Exodus Wallet Funds Gone

So I logged into my Exodus wallet today and found I lost ALL my crypto.

I have contacted Exodus and they just claim it is my fault because somehow I had given someone access to my wallet which I know I have not.

My xrp went to this wallet rayMho2Pg4DBBbYGtX3qdbJxwK6uwgqCCe transaction ID 76B96568D53C257D0539567EFDDE10A0786E2846AD427F20B16DB4951DB10513

My BTC went to this wallet 19tVbsJERhhqtmrxfybBHmqEPrnvL1pXb3 transaction ID
fd9e83fa7d739dfac5a00cbb30b0e8e36ed18fd25297268bf29f183ffa05a70c

Although I know I am never going to get those coins back I believe its important to get the message out there that these wallets claiming 100% security is not 100% safe. When you look into it lots of people have this same problem, but not enough to make a big enough noise for people to take note.

I know people are going to say malware/key-logger. However I have virus scanners and all is clean. I only ever used the 12 word when installing on my phone and not even looked at them since then I have it printed off.

The craziest thing I did this because of not your keys not your crypto and it is not as simple as that. If I had kept my coins on Binance I would still have them now because Binance used 2FA.

Sorry this happened to you, keep us posted if you have any updates of how it happened. Exodus is not open source is it? I’ve used it before but it’s always hard to trust if they cannot prove it’s 100% safe

So let me say, I’m sorry this occurred to you. I have followed all of your addies and TX ID’s . I see the value and what is occurring.

I also see the issue. Exodus is a private server that runs a Multi-Wallet. The 12 word seed phrase Exodus provides you is to their Private Blockchain that represent your entire account, not a specific wallet or address on your Multi-wallet. Exodus servers, behind the scenes, make wallet accounts for each crypto they hold. They collect all the Seed Phrases for each wallet type, then hide all that info behind the Seed Phrase they give you, which represent every wallet on your Exodus account.

“I only ever used the 12 word when installing on my phone and not even looked at them since then I have it printed off.”

What program or wallet on your phone did you enter the 12 word seed phrase into? Trust Wallet? Trust wallet is 100% compromised. Trust wallet emails all seed phrases and passwords to the Phantom Wallet Hacker. This is why Binance abandoned Trust wallet and pretends they never supported or made it.

I may just be speculating that you use Trust wallet. But in either case. Your Exodus Seed phrase is to your entire Exodus wallet. So what the hacker did is enter your Seed Phrase into a Recovery Mode Exodus wallet. On the XRP blockchain, I see the IP address’s change, from your computer to theirs before they stole your funds. This tells me they “recovered” your exodus wallet on another computer.

I’m unsure what to recommend. Let this be a lesson to our community to make sure your wallet game is top notch. Many angles of crypto can be glanced over, but wallets need to be 10,000% understood.

I think its important that people know about this. Exodus claim they have 100% security however the only person who knew my seed phrase was me. My family don’t even know what a seed phrase is let alone how to use one. Yes they did try to go that route at one point with me. I think there is something more to this as more people are saying they have had the same thing happen to them.

I tried e-mailing Exodus who said it was my fault. However I have virus scanners installed. My network is run through a ubiquity dream machine pro with threat detection turned on did not detect anything.

I only log onto redit, youtube and stackoverflow. I do not even read my e-mails let alone click on links that might be suspicious. Especially on the day the coins where removed.

I used the Exodus app on my phone and on my computer. The only places I have ever used a seed phrase.

Now dont get me wrong if malware did get onto my computer then how would the malware be able to get to the 12 seed phrase if it is so well protected. Also if the malware is designed to get the seed phrase then wouldn’t that indicate that the wallet is not safe. I have other financial products on my computer no ones attempted to get into them.

The people at Exodus bragged about there 100,000 bug hunt. I said if I was a hacker who had found a way to access the seed phrase I wouldn’t take allot at once I would drip feed funds from accounts just like they appear to be doing. They made 1000 of me yesterday. If they do that a week they have a nice income.

Anyway people be careful. Its one thing losing your crypto because it was on an exchange and they have done something wrong, but to wake up to is gone because someone hacked you and you don’t know why, or how is a bad feeling because you don’t know who to blame. I don’t think I will be going back in crypto because all I can imagine now is what if it was 100,000 I lost.

