Send ONE to wrong address

Hello there!

I tried to send my Harmony ONE to Binance, however I chose a wrong address.
So now my ONE went to WONE contract. Can anyone help with it?

The tx hash is 0x38d3de739dd9c6c015ad5a9962ee66ba49b340c9be7049c64e2a4a9c34be0cb8

Many thanks!

Well, of all the contracts to accidentally send ONE to you appear to have gotten extremely lucky here. It looks like it has a fallback function that acts as the same as the deposit one, meaning it seems you have WONE now which is the same as ONE but “Wrapped” as a token. You’ll need to unwrap it back to normal ONE.

Try going to your favorite dex(Sushiswap, Defikingdoms, Tranquil for example), seeing if you have a balance of WONE there. You should. Then exchange the WONE to regular ONE, it will be a 1:1 rate.

Hi Rel,

Many thanks for your help!

I checked my WONE balance in the wallet. Yes, ONE was wrapped to WONE.
Really a big favor and thanks again:)

I am sorry but after unwrapping on SushiSwap, I cannot find my balance again…
I thought the problem is from this tx: 0x36c97497931b60cd0ca5b3160a52c5f65382c3dc671600afc3c7ac448a213653
Almost in one second my ONE balance disappeared…weird enough

My address is 0xcBC449B1cf11844446e95295fCaB1C72d72eC69A
Could you please help a bit? Many thanks again.

Looks like you bought 1ETH in that transaction. The explorer is acting up at the moment so I can’t see what you have right now. But maybe you just need to add whatever token you trade for to Metamask?

I checked the history again. Unfortunately, seems that somebody has extracted the token. Probably I approved my metamask on some spam website. Anyway, a good lesson…

Maybe but it also looks like you swapped the 1ETH to 1USDT maybe? And tried to use a third party bridge to try to bridge out with a cross chain swap? Not sure exactly if that’s it without looking more, but you should know that 1ETH, 1USDT and many other assets are depegged due to the official bridge being hacked in June in case you were not aware.

If it is a bridge then they should be able to point you in the right direction. Just be prepared for some slippage(a lot) in case you were expecting the full amount on the other side since 1USDT is currently worth 12c or something along those lines.

Hopefully it’s something like that rather than malicious. I won’t be able to check again in the next little while but I’ll check back later.

Yes, I have same feelings after checking the txn history. But what I did was only to swap WONE to ONE on sushiswap. Then I saw the ONE balance on Metamask. While just after several seconds ONE disappeared.

I suspected I misclicked some spam website. Finally the 1token was transferred to ETH, and the recipient should be the potential attacker.

Seems strange with all the transactions signed by your account, so not sure what’s going on here but it’s not simply a malicious approval where someone transfers out some token and that’s it after you revoke it. Whatever this here is exactly I’m not sure, but it’s more than just looking at the chain to see what happened meaning countless possibilities, so beyond me.

You will probably want to exercise extreme caution using that account for anything, or even the device until you have a professional or someone similar figure out what it was.

edit: I will say it sucks to have thought it was lost only to get it back and have it lost again. So sympathy from me there. It is scary to see all those transactions signed by your account if they weren’t from you. Either someone would have direct access to your private key, your device in some way, or a site was able to repeatedly get you to sign transactions.

I heard there was a new Chrome 0day exploit today so I thought I’d come back and mention it, no idea if it’s related but good chance to remind people to update. And also make sure you are always using the real version of any app. Crypto still has a long way to go for UX and safety as it’s always painful to see these things happen.


iOS, MacOS too. The timing here is interesting. Especially if Metamask is tweeting this.

True, safety is a problem for me now. Gonna remove all approvals and tried to see which approval was the malicious one.
And, I believe a new wallet is a better choice here.
Thanks again mate, at least I learnt much from this attack.