Important advice from an ethical hacker

Thank you very much for your pro advises! I really appreciate that!

Please install a pro antivirus software (mcaffee, norton etc.). You were obviously hacked and I suspect the Google extension site was fake. I recommend using Brave Browser instead of Google Chrome. Only thing you can do now is to learn from it. I was scammed myself and learned the hard lesson. Stay safe.

If you share the relevant wallet addresses / transactions, maybe we know more from the public blockchain data. It’s sometimes easy to associate certain addresses to certain types of attacks.


There’s a website to check how much of your data was breached and what companies were breached for your data. It’s haveibeenpwned (.) com, Robinhood was breached and a few other companies I use.

Just looking now, Coinmarketcap back in october last year was breached with 3.1 million emails being stolen and traded on hacker forums

Hi everyone.
I just wanted to report that on the 7th of April all my UST where withdrawn from my anchor earn and sent to the following address:


I’m sure i didn’t use a “fake” site and I know that not using an external key makes me the only one responsible for what happened. It’s just extremely frustrating not really understanding what happened.

1 Like

From OP there is a plethora of ways for your account to have been compromised. Have you ever used an electronic over a non home wifi? What’s the router firmware for your home network? Do you use a VPN? Do you have a reserved IP for said VPN? What is the VPN’s policy? How do you store your key phrase? Do you use a hardware wallet or software wallet? Can you confirm you don’t have compromised accounts? Can you confirm your DNS was secure / without bad nodes? Was it your ISP dns? What’s the software version of your electronic that hosts the wallet? Have you ever transferred your wallet to a different host machine? Do you torrent? Do you have forwarded ports? Do you mine crypto? Have you ever used the internet with the machine you have the wallet on? Which sites do you normally use with said machine? Have you ever used the internet with the machine that has your wallet on cellular? Do people you know know that you use a crypto wallet? How much do they know about your usage? Do you delete cookies after every browsing session?

Chrome just had that 0-day exploit patched, we won’t ever know if the products we use are 100% secure of vulnerability, a long time ago I used to work as a iPhone support and I used to have hundreds of people a month claim that their phone was mysteriously hacked and they did everything right, likewise there was nothing apple could do about it since there’s so many human attack surfaces before even getting into the technology ones. There was a system in place for security specialists who detect vulnerabilities to have them escalated. In anchors case or terra stations it would be a bug bounty. If it wasn’t reported for bounty there isn’t anything to be done really apart from self reflect on your personal security.

Just a small number of the millions of questions you’d need to answer to find out what happened.

The same thing happened to me yesterday. I had a significant amount of UST earning interest in anchor protocol. Someone, clearly an expert, was able to access my wallet and drain all my funds to a wallet address: terra10x5sezspctjxs27vql9xm4efrm93tlwzpj402n
This wallet is active right now and is draining other peoples wallets as I type this.
Some ongoing exploit of terrastation wallet is occurring and nothing is or can be done to stop it.
Nothing from support. Why even provide a contact method if it is never answered.

There is no ongoing exploitation of terra station wallets. The problem is between Chair and Computer (PIBCAC).

If what your proposing was feasible it would be front page news the moment it was discovered. Please keep yourself safe and DYOR in terms of security. Otherwise forgoe custody to someone who will do it for you and is willing to hold the liability of loss of funds.

That’s really stinks! Sorry to hear about that! Personally, I will never use Terra Station again until we can get a definite answer on how this keeps happening. FYI, you can still invest in Anchor via Okcoin and get the same interest rate without having to use Terra Station. Yes, it’s a centralized exchange, but after several years of investing in crypto I’ve never had any of my funds stolen from a centralized exchange. However, the first time I go the “decentralized-my-keys-my-funds” route, I have $2k stolen. Just saying.

You do realize that if it’s a problem with terra station or Anchor then OKcoin isnt safe as well as they will have their accounts drained right?

I understand, but something inexplicable is happening with Terra Station to more than just a few people. I am not a newby and as far as I know, I took all the precautions that have been suggested and still got hacked…Downloaded the wallet directly from the play store, never used public wifi, used a VPN, never shared my keys, etc. Nobody has an answer.

unfortunately, while your seeing a problem security specialists are not. So you have to look elsewhere for the solution.

The forums is not a place to complain about hacks.

@moderators please lock the thread thank you people are just using it for spam at this point.

If you think this is a problem submit the bounty, thank you. This is not something anchor protocol is able to address for you.

What spam? We’re having a discussion here. If you don’t like what’s being discussed, don’t join in. Asking for the thread to be locked because you don’t like what’s being said is pretty petty and childish.

You’ve been actively trying to claim your own mistakes is a security flaw in the terra station wallet or Anchor protocol which is not the case and has been proven so. You have no proof other than you had your funds stolen. I’m sorry it happened but it’s nobody’s problem but yours. Go somewhere else because otherwise what are you discussing?

The most you should be discussing at this point is how to keep your funds secure which you are not. You are consistently and constantly alluding that there is some underlying security flaw no auditor or security specialist has found. I find this to be an insult and an attack on the community.

Kindly carry on your discussion elsewhere or submit a ticket on the terra station or anchor discord it’s not for here.

I personally have not alluded to any security flaw, but am just trying to find out what happened. I’m just saying that I took all the security precautions that you and others have mentioned and still got hacked, so there might be something else going on here. As such I’m just trying to get help from people who are supposedly more knowledgeable than I, so this doesn’t happen again to anybody. Isn’t that what a forum is for? I would think this would be an important discussion for the community and that those who’s really care about Anchor and it’s mass adoption would want to get to the bottom of this stuff and make sure it doesn’t keep happening.

But I guess I was wrong…

No the forums are for discussing governance proposals and changes.

If you read the OP (first post in this thread) he explicitly says you money could be stolen for a variety of reasons outside yours, Terra’s, or anchors control and unless your an expert you probably wouldn’t know or be able to figure out which attack surface you were on.

What your discussing isn’t even on topic with the original post of the thread.

I used to work as an Apple IOS support a while back and we would have plenty (10s of thousands) of calls a day of people claiming that there was a security flaw or their phone got hacked and they did everything right. Sadly to say not even apple can do anything but turn them away.

It’s interesting that each time an issue is brought up about lost funds, there is no feedback on finding out how it happened. Nor is there any information about how to secure your wallet so this cannot happen. When a wallet is accessed through chrome, might it be chrome has a security issue? I propose changing the withdrawal process for UST earning APY on anchor protocol. How can withdrawing aUST be made more secure?