Account present on another device
Account present on another device. Your XRPL account has been added to another device
Situation
You have just received the following message in Xaman:
Explanation
This message is triggered when:
1) You install Xaman on a new phone and import your existing account secret for the first time.
2) Someone else imports your account secret into Xaman on their phone for the first time.
Older versions of Xumm
For older versions of Xumm, when an account tries to reach out to our backend servers to interact with the XRP Ledger via an xApp or a sign request, it would trigger an automated push notification and deliver the above message.
Normally the account had been installed on two devices and one of those devices had just recently been used. (E.g. a second smartphone, or tablet)
Which device is connecting to my account?
Xaman is not able to determine who has imported your account. It is only able to determine that an account has been installed on a different device. Since Xaman does not keep track of personal information, there is no way of knowing who imported it, where the device is located or what kind of device it was installed on.
Take this warning seriously!
Our goal here is to warn you that something is possibly wrong with your account and your mobile device. This is not something that just happens. This section only applies if this message is unexpected and you didn't import your account on a new or replaced device.
If you have not imported your account on a new/replacement device, it is possible that your entire device could be compromised, (user names, passwords, account information, etc.) and could be at risk. If there is even a chance of this, it is time to act immediately.
Move your funds out of your XRPL account immediately!
If you have a Xumm (Tangem) account, move your funds to this account. The account secret is stored on the card and as long as you have configured it correctly, your account can not be accessed without physical access to your cards. (Primary and Signing)
If do not have a Xumm (Tangem) account but you have an exchange account, it might make sense to temporarily move your funds there.
If do not have a Xumm (Tangem) account but you have an hardware wallet, it might make sense to move your funds there. (Although some hardware wallets are less secure than exchange accounts.)
If do not have a Xumm (Tangem) account, you could consider re-keying your account then disabling the master key
Dealing with a compromised phone
Once your funds have been moved to a safe location, you need to consider if/how your phone was compromised. Things like:
Have you recently updated your phone? The operating system?
Have you recently installed a new application on your phone?
Have you recently updated any applications on your phone?
Have you recently visited "questionable" website?
Have you recently installed any web extensions?
Have you recently downloaded any files to your phone?
Have you entered your account secret into a web form? Into another wallet? Into a website?
Have you stored your account secret on your computer? On your phone? On the internet?
Have you given your account secret to anyone?
It is highly recommended that your take the necessary steps to make sure your mobile device is secure before you continue. Having a secure phone is vital before moving funds back into self-custody. For more information about this, check out this article:
If you can not figure out how your account might have been compromised, it is a good idea to create a new XRP Ledger account then transfer your assets to your new account. This way, you will get a new set of secret numbers and you can ensure no one else has access to them.
This article explains how to create a new XRP Ledger account using Xaman:
Last updated