First off, I contacted Uphold Fraud Support directly already and they advised me to come here and talk to Brave directly. It seems they’re not going to do anything so far.
Short version: Someone fraudulently redeemed 2 gift cards via TAP Rewards without my knowledge, and my Uphold and email accounts were not compromised. (I had MFA enabled for email account and Uphold account prior to this event). 295 BAT have been spent from my Uphold wallet.
Long Version: I received 2 emails very late last night (early this morning around 1am 1/10/2022) saying I had sent funds to the TAP Network for 2 gift cards. I immediately went on my desktop to log in to my Uphold and confirmed the issue. My wallet amount of BAT was lower than it should have been. Then, I went directly to TAP Network and saw the ‘Activity’ list, and confirmed there as well, 2 new gift cards had been redeemed that I did not redeem. I immediately filed 2 reports, 1 for each transaction, to Uphold for the fraudulent activity. Only my BAT was affected, I have other assets in my Uphold wallet and those were not touched. I think someone took advantage of the fact that my Uphold had authorized the TAP Network previously. I got gift cards for my family around Christmas, December 24th via BAT and the TAP Network, but I never removed the authorization once I had completed my transactions.
Please let me know if there’s any recourse to get my funds or BAT returned to me.
I had this exact same thing happen yesterday as well. Opened a case with Uphold fraud department and haven’t heard anything back.
I have MFA on everything, none of my accounts were compromised or even attempted to be compromised. I had, for the first time, recently spent some BAT on TAP to get a gift card for the holidays. My first thought was I had accidentally checked some kind of “recurring” purchase option.
This feels like an exploit on Uphold/TAP. What I can’t remember, does TAP immediately give you the gift card #? I checked the balance of the card and it’s drained, so it must.
Hey bud, sorry to hear you fell victim to the same thing. I do think it was some sort of exploit as well.
TAP does immediately send you the gift card & code thru the website, not via email or anything.
Uphold gave me the same strange replies, I say strange because they seemed to not really understand the context of the issue (they linked me to Brave FAQ to turn off auto-tipping). Luckily, I contacted TAP Rewards Support directly, and they were able to understand the issue clearly and get my tokens returned to me. If you haven’t already, go to Tap Rewards site and hit the Support button at the bottom and fill out the form.
So, I can say this issue is closed for me, but I will leave the post up for posterity, in case this happens to someone else in the future.
Thanks for following up to this, I’ll take your advice. Any idea how/what the exploit may have been? I’m just so incredibly careful and pretty up-to-date on security best practices. I saw an old brave exploit patched in Aug that allowed people to grab cookies and I did redeem the 1 TAP reward on my mobile device. So I’m wondering if it may have been something similar that hasn’t been reported yet.