Xaman Help Center
English
English
  • Welcome to the Xaman Help Center!
  • Getting started with Xaman
    • 💙Understanding the Xaman Service Fee
    • 🎉Xaman 4.0
    • How to create a RLUSD Trust Line
    • 💸What is Xaman?
      • Understanding Self custody
      • Where are your funds stored?
      • Xaman & natural disasters
      • Common misconceptions
    • Installing Xaman
    • Your first XRP Ledger account
      • How to create an XRP Ledger account
    • Activating an account (XRPL)
      • From GateHub
      • From Uphold
      • From Kraken
      • From Crypto.Com
      • From Coinbase
      • From Kucoin
      • From Binance
      • From Bitrue
      • From Bitstamp
    • Importing your account (XRPL)
      • Should I import my XRP Ledger account into Xaman?
      • ...with Secret Numbers
      • ...with a Family Seed
      • ...with a Mnemonic
      • ...a Xaman card
      • ...in Read Only mode
      • How to import an XRP Ledger account from a hardware wallet
    • Buying XRP
      • Banxa
      • BTC Direct
      • Guardarian
      • Topper
      • C14
      • Xaman On/Off Ramp
    • Sending tokens to Xaman
    • Sending XRP to Xaman
    • Sending tokens from Xaman
    • Sending XRP to Moonpay
    • How to convert a Read only account to Full Access
    • Deposit to Exchange Didn’t Arrive
    • Can Xaman reverse, freeze or undo a transaction?
    • Can I view/export my account secret?
    • I've lost my account secret!
    • Accessing your XRP Ledger account
    • General Terms and definitions
    • How to create a Trust Line
    • How to test your Account Secret
    • How to Rekey an XRP Ledger (XRPL) Account
    • How to disable the Master key
    • How to enable the Master Key
    • How to configure biometrics
    • Displaying XRP value
    • How to migrate from Toast Wallet to Xaman
    • Why adding / generating & confirming "Secret Numbers" is not user friendly
    • Page 1
  • Learning more about Xaman
    • 📱Got a new phone?
    • 🪙Supported tokens
    • Adding an Icon/Logo to a Trust Line in Xaman
    • Cashing out your XRP
    • Cashing out with GateHub
    • Adding Euro tokens via GateHub
    • Xaman & the Flare network
    • Xaman & AMM
    • Xaman & Fractal ID
    • Spam on the XRP Ledger
    • How to set the currency
    • How to change your Email Address
    • KYC
    • xApp Publishing
    • How to Get a Token Added to the Xaman Short List
    • Destination tags
    • How to recover a Casinocoin (CSC) account
    • GateHub’s issued tokens
    • How to send SGB to BiFrost
    • Taxes and your XRPL/Xahau accounts
    • How to reset the 6 digit passcode
    • Resetting the (account) signing password
    • Deleting an XRPL account
    • Official communication channels
    • NFTs
      • NFT Burn Process
    • Does Xaman offer Staking?
    • I've been scammed!
    • How to take a screenshot
    • Moving your XRPL account to another wallet
    • Feeling Generous?
    • How to access Testnet on XRP Ledger
  • Configuring Xaman
    • Understanding the Settings Options
      • How to take a screenshot
      • Events screen
      • Security screen
      • How to post a Session Log
      • Third party apps
  • XAMAN (TANGEM) CARDS
    • All about Xaman (Tangem) cards
    • Getting started with your new cards 🤗
    • How to configure a backup signing account
    • Creating a pin on your card
    • Best Security Practices Using the Xaman (Tangem) Cards
    • Lost or damaged cards
    • How safe is a card?
    • How to link an existing account to a Xaman card
  • ALL ABOUT XAPPS
    • Xaman xApps
      • Account Worth
      • Account Merge
      • Vanity Address xApp
      • Get Cards
      • DEX Trade
        • The price difference between selling and buying is too high
      • Path Finding
      • Xumm Pro Beta
      • Buy/Sell XRP
    • XRPL Services
      • Token Trasher
        • How to remove a Trust Line
        • How to get rid of tokens
      • Escrow creator
        • How to release an escrow
      • Token creator
      • Xahau Import
    • XRP Community
      • Trust in the XRPL Community
      • CasinoCoin Lobby
      • XRP Ledger TipBot
      • UniSpend
      • Transaction Exporter
      • Gatehub Trade
      • Stably xApp
    • Xahau xApps
      • Balance Adjustment
      • XAH Teleport
      • Voucher
  • Xaman Pro
    • 😎What is Xaman Pro?
    • How to subscribe to Xaman Pro
    • Features of Pro
      • Profiles
        • All about Profiles
        • What is PayString?
        • Setting up your Xaman Profile
      • Push notifications
      • Accounts
      • Xaman App early access
      • Free Tangem Card
      • Premium Support
      • Vanity addresses
  • Security and Xaman
    • All About Security
      • How secure is Xaman?
      • Has Xaman been audited?
      • Upgrading your encryption
      • Xaman (Tangem) Cards
      • 2FA and Xaman
      • Account present on another device
      • Quantum Attacks and Xaman
  • XRP Ledger resources
    • XRP Ledger Concepts
      • Video: Reserves and Fees on the XRPL
      • About Reserves
      • Payment Channels
      • Multi Signature
      • Understanding fiat currencies
  • Release notes
    • Current release
    • Previous releases
      • 😎Updating to Xaman v2.8.2!
      • Xaman v2.8
      • Xaman v2.6 (Formerly Xumm)
      • Xumm v2.5
      • 🥳Updating to Xumm v2.5!
      • Updating to Xumm v2.4
      • Xumm v2.4
      • Xumm v2.3.1
      • Xumm v2.3.0
      • Xumm v2.2.8
      • Xumm v2.2.6
      • Xumm v2.2.5
      • Xumm v2.2.3 / v2.2.4
      • Xumm v2.21
      • Xumm v2.0
      • Xumm v1.0.0
      • Xumm v0.6.0
      • Xumm v0.5.2
      • Xumm v0.5.1
  • About Xaman & XRPL Labs
    • About XRPL Labs
    • 👨‍👩‍👧‍👧The XRPL Labs/Xaman team
      • 📺Team: Ali, Satish & Koen
      • 📺Team: Richard & Tristan
      • 📺Team: Chris & Alex
      • 📺Team: Tom & Kevin
      • 📺Team: Dominique & Dirk Jan
      • 📺Team: Patrick & Will
      • 📺Team: Mai
      • 📺Team: Denis & Robert
    • Xaman vs. Ripple
    • Privacy Statement
    • Terms of Service
    • Responsible Disclosure Policy
    • Switching from Ledger to Xaman
  • Xahau
    • Activating a Xahau account
      • Activating an XRPL account on Xahau
      • Activating a Xumm card account on Xahau
      • Activating a Vanity Account on Xahau
      • How to send XAH from GateHub
      • How to send XAH from Bitrue
      • Via another Xahau account
    • Understanding the XAH token on the XRP Ledger
    • Understanding Reserves on Xahau
    • Understanding Trust Lines on Xahau
    • How to create a XAH Trust Line in your XRPL account
    • How to create a Trust Line (Xahau)
    • How to create an Evernode Trust Line
    • How to trade XAH coins
    • How to Rekey a Xahau account
    • How to trade Evernode (Evr) tokens
    • How to send XAH to GateHub
      • How to send XAH Tokens to GateHub - Hosted account
      • How to send XAH Tokens to GateHub - Self Custodial account
      • How to send XAH coins to GateHub - Hosted account
      • How to send XAH coins to Gatehub - Self Custodial account
Powered by GitBook
On this page
  • Situation
  • Explanation
  • Older versions of Xumm
  • Which device is connecting to my account?
  • Take this warning seriously!
  • Dealing with a compromised phone

