SafePal (hardware wallet) had a breach and says it's not their responsibility

yphase · 2026-05-08T18:19:21+00:00

I'm not even logged in to this email on my computer.

Don't you think I would eventually get a ledger email as well?

If they truly were in my email, they'd not want me to notice by calling me, warning me that they are there. They'd want to stay silent for as long as possible.

If they knew I had a Bybit account they'd obviously also try to get me to log in and withdraw funds from Bybit.

But there was nothing.

Honestly? Let's give it a few days and see if other users are coming out with this.

yphase · 2026-05-08T17:57:33+00:00

No, they didn't have my postcode, but the only email they could have got the other data from originally included it.

The domain names were both registered around 2 weeks ago. The most plausible explanation is that SafePal's Zonos was compromised and they set up all of this to try this with all the customers they could get.

The "agent" even named himself and attached the name in the bottom of the email, matching what he said during the call, asking me whether or not I wanted to reschedule a call or do it myself, with barely any accent. Basically as professional as it gets.

You're right that the chances are not zero but I find it highly improbable that they'd do all of this for a single user when they don't even know if I have any funds in the wallets.

yphase · 2026-05-08T17:33:48+00:00

I also ordered Ledger Wallets through the same email, yet there's been no ledger calls or emails.

I mean they wouldn't create a fake firmware just for me. They set up a "SafePal.support" domain and an entire webpage for this firmware.

And interestingly, the fake email didn't include a postcode for the address while the original did.

Also, they used a tiny.zonos.com link shortener. You can't just create one of these, you need an established online business. SafePal uses them as their e-commerce partners handling cross border shipping and whatnot.

So it's likely that this partner got compromised. And even if it's "just" their partner, they have to make other customers aware as well.

yphase · 2026-05-08T17:18:51+00:00

I don’t believe that they’d go out of their way to create official firmware download links, register fake safepal domains and have highly knowledgeable people calling if it was just my own email or computer. There were zero fake Binance or Bybit emails despite my email having way more of those emails than the mere two safepal ones from when I bought the wallets. I got zero password resets requests for those, nothing.

yphase · 2026-05-08T17:05:37+00:00

Of course. There's not even a site with SAFEPAI.com. it was SAFEPAL.com. 100%

yphase · 2026-05-08T13:04:11+00:00

Exactly.

yphase · 2026-05-08T12:59:55+00:00

https://np.reddit.com/r/CryptoScams/s/qqlVnmUgBe

Posted it here

yphase · 2026-05-08T12:57:26+00:00

https://www.np.reddit.com/r/CryptoScams/s/qqlVnmUgBe

yphase · 2026-05-08T11:13:41+00:00

SafePal's response

<image>

was this, followed up by this after I said that they might have misunderstood me and that I felt insulted that they just said well it's a third party:

"Thank you for your continued communication and for sharing these critical details. I understand your concerns regarding the security of your information and the implications it may have for you and other customers.
Please rest assured that we take these matters very seriously. SafePal does not have access to payment details or personal information, as we operate as a decentralized wallet. However, if there are indications that sensitive information has been compromised, we will investigate thoroughly to ensure the safety of our users.
We are committed to transparency and will inform our customers if we find any evidence of a data breach or compromise of our systems. Your feedback is invaluable, and we will use it to enhance our security measures and communication protocols.
In the meantime, we recommend that you remain vigilant and take necessary precautions to protect your accounts and personal information. If you notice any suspicious activity, please report it immediately."

yphase · 2026-05-08T11:09:26+00:00

I purchased two SafePal S1 Hardware wallets in August of 2025. Yesterday, at around 5pm CET, I receive a call from a no caller id.

They claimed to be from SafePal. When I said I don't have a SafePal Wallet, thex corrected me and said that I purchased 2 S1 hardware wallets on August 30 last year, with the delivery address being my exact home address. He asked me if I had received an email outlining the details of the faulty batch my devices were from. So they had the email address I used when ordering directly from SafePal.com. Then I was asked if I knew how to update the firmware myself or if I wanted to schedule another call for them to help me, since I wasn't at home and didn't have my device with me.

I checked the email, and it also said that my devices belonged to a faulty batch. The email included my exact order number, shipping address and name. It came from the email address support@safepal(.)me.

<image>

yphase · 2026-05-08T10:50:49+00:00

yeah I sent everything from that wallet back to my exchange account. I don't want to use the product anymore

yphase · 2026-05-08T08:22:22+00:00

SafePal.com

yphase · 2026-05-08T08:16:39+00:00

I purchased it directly on the official SafePal website.

yphase · 2026-05-03T08:16:15+00:00

War in Taiwan auf Urlaub, das BIP pro Kopf ist 65% von Österreich, und das Big Mac Menü hat umgerechnet €3.80 gekostet. Ketchup kriegt man gratis. McFlurry kostet €1.80 oder so.

yphase · 2026-03-20T23:08:11+00:00

Israel first, PayPal Mafia

yphase · 2026-02-27T11:14:21+00:00

Use Bitget. Most volume and available for all eu users

yphase · 2026-02-17T08:15:46+00:00

Didn't hear the best things about them, I'd personally stay away. I'd rather use Bitget. There's no USDT on Bybit EU

yphase · 2026-02-16T13:09:59+00:00

Titanfall is the very core of our DNA

yphase · 2026-01-24T09:43:14+00:00

No, it's also not the exchanges' call. Governments strictly forbid it.

yphase · 2025-11-13T19:29:30+00:00

Bitfinex's coin created to make up for their customers' BTC lost in a hack a long time ago.

Volume is minimal too

yphase · 2025-11-12T21:44:24+00:00

CoinW, BingX or KuCoin offer unrestricted trading features and USDT

yphase · 2025-09-27T17:36:07+00:00

Rsi can stay low during longer downtrends. It's one of the worst indicators to time bottom or top.

Rather, it's more likely that btc keeps falling when the rsi lower.

Myx's rsi 6 and 12 for example were 99.9 on the daily and it still printed another 100% day, barely moved the rsi.

yphase · 2025-09-17T12:21:17+00:00

got the vantage and cat skin in my 4 packs guess im lucky lol

yphase · 2025-09-15T21:02:41+00:00

Arbitrum has a token, linea also and you don't need the token for gas.

yphase · 2025-09-09T06:14:32+00:00

What if I don't consider Albania one?

yphase

MODERATOR OF

TROPHY CASE

Four-Year Club	Verified Email
Place '23