My NNS has been stolen,Please help me

I just want to say I’m eager to get this resolved as well, imagining if it happened to me.

Just to clarify, you had two yubikeys and a seed phrase, and none of them work anymore for your anchor?

And it sounds like the seed phrase is a correct seed phrase, but the public key of the seed phrase does not match the public key of the identity anchor stored in the canister.

Also the yubikeys are no longer associated with that anchor in the canister.

Things seem to be pointing toward a hack, especially since every form of authentication seems to have been removed from the anchor. Or if not a hack, let’s say there were a collision on the seed phrase, the other key holder might have removed all yubikeys and changed the seed phrase? But I don’t understand how the seed phrase is for a different public key now, I might have to study II more.

No solutions, just talking. Tracking the funds is probably the next best step.



This thing about it “being a correct seed phrase but not the correct seed phrase” is causing a lot of concern.

Can you please clarify as to what it means to be “a correct seed phrase”?

(A) Are you saying that the seed phrase merely conforms to BIP39 standard?


(B) Are you saying that the seed phrase actually belongs to some other anchor?

Maybe I missed it; but not sure about where you got the impression that the seed phrase is linked to another anchor?

The likelihood of it being a hack seems to be larger than a seed phrase collision. HOWEVER if it is a seed phrase collision, we might have much bigger problems.

No need for panic! Seed phrases don’t work with internet identity like they do in something like bitcoin or ethereum.

You internet Identity simply consists of your Identity Anchor and public keys that are registered with your identity anchor.

When you use a device like a phone or yubikey the private key is stored on your device and to authenticate you sign some data. The seed phrase works the same way but is stored in plain text.

Just like you can remove devices from your Internet Identity (which removes the associated public key) you can also remove your seed phrase and generate new ones.

What I mean with correct seed phrase is indeed that that it confirms to the BIP39 standard.

1 Like

The seed phrase is apparently for a public key that is not associated with the anchor of the OP. Seems like it once was associated with the anchor of the OP, but is not anymore…I wonder if there are any public keys associated with his anchor now

1 Like

There is likely at least one key associated with this anchor.

It is possible to delete all keys associated with an anchor…in which case the anchor is lost FOREVER. iC will then “forget” this anchor…except that future anchors cannot reuse this anchor…is my understanding.

Yes, the two Yubikeys and the mnemonic words are invalid. I tested the seed phrase when I first registered to restore the account, otherwise I dare not pledge so many ICP

Hey, do you know where the proposal entry is?

Hi, I think you are the first person to ask this question on the forum. It is on the governance-canister on the manage_neuron method. A neuron can make a proposal. The proposal type can be to ExecuteNnsFunction. You can see this public-method here: Principal rrkah-fqaaa-aaaaa-aaaaq-cai | :

There are multiple nns-functions that a proposal can do, you can see the list of them and their int32-codes here: ic/governance.proto at bd3b73e075aea1cc81b23b38ccfb138ca4ab17ab · dfinity/ic · GitHub . At this time there is no specific proposal type that can transfer icp funds between accounts. The nns-function-code: 4 is the one to upgrade a canister on the nns-subnetwork. We can use that to change the ii canister if there is a bug and to change the ledger & governance canisters for a new nns-function that can transfer icp funds between some accounts if there is a successfull-vote. The payload for the nns-function: 4 is with the candid-bytes of this record: ic/ at bd3b73e075aea1cc81b23b38ccfb138ca4ab17ab · dfinity/ic · GitHub .
I will get to work writing the code on the ledger and governance canisters for the specific nns-proposal-function to transfer icp-funds and writing the scripts to set-up a proposal for the canister-upgrades. Once that is successfull, you can send a simple proposal from your own neuron to get your funds back, or someone else can do the proposal for you, maybe contact they are supposed to be helping people make proposals. There is no UI that i know of to submit new proposals, but I can write a script for you that calls the public_methods. The nns-ui doesnt give you access to your own keys of the neurons so you cant make your own custom calls on those neurons. So if you want to run a script and submit a proposal yourself then I can give you a script that will create some new keys, print your new principal’s-icp-id, then youd fund your new icp-id with some ICP, then run the script to create a new neuron, save and keep track of those ids and keys, and then call the neuron to create a proposal. (or someone might create a ui for people to create neurons and proposals). The first proposals will be to upgrade the ledger and the governance canisters for a new nns-proposal-function that can transfer icp between some accounts. Me or someone else who works on this, will put up these proposals. Also pending on what we see when we track your funds, we might have to upgrade the internet-identity-canister. Then when you have your evidence ready, you (or someone else) can put up a proposal to transfer the funds into your controll.

it says: “the DFINITY foundation is a major contributor to the internet-computer”, not the only contributor.


Thank you for your answer, which greatly encouraged me

Hi, Levi, do you speak Chinese? I have some questions to ask you

You can send me a personal message on this platform.

1 Like

Hey Xiaobing, could you add my Wechat ID@yangkun0307? Happy to help. 加我微信,我们联系一下,看看是什么问题。


For transparency, @zire is Herbert Yang, a Director at DFINITY.


Ok, thank you for your help

I just reached out to Lydia and asked her about this. She confirmed that her case is different.

1 Like

Just in, my account has been stolen, the mnemonic has been changed, and the original device has been deleted. My last hope is to launch a motion to regain control of him. Do you think it has a good chance of passing?

I would definitely support this motion; provided a solid process is defined by the community and followed. I feel that you have quite sincere and diligent in your efforts.

Whether it would pass or not would be upto the total vote of the community. Since this is the first time such a motion would be considered, I am not sure about the time frame.

As @levi mentioned, this would likely be two different proposals.

@levi : regatding the first proposal, since all of @xiaobing ICP is staked, I am not sure about what type of nns function would need to be created. I.e. THE ICP is locked. I don’t know whether you would be able to transfer the locked ICP.


First of all, thank you for your support. What I’m confused about is that there is no such process at present, and I don’t know how to launch this proposal. I hope this will be known to more people, and I hope that in the future, when someone has a similar situation, they will know clearly what to do.


I hope you can get back your account. At the same time, it is very scary if Dfinity can technically do this.
I have posted few times about this possibility where your mnemonic can be hacked and then the hacker can easily remove all your devices. Dfinity can and should provide more safety and create barriers to remove devices. A lot can be done, including a log of login in and out of your account (ip, date, time, device name, etc) so the real owner would know someone else have access to his account. Security secret questions, sms, email, so many things can be added. Kraken has a great security system with Global Settings Lock that could be implemented in the decentralized NNS.
Hope Dfinity will prioritize much stronger security for account holders.
I, personally, do not use mnemonics (no keyboard typing) as I believe this is the weakest (bad) way. I only use hardware device like Nano, Yubikey and finger print.
Will be interesting to see how it turn out.
Keep us posted please


Totally agree with you. Hope @xiaobing could get back his account finally. Also hope @xiaobing could share the latest info with us here.