Was this helpful?

Export as PDF
  1. Security and Xaman
  2. All About Security

Account present on another device

Account present on another device. Your XRPL account has been added to another device

Previous2FA and XamanNextQuantum Attacks and Xaman

Last updated 1 year ago

Was this helpful?

Situation

You have just received the following message in Xaman:

Explanation

This message is triggered when:

1) You install Xaman on a new phone and import your existing account secret for the first time.

2) Someone else imports your account secret into Xaman on their phone for the first time.

Older versions of Xumm

For older versions of Xumm, when an account tries to reach out to our backend servers to interact with the XRP Ledger via an xApp or a sign request, it would trigger an automated push notification and deliver the above message.

Normally the account had been installed on two devices and one of those devices had just recently been used. (E.g. a second smartphone, or tablet)

Which device is connecting to my account?

Xaman is not able to determine who has imported your account. It is only able to determine that an account has been installed on a different device. Since Xaman does not keep track of personal information, there is no way of knowing who imported it, where the device is located or what kind of device it was installed on.

Take this warning seriously!

Our goal here is to warn you that something is possibly wrong with your account and your mobile device. This is not something that just happens. This section only applies if this message is unexpected and you didn't import your account on a new or replaced device.

If you have not imported your account on a new/replacement device, it is possible that your entire device could be compromised, (user names, passwords, account information, etc.) and could be at risk. If there is even a chance of this, it is time to act immediately.

Move your funds out of your XRPL account immediately!

  • If you have a Xumm (Tangem) account, move your funds to this account. The account secret is stored on the card and as long as you have configured it correctly, your account can not be accessed without physical access to your cards. (Primary and Signing)

  • If do not have a Xumm (Tangem) account but you have an exchange account, it might make sense to temporarily move your funds there.

  • If do not have a Xumm (Tangem) account but you have an hardware wallet, it might make sense to move your funds there. (Although some hardware wallets are less secure than exchange accounts.)

Dealing with a compromised phone

Once your funds have been moved to a safe location, you need to consider if/how your phone was compromised. Things like:

  • Have you recently updated your phone? The operating system?

  • Have you recently installed a new application on your phone?

  • Have you recently updated any applications on your phone?

  • Have you recently visited "questionable" website?

  • Have you recently installed any web extensions?

  • Have you recently downloaded any files to your phone?

  • Have you entered your account secret into a web form? Into another wallet? Into a website?

  • Have you stored your account secret on your computer? On your phone? On the internet?

  • Have you given your account secret to anyone?

It is highly recommended that your take the necessary steps to make sure your mobile device is secure before you continue. Having a secure phone is vital before moving funds back into self-custody. For more information about this, check out this article:

If you can not figure out how your account might have been compromised, it is a good idea to create a new XRP Ledger account then transfer your assets to your new account. This way, you will get a new set of secret numbers and you can ensure no one else has access to them.

This article explains how to create a new XRP Ledger account using Xaman:

If do not have a Xumm (Tangem) account, you could consider your account then

re-keying
disabling the master key
Cover

How secure is Xumm?

Cover

How to create an XRPL account