What’s the source on the trust wallet compromise or where I can research that further? When I do some quick googling I mainly just find the binance $4m article & the 170k vulnerability they had with the trust wallet chrome extension?

I’m going to explain the version I remember by being there. And then link what can be proven. A giant issue here is Binance owns most crypto news, including being buddies with google. Binance quickly deleted all partnership references to Trust once problems started. They also deleted any crypto news stories making links that might point blame at them.
Here’s a good example of the shenanigans, when I google “who owns Trust wallet”

trust2707×163 21.9 KB

TrustOwner693×213 15.8 KB

So right there, on one results page, google tells 2 different stories.
Trust wallet used to be a promoted icon/link on top of even a Binance trading window, they pushed it, now barely even admit they once associated with it.

So, Around late 2021, November 18th likely, the Phantom code was started on the Solona blockchain. Around January 2022, the group of nerds I chat with started questioning why the Solona Phantom wallet creation passed code through 2 Smart Contracts, but we just kind of assumed it was owned by Phantom or Solona and maybe it was “just the way they do it”.

The first Phantom wallets started getting cleaned out in March and April of 2022. Then all the sudden the attacks stopped. < I can’t find any news stories to back this, but being in a crypto club, I was the guy they came to first to seek help, I saw TX ID’s and everything my friends lost, they gave me their seed phrases (it didn’t matter at that point) They lost SOL ERC and BEP on Trust Cell Wallets, 2 people I know.
Then in late June/July 2022 the first reports came out (on twitter) that Trust Cell Phone wallets were getting drained of all SOL assets and some ERC and BEP/BNB tokens (now also called BSC, in some cases), mainly the ETH itself. And only Trust Cell Phone wallets that had over $40 worth of crypto. Then in late July to early August 2022, it started for real’s. The hackers no longer hit a wallet at a time and instead hit hundred and thousands at once.
This is where all the news stories pick up.
Before the big real hack started, I read an article (can’t find it) that explained how Trust wallet used Phantom wallet code to update Trust wallets to be able to hold SOL alt-tokens and later SOL NFT’s.

So here is an article of a Trust Wallet Dev suggesting Users enter their Trust Wallet Seed Phrases into Solflare and Phantom wallets to recover SOL NFT’s. Specifically he say’s "import your wallet to the wallet that supports Solana NFTs ", but I can only imagine most people assume that means Seed Phrase, because that is exactly what most users did.

That is the true link from the Phantom wallet Hack to Trust cell Phone wallets. The Dev’s told people to enter the "recovery Keys " or “import your wallet” to other wallets, specifically Phantom. The Phantom hacker then had Seed Phrases to Trust cell Wallets.

I also remember an article (can’t find it) that explained how Administrator permissions must have been compromised on the cell phones based on how the wallets were getting drained. The hackers seemed to remote control wallets, instead of re-creating the wallets before they drained.

I do point out , no news hints or even names Binance, Apple or Android (via app store and google play). All 3 of those were at the center of the hacks but all 3 are conspiracy giants. It’s a tough topic when a problem involves those guys, they control the news that links to them being at fault or not.

Below is just link that point to little facts.

^ “The attack has compromised other wallets including Phantom, Slope and TrustWallet.”

And here is another reference to Trust wallets.(below)

Here’s an article trying to understand why Cell Phone Trust wallets are specifically being hit.(they don’t understand what’s occurring at this point) (below)

This article starts to nail down the exact issue, in the section the call " Part I. Solana Exploit" (below)
They start to explain how a sentry service started to affect Android and Apple Operating Systems.
https://foresightnews.pro/article/detail/11051

This article explains how Phantom code has in-exchange enabled. This “in-exchange” feature is part of how the Phantom Hackers could drain a Trust Cell phone wallet of ERC and BEP/BNB assets. By swapping it to SOL Network Tokens, before cleaning the Trust wallets out. The swap was somehow enabled by Smart Contracts on both the SOL and ERC networks, then piggy backed ERC onto BEP/BNB.

Overall the Phantom Hack is like an S.T.D at an orgy. Every wallet and address to touch it goes downhill.
Binance and Trust blame SOL. SOL blames Phantom. Phantom blames Slope. The Hack occurred upon Phantom wallet creation after Nov. 18th 2021 . It was most likely Phantom Code itself. They claim to have fixed it, but no one tells who or how, which makes me wonder if they even know or are just faking the funk and instead rolled back the SOL code to pre-Nov 18, 2021 (while re-writing the parts to integrate SOL NFT’s).

