I've been scammed!
What to do if you've been hacked or scammed
If you are the victim of a crime, it is vital that you report it to your local police department as soon as possible. They will have the resources, the expertise and experience to conduct a thorough investigation into your case and determine what the best course of action is to recover your funds.
Some countries have a special "cyber crime" or "financial crime" unit that you can report crimes to as well. Your local police will provide you with all of your options.
Xumm is not part of any governmental law enforcement agency and as such, we do not have the authority to conduct a criminal investigation. We can not interfere in police matters.
In most countries around the world, the local police departments are getting better and better when it come to investigating cyber crimes. Investigating criminal matters, which now includes crypto and blockchain, is one of the primary responsibilities of law enforcement. If there is any chance in recovering your funds, the police will need to be involved.
Transactions on the XRP Ledger can not be reversed, blocked or "undone". (The XRPL does not have any administrative functions built into it, so there is no way for Xumm or anyone else to modify or change a completed transaction.)
The 6 digit passcode is used to access the Xumm app and in some cases, sign transactions in Xumm. It is not used to access your XRPL account. (That's what the secret numbers are for.) Changing your passcode has no effect on your secret numbers.
The same applies to your signing password. Both the passcode and the sign password are LOCAL security measures to protect your secret numbers locally on your phone. They do not prevent someone from accessing your account if they have your secret numbers.
After you have contacted the police, you should consider doing the following:
- 2.Consider re-keying your account and disabling the master key for the compromised account. If you do this, it will prevent the scammers from accessing your account again.
- 3.If re-keying looks too complicated, you can alternatively create a new account, then move your remaining funds over to your new account then delete your compromised account. Here is the link to the articles that explain how to do this: How to create a new XRP Ledger account using Xumm How to delete your XRP Ledger account
- 4.Once your account / funds are secure again, try to think of ways your account secret could have been compromised. Have you shared it with someone? Was it stored on a cloud account? On your PC? Mobile device? Have you entered your account secret someplace? A google form? A crypto wallet? Website? Airdrop? If you can't think of anything, there is a good chance your mobile device has been hacked. At this point we strongly recommend you consider wiping your phone and start reinstalling applications one at a time. Do not restore from backup! Without knowing how your phone was compromised, restoring from backup could be dangerous.
For instructions on how to wipe your Android phone, contact your phone manufacturer.
We take security VERY seriously.
If you have found yourself in this situation, you should consider the following suggestions moving forward:
- Xumm (Tangem) cards - these cards are an excellent way to take the security of your XRPL account to the next level. You can learn how here:
- Review the following article and consider how you plan to interact with the XRP Ledger in the future.
- Contact your local police immediately if you are the victim of a crime.
- Either re-key the account or
- Create a new account and move your assets over to the new account
Note: Be advised, trustlines will have to be duplicated (temporarily) in the new account until they can be removed from the old account requiring enough XRP to cover reserves for two sets of trustlines until the move is complete.