Hi, a few days ago I unstaked my eos in the anchor wallet, v1.1.12 but it is still saying “refunding”. How long should this take?
Regards.
It takes somewhere between 3-4 days to complete, and if you unstake again during that time the countdown resets back to 3-4 days again.
If it’s past that mark and you still haven’t received the tokens, check this thread for some more information on how to lookup your account and manually refund the unstaking operation:
1 Like
Thanks Aaron, will do.
Just to let you know, option 2 worked perfectly. Option 1 didn’t work in the Anchor app. Many thanks for your help.
Regards
Jo
1 Like
Hi Aaron
I’m trying to send you a message but can’t seem to work out how to do it?
Regards
Hi Aaron
It looks as though it’s worked? I think I may have fallen prey to a scammer as a result of unstaking my EOS tokens in the Anchor Wallet. I would be grateful for your help.
Thanks
Messages on the forums are disabled for the same reason we’re moving away from telegram. It’s expected you make a public post, like you did below 
How so? Did you use an external site that claimed to be unstaking, but actually wasn’t?
Thanks Aaron. My token were being refunded and I thought the process would happen rlatively quickly. Blockone suggested I join the EOS Telegram Community. I was contacted via the Telegram Group that appeared to be from EOS support. They led me to this website:
https://eosauthority.co/dashboard/
and got me to paste in my private key! Nothing happened. They then asked me to put in my Ledger seed phrase. At that point I knew it was a scam so I exited. My concern is once my tokens are refunded and I type in my Anchor password my EOS token will disappear.
Many thanks for your help
Yeah, this sadly is a common scam that happens in telegram and the reason in so many channels and profiles you’ll see “I don’t PM first” or “Don’t respond to PMs”. Scammers can easily impersonate and trick people into doing things they didn’t intend.
Immediately by looking at the above, I can see the problem. The URL itself is a phishing website because it is eosauthority.co instead of eosauthority.com (.co vs .com).
Something likely did happen - they probably used your private key to change the private keys associated to your account, and take controlling access away from you. If you check your account on a block explorer (like bloks.io or the real eosauthority.com), you’ll likely see there is an updateauth action which is the command to change who controls an account.
If you have two private keys, one for owner and one for active, and your tokens aren’t already unstaked, there’s a chance you can recover your account here - but if your owner and active keys were the same it’s a good chance they’ve taken control.
Anytime any website asks for your private key you should consider it a scam. It’s not safe to put your private keys anywhere except a local wallet you know and trust, and have downloaded from the official source.
If much of the above doesn’t make sense and you’d like for me to check on the account, I would just need to know the account name so I could look it up and see the transaction history. Feel free to share that here or send me an email to aaron@greymass.com and I can take a look.
Many thanks for your help. I will email you directly now.
Thanks, email received.
I did check the account on a block explorer, and it does look like the account itself had the active and owner keys changed. Because these are now changed, sadly the account is now under control of the scammers and there’s not much anyone can do about it.
I wish I had better news for you.
Are you sure there is nothing I can do. I only set up the wallet this afternoon! There were two accounts.
Thanks for your help.
I’m nearly 100% sure. The account you sent along had it’s keys changed, which invalidated the public/private key you control and the account in question is now under the control of a different set of keys.
There’s nothing at the blockchain level that can reverse this action (except the top 21 BPs intervening, but they don’t do this). Whoever has control of the new keys controls the account, and any funds associated with it.
Quoting your email - I’ll also elaborate on this a bit. The password to your Anchor wallet is a password used to protect/encrypt your private keys on your computer. The password in Anchor and your wallet itself aren’t directly related to your account on the blockchain.
If your private keys are stolen (like in this situation), then Anchor has lost control of the account and will no longer work, regardless of whether it’s unlocked or if they got the password. The only thing these are good for is interacting with your computer to unlock the private key(s) that Anchor is protecting.
Ok. Thanks for your help Aaron.