So glad to have you in this forum. Great work. Going to take me two hours to get through all this .

Unless vosk summarizes it all for me in a video…

He almost can’t touch it with a 10 foot pole, publicly.

God forbid he somehow ties Binance, Google Play or App store to the mix. It’s such a big topic, high odds some of VoskCoin supporters/partners might be negatively effected.

The whole topic is just too negative, at a point mud will start being slung while trying to explain how, why or what. Last thing any of the effected tokens and groups want is for someone as influential as Vosk to even mention them in the topic.

Our Champ Vosk, is Mr. Positive. I remember each time Vosk makes a frown’y face in his video’s, it carries weight. If Vosk isn’t for something, most of us aren’t, simply because, lol. That’s a dangerous power he wields , hehehe. (sorry to talk about you in third person Vosk, haha, you’re an Icon at this point, plebs like me aren’t allowed to talk directly to your class

Hello Bitterpill , I would like to ask a couple questions and talk a couple point’s I’ve discovered.

I do not want to add insult to injury. If this whole topic infuriates you and you’d rather not reply, I understand.

I want to start by addressing the Bullshhh I found in Exodus’s own recommendations.

Starting here, Sync’ing Exodus wallets, The way they recommend.

I very quickly realize they have different rules for Syncing Desktop, Mobile, Web3 and app based.

Desktop to Mobile
or
Mobile to Desktop
Requires a generated QR code

Desktop to Desktop
Desktop to Hardware
Desktop to Web3
Desktop to App
Require a 12 word seed phrase.

The defining point here is Your Home Network.
All Wallets that use a 12 word Seed Phrase Sync are contained within 1 customers home network(s) and behind their firewall or security features.

When that information is shared between Your Home Network and a Cellular/Mobile device, that information passes through numerous public servers and lands on the security of the Cellular Company, Who offers Zero reassurance , from an app you got from Exoduses website and not the APP or Play store’s. (maybe you did get it from play store) And even if you got the App from Play Store, they have little obligations to protect end users on Apps.

So when we look at Exoduses recommended Syncing for
Mobile to Mobile
Mobile to Desktop
or
Desktop to Mobile

Basically anything Mobile or leaving Your home network, requires a QR code that further encrypts your 12 word seed phrase. To hide it from the WWW that might be able to view the info.

If the wallet sharing is within your home network, Exodus recommends using a 12 word seed phrase.

You said you used a 12 word seed phrase to sync your mobile wallet. I’m guessing Exodus knows this is the exact breaking point that leads them to wash their hands of You and pass the blame to you.

So-
Did you use the QR code for Desktop to Mobile Sync’ing?
When did you put this on your Mobile device? (was it the day before the hack?)
Did you get the Exodus Mobile wallet from App or Play store?
Did you go to Exodus.com and follow the directions they give to Sync your wallets?
What other wallets do you have on your Mobile Device? Any other crypto wallets?(even ones you downloaded and deleted, that left Data behind on your mobile phones registry editor.)
Did your phone ever, have a Trust wallet installed? Or a Bread Wallet? In the past.

All in all, The cellular or mobile device seems like the issue. Your home network (as you say it) seems rather protected, above normal standards.
Then Exodus has known exposures, like forcing users to use an encrypted QR code, in some cases. Then allowing a 12 word seed phrase in other cases.

No where on their ‘How To’ do they even mention known vulnerabilities over the WWW or various device types.

I do intend to confront Exodus about this. It is immoral to create and distribute corrupted or exposed code, when the only reason is profits. I really feel this “different ways of syncing devices” is bullshhh.
And Yeah, crypto has lots of little rules and by-laws, but this is just BS lazy coders.

This is why they do the ‘generated QR code’ , because they know their algorithm can be listened in on and exposed. To an extent, on the open cellular network or various servers as a Dapp passes through.

If they try to fix this issue, they may be legally culpable to people like You. So instead they allow the issues to continue so they can just blame Users for not following their confusing directions that are extremely particular, case to case.

Assuming someone with Trust wallet does not sync their wallet to the above places in question, is there still a possible compromise within the Trust wallet?

That is a very touchy subject, in current crypto. I’ll kind of say what Trust has said , and I’ll share my own opinion.

