct people with your wrong interpretations.

I now control your computer, be it via botnet, keylogger or whatever else, the rest is just details.

You can't 'control' a computer via a keylogger.
Controlling an PC implies access to this PC (full control = root access).

A keylogger just captures keystrokes + transmits them via the internet.
Additionally a bot net does not control your PC. Your PC will eventually get a part of a botnet.
The machine inside a botnet is usually controlled by a C&C server.


You obviously seems to lack the basic knowledge regarding security in IT system. I'd suggest you read a few books before commenting on that topic.

[HCP]

or he entered his data on a phishing site.

There is no way funds get stolen from a desktop wallet by phishing.
(I am assuming people are not dumb enough to paste their seed into an online site)

Sadly, that is a demonstrably false assumption... given how many people lost funds while attempting to claim Bitcoin Gold (and other forks) by pasting their seeds into a website