| description |
|---|
What to do if you've been hacked or scammed |
If you are the victim of a crime, it is vital that you report it to your local police department as soon as possible. They will have the resources, the expertise and experience necessary to conduct a thorough investigation into your case and determine what the best course of action is to recover your funds.
Some countries have a special "cyber crime" or "financial crime" units that you can report crimes to as well. Your local police should provide you with all of your options.
Xaman is not part of any governmental law enforcement agency nor we do not have the legal authority to conduct a criminal investigation. As well, we are not permitted to interfere in police investigations.
If the police require our assistance, the will contact us.
Investigating criminal matters, which now includes crypto and blockchain crimes, is one of the primary responsibilities of law enforcement. In most countries around the world, the local police departments are getting better when it comes to investigating cyber crimes. (After all, blockchain has been around for over 15 years now.) If there is any chance in recovering your funds, the police will need to be involved.
Transactions on the XRP Ledger can not be reversed, blocked or "undone" and the XRPL does not have any administrative functions built into it, so there is no way for Xaman or anyone else to modify or change a completed transaction. All transactions on the XRPL are permanent.
The 6 digit passcode is used to access the Xaman app and in some cases, sign transactions in Xaman. It is not used to access your XRPL account. (That's what the secret numbers are for.) Changing your passcode has no effect on your secret numbers.
The same applies to your signing password. Both the passcode and the sign password are LOCAL security measures to protect your secret numbers locally on your phone. They do not prevent someone from accessing your account if they have your secret numbers.
-
After you have contacted the police, explain exactly what happened which lead up to this situation. They might need access to your phone and your internet history so you should be prepared to surrender your mobile device and your internet records if required.\
-
Consider re-keying your account and disabling the master key for the compromised account. If you do this, it will prevent the scammers from accessing your account again.
| How to re-key your XRPL account | how-to-rekey-your-account.md | Large rock with Key.jpg | ||
| How to disable the Master keys on an account | how-to-disable-the-master-key.md | Large rock with Lock -2.jpg |
-
If re-keying looks too complicated, you can alternatively create a new account, then move your remaining funds over to your new account then delete your compromised account.
Here is the link to the articles that explain how to do this:
How to create a new XRP Ledger account using Xumm
How to delete your XRP Ledger account\ -
Try to think of ways your account secret could have been compromised.
- Have you ever shared your private key it with anyone?
- Was your private key stored on a cloud account or somewhere else online?
- Was you private key stored on your PC? Mobile device?
- Have you ever entered your private key into a Google form?
- Have you ever entered your private key into another crypto wallet service?
- Have you ever entered your private key into a Website?
- Has your phone ever been in for servicing or repairs?
- Do you use public wifi?
If none of these apply to your situation, there is a good chance that your mobile device has been hacked.
At this point we strongly recommend you consider wiping your phone and start reinstalling applications one at a time. Do not restore from backup! Without knowing how your phone was compromised, restoring from backup could be dangerous.\
Apple
{% embed url="https://support.apple.com/en-ca/guide/personal-safety/ips4603248a8/web" %}
Android
For instructions on how to wipe your Android phone, contact your phone manufacturer.
We take security VERY seriously.
If you have found yourself in this situation, you should consider the following suggestions moving forward:
- Xaman (Tangem) cards - these cards are an excellent way to take the security of your XRPL account to the next level. You can learn more about them here:
| How safe are Xaman (Tangem) cards? | how-safe-is-a-card.md | Large rock with Lock -2.jpg |
- Review the following article and consider how you plan to interact with the XRP Ledger in the future.
| How secure is Xaman? | how-secure-is-xumm.md | Tokens and coins -1 (1).png |
.png){kind=link}
- Contact your local police immediately if you are the victim of a crime.
- Either re-key the account or
- Create a new account and move your assets over to the new account
Note: Be advised, Trust Lines will have to be duplicated (temporarily) in the new account until they can be removed from the old account requiring enough XRP to cover reserves for two sets of Trust Lines until the move is complete.