Trust acknowledges that the hack occurred, to the point of paying some users/customers back crypto assets (that were still contained on the ERC and BEP networks).
The fact that those 2 networks could be contained, also tells us the hack spread onto the ERC and BEP networks.
Trust does blame Phantom and SOL.
Trust now claims all issues have been resolved, but Binance used to promote Trust and has now washed themselves clean of Trust wallet. (but they still own it)

^ all of that can be easily confirmed on a google web search of the topic.

Now for opinion.
Examining “what is a multi-wallet (Trust)”. Trust runs a Giant Blockchain Network, Centralized. Inside this Centralized Blockchain Server (the giant programs) are tons of CLI wallets that connect to the respective networks while creating then service wallets of those respective Blockchains and networks, to be able to offer those wallets on a Users Dapp wallet.

So the Trust Blockchain Network connects to every network they offer wallets for. All those network connections get bottled into 1 signal sent to your Dapp wallet. So if you , on Your Trust Dapp wallet want to send Ethereum. As you open up the send functions on Your Trust wallet, you connect to the Trust Network Blockchain Server, that then connects to the ERC/Ethereum Blockchain to transmit your transaction onto that Blockchain Network (the ERC).

So somehow SOL Phantom Hack wormed its way onto the Trust Network Blockchain Servers. Either starting at SOL’s Blockchain then to the Trust Blockchain, Or from a Dapp user entering their Trust or Phantom Seed Phrase into the other wallet. Publicly no one tells for sure which way the virus wormed its way in.

So once the Virus (Phantom Hack) was on the Trust Blockchain Servers, It was able to connect a Smart Contract to SOL network, that utilized the ERC’s EVM (Electronic Virtual Machine Or Ethereum Virtual Machine). When they utilized the EVM, they then connected a Smart Contract onto the ERC CLI inside Trust (the program used to create ERC/Ethereum wallets). ERC host BEP , so the hack then spread to BEP Tokens also.

ERC Network was the first to acknowledge the problem when they found that Smart Contract attached, by proxy of Trust Servers, to the ERC Network. ERC then Froze all ERC and BEP accounts associated with Trust wallets and began the investigation. ERC told Trust, they were being hacked. Of course , Trust being owned by Binance, and then Binance being ERC’s #1 friend, and then Binance owning BEP network (hosted by their friend at ERC) makes this a big ball of insider wax.

Binance ran for the hills.

So they will not tell us what really happened, while also claiming they fixed it, when everyone knows something is still very wrong.

I absolutely hate bashing on Crypto folks, I love them all… but…

In my core group of crypto traders, in many open chats, We unanimously agreed, screw Trust. the risk is too great. In fact the risk with all Cell Wallets and Multi-wallets is too great. If a person has a few thousand dollars in BTC, Run the real BTC supported wallets. Not a second or 3rd party app. Dapps and Dapp wallets are tricky. Why? is the big question. Until retail starts accepting crypto on the spot for purchases, why carry your wallet on your phone?

Overall this is a touchy topic. Maybe a person doesn’t have a computer and they only use their Trust wallet to connect and trade on PancakeSwap for BEP and ERC tokens (BEP, BSC, ERC, BNB, BEP1-19). In that case , it’s probably safe, because ERC has their network users back, if caught fast enough. When the AXIE hack occurred around Oct 2021, ERC and BEP just went on the Network Blockchain and just took the AXIE straight out of the thieves wallets, then robbed the thieves and any wallet they had connected to ERC and BEP assets.
So as long as we are only talking about trading ERC and BEP tokens on that Trust Dapp wallet to PanCakeSwap and Binance/Coinbase/Kucoin, then it should be Ok as ERC security overrides Trust (Trust being a 3rd party Dapp).

When I told that to friends who only trade BEP/ERc tokens they simply replied “yeah whatever , FF that, I’ll stick with Metamask, Coinbase wallet or Binance wallet”

If you don’t know about Google Chrome Extension Wallets, be cautious. I’m not trying to throw you into open waters. It is worth exploring and learning about, but nothing is the “go to solution”. Todays ‘super-solid’ is tomorrows ‘wild-fire’.

So to answer your question after typing a high school essay, I’d say Yes, the possibility you get compromised is still a possibility. Time to use your back-up wallet that you’ve created incase some stuff like this arises.