Suspended account (and app name) after I managed to successfully publish it?

Hello, I was learning how to develop snap packages via dotnet7 and just managed to successfully published my first helloworld app from GitHubActions ( on a beta channel, and then suddenly I get an email saying “Ownership of the ‘packwallet’ snap has been transferred to another account.” and when I try to log-in into my UbuntuOne account I can’t, and if I click on “reset password” I get the error “Error: The provided email address has been suspended. It is not possible to reset the corresponding account’s password.”

Can you please tell me what’s going on? Thanks

You happened to choose a Bad Day :tm: to publish a brand new crypto wallet app.

The store has been under attack recently from people orchestrating bots to publish scammy wallets.

Frankly, it’s not 100% straigtforward and accurate to be sure who is a good, and who is a bad actor.

With absolute respect :pray: and meant with kindness :innocent: - your avatar looks 100% like an AI generated face from This Person Does Not Exist . (In fact an AI detector says it likely was) Please, that’s not meant as an insult. But it’s a factor included when people are trying to determine if a publisher is “good” or “bad”.

I imagine a store admin will be along soon to help, but it might take a while, they’re busy combating crypto nonsense.


Hi @siwatanejo,

In the recent weeks, we have had a number of malicious crypto-wallet snaps being uploaded to the Snap Store. In response to this, we complete daily reviews of new snaps being uploaded. To protect our users, we quarantine and remove all snaps that look potentially crypto-related, and suspend the publisher’s account. This is the reason why your account was suspended.

We are in final reviews of a new policy that we will implement, requiring verified account status and additional publisher vetting for genuine publishers to be able to publish crypto-related snaps. It will be published in the forum in the following days. We can notify you when this is live.

Apologies for the account suspension, we have reinstated your account. As long as no crypto-related snaps are uploaded before the new policy, it shouldn’t be suspended again for this reason. When the new policy is in place, you can reregister the snap name and our team will evaluate. Thank you for your understanding.


Hello Holly, thanks for your reply.

I have been able to log in to my UbuntuOne account, thank you very much.

Now, about recovering the app name that I had registered, I’ll await for the details about vetting it, but for now I can share that the last version of the snap package I published was generated by a public GitHubActions build-agent, and you can verify this from your side, because it was also uploaded as a build artifact before being published to the Snap Store.

In particular, if you go to see the last commits in the main branch ( you can easily locate this one titled “CI: add snap package publish job” ( and then if you click on the green tick icon (the CI status) and click on any “Details” link, it sends you to the CI status page: , from there you can click on “Summary” link, at the top-left, which sends you to a view where you can see the artifacts: , if you scroll down then you can see an artifact called “snap”. When clicking on it you are offered to download a file (please sign in, in GitHub, otherwise this “snap” artifact will not be offered for download as an hyperlink).

This file has a MD5 hash of 26449ff7577351484e0e9a200f616823, and if you decompress it, a file called packwallet_0.1.1_amd64.snap is inside it, with an MD5 hash of fc73c12c89b94db9a05d3d17a5b578c8, which you could compare with the snap file that was uploaded to the snap store (beta channel of ‘packwallet’ app name).

This demonstrates the link between what GitHubActions officially generated (so, linked to the sources of the github repository), and the published binary in the Snap Store. And if you look at the sources you will see that it is just a proof of concept command-line app that downloads a JSON file, parses it (with F# type providers), and prints some part of it. So, it is strictly speaking not a “crypto-related” app yet. And I only say “yet” because I was studying the LDK SDK (from the Block Inc. company: ) to start devising a very simple Lightning app, but I’m months away from it and I just wanted to reserve the name for now.

I mention this because the only way to generate a snap file that does not correspond with the sources in the repo would be to hack the GitHubActions system, something which I guess you can consider impractical, especially given that GitHub is now owned by Microsoft and you can assume their high security standards.

To not block my development for now, I’ve renamed the snap file in my repo to the new name dotnet-fsharp-helloworld instead of packwallet, and I’ve already pushed another build to publish it. This will ensure that my repo works on a CD (Continuous Deployment) fashion. But I would like to recover the app name I had reserved (that was taken from me when the massive blocking happened) for when my app is ready. So, can you give back the app name to my account? I don’t mind if you unlist the app and mark it private for now. I will only publish it as public when I have finished the app development (I estimate in about 3 months), which is when it would make sense to start any “vetting” process, because only by then it will be considered “crypto-related”.

Thanks very much.

1 Like

As long as the name doesn’t obviously belong to someone else (i.e. match a well established brand or domain name) then yes you should be able to get it back once we’re established the right policy for anything with ‘wallet’ in the name or functionality, and your bona fides. TO be clear - your bona fides are not in doubt at this stage, we’ve just learned we need to be very proactive in this area, beyond technical system security.

1 Like