My NNS has been stolen,Please help me

It has been two months since I lost control of my NNS account, and I have communicated with Dfinity staff for two months to deal with this matter. Now the latest situation is that the public key in my hand is inconsistent with the public key in the system by comparing the public key. Dfinity’s conclusion is as follows: - You have the wrong identity anchor number. (But 00000 is the one which was included in the seed phrase correct?)

  • You have been hacked and somebody has generated a new seed phrase.

  • There is a bug that has caused this, but nobody so far has contacted with the same problem.

Dfinity doesn’t have time to deal with this anytime soon. I don’t know what to do, please help me

7 Likes

00000 is likely NOT the correct anchor number.

If you have the seed phrase but have lost the anchor number, you could certain try to automate the recovery by trying all different likely anchor numbers along with the seed phrase and see which one sticks.
(This, btw, is a problem with cold wallets that can store the 24 word seed phrase; but nowhere to store the anchor number in addition).

If your identity has been hacked and seed phrase changed, there is not much that can be done.

If it is a bug, then it should likely manifest itself with someone else as well. It doesn’t seem to have. Therefore the likelihood of it being a bug is small

1 Like

The identity anchor number and the mnemonic are correct. I can provide the binance KYC of the transaction address of this account to prove that the account is mine

Hey there,

As the person who helped you with your ticket 000000 is not the Identity anchor you used in the our correspondence correct? Are you using it as an example here to not expose your real Identity Anchor or was there a miscommunication?

  • I hid my identity anchor number

It will be necessary to have a recovery system. The lack of such a system is very scary for investors. Why not implementing a 4 mandatory way: SMS + Email + 3 personal questions + face recognition or fingerprint to recover the identity number. Then SMS + Email + 3 different question + face recognition or fingerprint to get in the II manager to add or change devices.
Seed phrase is something I don’t want to have (and I do not have) and should not be available. This is such a weak recovery system.
Don’t wait some people loose access to their account and take this to the media to act. once trust is destroy, it is very difficult to earn it back.
May be some have much better idea but one thing for sure, we need it somehow.

3 Likes

https://twitter.com/LydiaLEI3/status/1448210678381174786?s=20 this could be the same thing

Your idea is very good, but the authorities don’t seem to realize the need for this problem

Have you verified the numbers and the words before you used this account?

I recorded it with my camera, so they are accurate. I had been using it normally for two months when it suddenly stopped working

Can you provide more details such as, did you also recorded the right identity anchor, did you use the same computer to operate, the entire operation process? so as to help analyze?

The team may need to look at this.

I have been in contact with the team for two months and the team’s attitude now is that there is no time to deal with this matter

1 Like

Hey xiaobing,

I’m am very sorry that you still don’t have access to your funds and hope you will regain it somehow, but this seems like a mischaracterisation of the help I tried to provide.

First we made very sure that you went to the process of recovering with your seed phrase correctly and you were using the correct Identity Anchor.

I even wrote a hacky custom program to get the public key from your private key locally to see if the seedphrase was incorrect somehow:

This public key did not match to the one tied to the identity anchor. If there was a bug in the canister somehow that would mean:

  • only your memory was corrupted somehow
  • this perfectly removed other public keys
  • this corruption perfectly altered your seed phrase public key to another valid public key.

Therefore the chance seems pretty much zero that this is the result of a bug. At this point there isn’t really anything anymore we can do for you.

First of all, thank you for your help. Dfinity is responsible for protecting the legitimate rights and interests of coin holders. I believe there will be other users who lose control of their accounts for various reasons. I can provide materials to prove that the account belongs to me, and Dfinity should have a mechanism to help us restore control. As John Wiegley said, launch a proposal, let the community vote, vote yes and I will regain control of the account.

1 Like

I have carefully protected my account. I prepared two Yubikeys and mnemonic words, and then TESTED them to restore my account before I pledged ICP. I did not expect such a problem would happen, and I still do not know the reason. This is all my money, pledged for eight years

Can you know if the 24 words of the account was changed or not?

1 Like