I've been scammed!
What to do if you've been hacked or scammed
If you are the victim of a crime, it is vital that you report it to your local police department as soon as possible. They will have the resources, the expertise and experience necessary to conduct a thorough investigation into your case and determine what the best course of action is to recover your funds.
Some countries have a special "cyber crime" or "financial crime" units that you can report crimes to as well. Your local police should provide you with all of your options.
Frequently asked questions
Can Xaman conduct its own investigation?
Xaman is not part of any governmental law enforcement agency nor we do not have the legal authority to conduct a criminal investigation. As well, we are not permitted to interfere in police investigations.
If the police require our assistance, the will contact us.
My police department doesn't know anything about crypto scams
Investigating criminal matters, which now includes crypto and blockchain crimes, is one of the primary responsibilities of law enforcement. In most countries around the world, the local police departments are getting better when it comes to investigating cyber crimes. (After all, blockchain has been around for over 15 years now.) If there is any chance in recovering your funds, the police will need to be involved.
Why can't Xaman just reverse the transactions and get my funds back?
Transactions on the XRP Ledger can not be reversed, blocked or "undone" and the XRPL does not have any administrative functions built into it, so there is no way for Xaman or anyone else to modify or change a completed transaction. All transactions on the XRPL are permanent.
Why can't I just change my 6 digit passcode or my signing password?
The 6 digit passcode is used to access the Xaman app and in some cases, sign transactions in Xaman. It is not used to access your XRPL account. (That's what the secret numbers are for.) Changing your passcode has no effect on your secret numbers.
The same applies to your signing password. Both the passcode and the sign password are LOCAL security measures to protect your secret numbers locally on your phone. They do not prevent someone from accessing your account if they have your secret numbers.
What else should I do?
After you have contacted the police, explain exactly what happened which lead up to this situation. They might need access to your phone and your internet history so you should be prepared to surrender your mobile device and your internet records if required.
Consider re-keying your account and disabling the master key for the compromised account. If you do this, it will prevent the scammers from accessing your account again.
If re-keying looks too complicated, you can alternatively create a new account, then move your remaining funds over to your new account then delete your compromised account. Here is the link to the articles that explain how to do this: How to create a new XRP Ledger account using Xumm How to delete your XRP Ledger account
Try to think of ways your account secret could have been compromised.
Have you ever shared your private key it with anyone?
Was your private key stored on a cloud account or somewhere else online?
Was you private key stored on your PC? Mobile device?
Have you ever entered your private key into a Google form?
Have you ever entered your private key into another crypto wallet service?
Have you ever entered your private key into a Website?
Has your phone ever been in for servicing or repairs?
Do you use public wifi?
If none of these apply to your situation, there is a good chance that your mobile device has been hacked. At this point we strongly recommend you consider wiping your phone and start reinstalling applications one at a time. Do not restore from backup! Without knowing how your phone was compromised, restoring from backup could be dangerous.
Apple
Android
For instructions on how to wipe your Android phone, contact your phone manufacturer.
Moving forward
We take security VERY seriously.
If you have found yourself in this situation, you should consider the following suggestions moving forward:
Xaman (Tangem) cards - these cards are an excellent way to take the security of your XRPL account to the next level. You can learn more about them here:
Review the following article and consider how you plan to interact with the XRP Ledger in the future.
Summary
Contact your local police immediately if you are the victim of a crime.
Either re-key the account or
Create a new account and move your assets over to the new account
Note: Be advised, Trust Lines will have to be duplicated (temporarily) in the new account until they can be removed from the old account requiring enough XRP to cover reserves for two sets of Trust Lines until the move is complete.
Last updated