Support tells me my 15 ETH went to another user

Marko. I sent the 15 ETH immediately after I received the shield address. At the most 2 minutes. Jeff

When was it actually sent on the blockchain though and confirmed? (Requesting an exchange/custodial platform withdraw is not the same as when it’s actually interacting with the blockchain). Was it within the 2 hour window? The timeline to me is unclear.

When I checked etherscan the time was a day after I initiated the withdrawal.

Ahh, so the protocol acted like it was suppose to and you didn’t shield within the 2 hour period specified…but under previous circumstances the admins here have been able to intervene to manually retrieve those coins. I think this this is perhaps first time someone was ‘smart’ enough to keep requesting shielding addresses until they happened to capture your 15 ETH.

It’s always a sad day when we make mistakes with crypto…it’s pretty unforgiving when we humans attempt something outside of what the code allows. I’m happy to understand that the protocol operated without hack or exploit but I’m very sad to hear about your loss.

So I have a couple of questions…1. Was the identity of the alleged perpetrator found and if not is there a way for their identity to be determined? 2. If said identity is found can there then be some type of recourse for @Fly to pursue to retrieve or recover his lost funds? and 3. Being that this was not @Fly’s fault but instead a deficiency in the system before the upgrade and fix that Incognito just implemented the least I think Incognito can do is make @fly whole as to his loss?.. meaning being that he has proven and Incognito determined that it was a bug or hack that was at fault with the system then one would think that the project should make @fly whole for his loss…

I don’t want to be boring but I have suggested an insurance fund for such situations.

Links:

1&2. They are anonymous. Maybe they will gain a conscience and some shred of decency.

3. Funds were received outside the shielding window. the improvements remove the need for these instructions - so that the system is more flexible. so that this particular user mistake cannot happen again. it’s not a fix for a bug.

previously, if the instructions outlined in the original design were not followed, the dev team would simply try to help if they could. this time, a shitty predator watched out for and took advantage of the mistake before it was reported.

4. It absoutely sucks that it happened. speaking on behalf of myself, i really am sorry for his loss. if the attacker is reading this - you are absolute scum.

Hey @ning…thank you for responding to my post and it is good to hear from you…I understand what you stated about the identity of the perpetrator is totally anonymous as well the system was designed to do…keep the identity of the person interacting within the network anonymous. This I understand and therefore unless that person grows a conscience and returns the stolen funds to @Fly…basically Fly is out of luck. Where I beg to differ with you is as to Fly having made a mistake. As you stated the system had a design flaw in it that you all just fixed and corrected. A flaw that @Fly and well all of us and even the dev team were not aware of…and that was that the error had to be reported within a specific amount of time…that being 2 hours under the design of the system at that time so that the dev team could go in and recover the coins and make sure they got to the proper owner…and now it seems that that issue has been removed and the user no longer needs to report the issue within that time. So it seems to me that the system had a flaw in it by design and that was that failure to report the issue to the dev team in time would risk the possible loss of coin to a perpetrator committing the hack that they did in this instance…IMHO a hack that worked due to a flaw in the system and therefore not Fly’s fault and he should be made whole…but then this is just my IMHO tis all…

yes, hello! nice to see you too. maybe there is a small misunderstanding here, sorry if i was unclear.

the error referred to is not a bug within the system, but a usage error, where funds were not sent within the stated time window of 2 hours. if they were, there would be nothing to report, and no need for dev intervention.

the improvement simply removes rigidity - now there’s no time window to adhere to.

Hmmm… …I see…well then I guess our friend @Fly is well out of luck on this matter…Sorry @Fly…tried to go to bat for you but it seems that they walked me on base instead…lol…anyway sorry for your loss… @ning thanks again for your responses and clarifying the issue…

What is confusing to me is why when I transferred 16 ETH from My Constant to Voyager, My Constant sent them in under two hours. Why would My Constant delay the transfer of 15 ETH to incognito? Of course I initiated the transfer immediately. Jeff

I think you should read here: https://www.myconstant.com/getPrices

It seems that ETH withdrawals with an amount of more than $10k may take 1-2 business days. Probably Constant->Voyager transaction had good luck but the other didn’t have.

I think this is a mistake of the sender. However, it exposed a critical flaw of Incognito, this 2 hour window and recyling of receiving address is obviously so flawed and needs to get robust and improved

This was already fixed

Hi @abduraman, when was the flaw fixed…before or after @Fly accidentally stumbled upon the flaw himself that caused him to lose his 15 Eth?

After.

Hi, @abduraman…thanks for response bro…so basically @Fly stumbled upon a flaw in the system prior to it being fixed…would not then this in part make his loss of the 15 ETH the fault of the system…meaning Incognito…and therefore Incognito be liable for that loss or at least some of it…that they should then make @Fly whole as so far as to his loss or at least some of it, being that the flaw existed prior to it having been fixed by the dev team…I am curious tis all…

Really sorry for his loss but unfortunately, not liable. Because he initiated the remittance timely but My Constant didn’t send the fund within the given time frame (2 hours), i.e. didn’t put it into the network. It seems that My Constant has not any fault tough according to the terms I stated below:

Of course, all of these do not mean that the team cannot help him. We should remember that SAFU is the most important feature which makes Binance grow quickly.

@abduraman Bro, thank you for clarifying the issue and most appreciated it is…I was just playing devil’s advocate on the issue tis all and well the matter having been thoroughly discussed I guess it is time to put it to bed indeed…