I've been scammed!
What to do if you've been hacked or scammed
If you are the victim of a crime, it is vital that you report it to your local police department as soon as possible. They will have the resources, the expertise and experience necessary to conduct a thorough investigation into your case and determine what the best course of action is to recover your funds.
Some countries have a special "cyber crime" or "financial crime" unit that you can report crimes to as well. Your local police will provide you with all of your options.
Frequently asked questions
Can Xaman conduct its own investigation?
Xaman is not part of any governmental law enforcement agency and as such, we do not have the authority to conduct a criminal investigation. As well, we can not interfere in police investigations. If the police require our assistance, the will contact us.
My police department doesn't know anything about crypto scams
Investigating criminal matters, which now includes crypto and blockchain crimes, is one of the primary responsibilities of law enforcement. In most countries around the world, the local police departments are getting better when it comes to investigating cyber crimes. If there is any chance in recovering your funds, the police will need to be involved.
Why can't Xaman just reverse the transactions and get my funds back?
Transactions on the XRP Ledger can not be reversed, blocked or "undone". (The XRPL does not have any administrative functions built into it, so there is no way for Xaman or anyone else to modify or change a completed transaction.)
Why can't I just change my 6 digit passcode or my signing password?
The 6 digit passcode is used to access the Xaman app and in some cases, sign transactions in Xaman. It is not used to access your XRPL account. (That's what the secret numbers are for.) Changing your passcode has no effect on your secret numbers.
The same applies to your signing password. Both the passcode and the sign password are LOCAL security measures to protect your secret numbers locally on your phone. They do not prevent someone from accessing your account if they have your secret numbers.
What else should I do?
After you have contacted the police, you should consider doing the following:
Consider re-keying your account and disabling the master key for the compromised account. If you do this, it will prevent the scammers from accessing your account again.
If re-keying looks too complicated, you can alternatively create a new account, then move your remaining funds over to your new account then delete your compromised account. Here is the link to the articles that explain how to do this: How to create a new XRP Ledger account using Xumm How to delete your XRP Ledger account
Once your account / funds are secure again, try to think of ways your account secret could have been compromised. Have you shared it with someone? Was it stored on a cloud account? On your PC? Mobile device? Have you entered your account secret someplace? A google form? A crypto wallet? Website? Airdrop? If you can't think of anything, there is a good chance your mobile device has been hacked. At this point we strongly recommend you consider wiping your phone and start reinstalling applications one at a time. Do not restore from backup! Without knowing how your phone was compromised, restoring from backup could be dangerous.
Apple
Android
For instructions on how to wipe your Android phone, contact your phone manufacturer.
Moving forward
We take security VERY seriously.
If you have found yourself in this situation, you should consider the following suggestions moving forward:
Xumm (Tangem) cards - these cards are an excellent way to take the security of your XRPL account to the next level. You can learn how here:
Review the following article and consider how you plan to interact with the XRP Ledger in the future.
Summary
Contact your local police immediately if you are the victim of a crime.
Either re-key the account or
Create a new account and move your assets over to the new account
Note: Be advised, Trust Lines will have to be duplicated (temporarily) in the new account until they can be removed from the old account requiring enough XRP to cover reserves for two sets of trustlines until the move is complete.
Last updated