Symbol Launch - Opt In Issue Affecting 35 accounts
All,
It has come to our attention that there is an issue affecting < 0.1% of opt in accounts, it specifically affects people who opted in from the mobile app (iOS or Android, both are affected).
This issue means you will not have received your XYM and need to contact the helpdesk to arrange for you to receive it.
We know the exact root cause and exactly which NIS1 accounts were impacted, if your account is not in the list below, this does not affect you.
Summary
- 35 NIS1 accounts have an issue with mobile opt in
- If your account is in the list below, please contact helpdesk for your XYM
- Total tokens involved is ~280k
- NIS1 tokens are unaffected
- NGL have locked all the affected Symbol accounts under multi-sig
- Further detail on root cause and what happened below
Detail
The short version:
- There is an issue in one of the underlying libraries that mobile opt in uses and it means 35 accounts have opted into 2 Symbol accounts.
- The first person to log into those 2 accounts has moved them to another account.
- Anyone who logs in after, will see a transaction that appear to empty “their” account - the problem is the account was shared by 35 people due to the issue.
The more technical version for full transparency (can be checked in Github as well). The library that was used in the mobile apps, accepted a null value and derived it to a valid path - it results in approx 50 possible valid private keys. Additionally, the NGL code did not test that input for null. It is a very hard issue to reproduce and in order for that value to be null, its likely something like internet connection dropped briefly, app lost focus at just the wrong time etc.
The net effect is that the opt in was valid, its just it was opted into one of the ~50 possible accounts, 32 of the optins went to one Symbol account and 3 went to another. This is why we know exactly which NIS1 and Symbol accounts are involved.
Resolution
If you contact the helpdesk and flag that your account is one of the 35 on this list, we will arrange for expedited distribution of your XYM along with an apology for the inconvenience and a complimentary Ledger device (no KYC with NGL needed) for your trouble.
Helpdesk: NEM Helpdesk
Affected NIS1 Accounts
- NCPCPOQPZWCOXRP7WZC7SFPKPY3BZR2DLRCBJ2T7
- NAZMY4X62OOPXGHSFA4LBLFJA2D476K3QOCZJVHO
- NALXXCVGL4J37VHRG7UNBMVPGCGQYCCPZMO74UYH
- NC6JNDUZAEJTOSBIOFRAVU2PGRPCFMHGVVZQDNBV
- NCPQIAJ27U6NA6BKBR6UNTO2XGPVXHQUYLUVVT6X
- NC7LO6FUP5IVVLRGISITIWMPJA54HOS3SUO6G4VI
- NBLJNFHGJXGLJIFDYMI5DPP4P7BC6ZRAMX53RTQQ
- ND4PTYWPUYCYEHSXOBQ72P5ES6ERDHY476OFST3A
- NCOEYH4DVFQRPNQWCEQIIJJD5USOQT6SHFAWK4E7
- ND42I2GNBSGU4WAVQ4WCODIOKKAHAS3R3MM4UNLX
- NCG7JAHWSWWQPGD7CSD5JEOC255DQ5Y7HEYVFFDT
- NANFKUBEFLSUN5RODLAEENAOT557B4ILH33Y75DM
- NAPEFGPGOBAXUWJ343FICGW7TIOWIETMZTIYWSWK
- NBTTAMXFPHNWVT575MHID3VOLPMIVYFITALQAIN6
- NCV7ON6OWM4CW5TEMQJXMS4Z4G524QUZTULQA6C3
- NBNF3ND6VANYZP4W6VABM4SAFQDUHZ5E6MOZZ5BH
- NAANVMWQDNDJ4JMRNTISBLF7E7ZGNPBSJCUSY7PA
- NAIMBQHUD5X6IJLQB62Q7UOQTNU2RG6PX44A65YG
- NAASYKEG4FYDADDAE37BWTCIK3TWDRL74ZMJYGTG
- NAUFPR54FXYJCJGSYMCUQDFCB2FUFMNPJYCICU3H
- NBSFWCLUWBUOW4YMWPUYJIPF47UVXOYMN76H7NWJ
- NDDSDYGJPKQMKLV572KEB7NQJNWDXMNPUJYAZ62N
- NDGHBJ26GTVUEIPSX6NQ7DAC6HT7MPXJEZY5B7QV
- NCKHRHSJJVHWWTY4Y6OLANNGHX7DMVLURT6GMWOL
- NCJPK7LG5ZFXVE63BQG77GU6JA4KLCJYRLIQYCNP
- NDU523KQBCR4XLIQGKPT4MMJ4KC525HWJGTZ752A
- NAQQWIL5WJI24L5U2YOP6ASJZCBI6HOEWOGBLIQ5
- NC53EQ5I2HMAYAP65H745DLPHNO5L7FOXQYNF5J5
- NCPMCZX5KZWJUT7C6PAKNHAV765EL66XR3LTZSBF
- NBLHR5OPK2IGHMMJ3QN3HTBIB6EQMZ7N4K44TOHS
- NDCYUIGEOHSLHPDUZRM6XZRBEMIL7FSWYM2ECPLX
- NBL644KBSRMCSJZINMNQCZX5RT3ELHRI4UPOTWAQ
- NCROETVX43UA46FZSZRPFYIE5Y3FGDP7HEOGD4JO
- NDBKLWMFLUZSPCGRPUO556RH4OJFLEMRSKQORK2R
- NB2WSAHGD5SDDNH3XEEVAJFLBBGIV2PMFDWCBYWM
Corresponding Symbol Addresses for NIS1 accounts above:
- NAQCFECNGKSKQSCSV5XNB6H4EMS4BYLNTO5QWRI
- ND4ZLFPFQJLNO3VRXI4ST4X5QXFW5TG2FIYF2AY