Jump to content

Sharkey

Member
  • Content Count

    748
  • Joined

  • Last visited


Reputation Activity

  1. Like
    Sharkey reacted to jn_r in Ledger Nano S hacked   
    It is described here: https://support.ledger.com/hc/en-us/articles/360033801034
    It could happen to you, if you have BTC on your ledger, but it does not do any harm. BTC are in the form of UTXO (Unspent Transaction Output). The balance total you see on your Bitcoin address is the aggregate of all the UTXO's you own. If you spend a UTXO, it must be spent in its total. So most of the time there is some left-over, or change. This change is stored in another (derived) bitcoin address for the sake of privacy:
    https://support.ledger.com/hc/en-us/articles/360034336713-Receiving-address-changed 
    It is managed by your ledger, so it should be ok 
    Edit: I notice Sharkey was faster with his response ;-)
  2. Thanks
    Sharkey got a reaction from JannaOneTrick in Ledger Nano S hacked   
    @JannaOneTrick Please don't panic and I'm sorry if I panicked you.  I think this mess was due to my lack of understanding.  I just reinstalled the ledger Live and I think that what I believed to be "hacked" was actually part of the larger UTXO total, and the "change was assigned to a new BTC wallet address, which remains a part of my total account.
    Please read these two topics, and it will make more sense.
    https://support.ledger.com/hc/en-us/articles/360033801034-Change-addresses
    https://coincentral.com/utxo-beginners-explainer/
    A major lesson learned for me, and I appreciate everyone's help and very valuable resources shared here!  
     
     
  3. Like
    Sharkey got a reaction from Xrpiet in Ledger Nano S hacked   
    Thanks for this suggestion, and it's looking like you are correct!  Coincidentally, I just received a reply from Ledger support, and they believe this second transaction is part of the UTXO total.   Communication with Ledger support has been spotty, and I have to wait a day or so for each reply.  But the recent email indicates that the total balance in my Nano "account" is accurate, with the added 0.5 BTC transaction being part of the UTXO.   What I don't understand is that the wallet associated with this Nano has an incorrect balance, as per Blockchain Explorer.  It looks like there is a "change address" that is now associated with my account.  If that is the case, my account hasn't lost the BTC after all, but it is now in a second wallet address.  I have been reluctant to reconnect this Nano but will do as soon as I get time to format my Mac and reinstall Ledger Live, an an abundance of caution.  I will certainly keep everyone posted about this.  
  4. Like
    Sharkey got a reaction from Xrpiet in Ledger Nano S hacked   
    Please HOLD OFF on doing anything.  The BTC that I assumed was gone may have been added to a new BTC address, as the "change" from the UTXO total.  If that is the case, I was completely wrong, and I haven't been hacked. The question is whether the change address is actually part of my total account, and if it's safe for me to reconnect the Nano to verify.   I am in the process of trying to do that in a safe way, so I don't have another panic attack, LOL.  Will keep you all posted.  In the meantime, this topic is interesting, and worth a read, to better understand how Ledger works:
    https://support.ledger.com/hc/en-us/articles/360033801034-Change-addresses
     
     
  5. Like
    Sharkey got a reaction from Global in Ledger Nano S hacked   
    Thanks for this suggestion, and it's looking like you are correct!  Coincidentally, I just received a reply from Ledger support, and they believe this second transaction is part of the UTXO total.   Communication with Ledger support has been spotty, and I have to wait a day or so for each reply.  But the recent email indicates that the total balance in my Nano "account" is accurate, with the added 0.5 BTC transaction being part of the UTXO.   What I don't understand is that the wallet associated with this Nano has an incorrect balance, as per Blockchain Explorer.  It looks like there is a "change address" that is now associated with my account.  If that is the case, my account hasn't lost the BTC after all, but it is now in a second wallet address.  I have been reluctant to reconnect this Nano but will do as soon as I get time to format my Mac and reinstall Ledger Live, an an abundance of caution.  I will certainly keep everyone posted about this.  
  6. Like
    Sharkey got a reaction from jn_r in Ledger Nano S hacked   
    Thanks for this suggestion, and it's looking like you are correct!  Coincidentally, I just received a reply from Ledger support, and they believe this second transaction is part of the UTXO total.   Communication with Ledger support has been spotty, and I have to wait a day or so for each reply.  But the recent email indicates that the total balance in my Nano "account" is accurate, with the added 0.5 BTC transaction being part of the UTXO.   What I don't understand is that the wallet associated with this Nano has an incorrect balance, as per Blockchain Explorer.  It looks like there is a "change address" that is now associated with my account.  If that is the case, my account hasn't lost the BTC after all, but it is now in a second wallet address.  I have been reluctant to reconnect this Nano but will do as soon as I get time to format my Mac and reinstall Ledger Live, an an abundance of caution.  I will certainly keep everyone posted about this.  
  7. Thanks
    Sharkey reacted to jn_r in Ledger Nano S hacked   
    Are the transactions sent in 1 transaction? The transaction needs signing, one way or the other. I was thinking, a UTXO transaction can have multiple inputs and multiple outputs. Would the ledger show all the multiple outputs as receiving addresses? (your lap/desktop should have been hacked in the first place to change the transaction and add a second output)
  8. Like
    Sharkey got a reaction from Trisky in Ledger Nano S hacked   
    You can also just check your balance on 
    https://www.blockchain.com/explorer assuming you have your wallet address handy. 
  9. Haha
    Sharkey reacted to NightJanitor in Ledger Nano S hacked   
    Yup, odds are you're seen as a "liability"...  They probably ran out back to see their lawyers - who are standing around a 55-gallon drum full of business records, warming themselves - and yelled "hey, someone asked if doing something was 'safe'" - at which point all the lawyers turned around with wide eyes and told them to say NOTHING.
  10. Haha
    Sharkey got a reaction from XRPisVELOCITY in Ledger Nano S hacked   
    Ha, maybe I will.  I have a 9mm S&W that's been sitting in the vault for awhile, and i could use some practice.  
  11. Like
    Sharkey got a reaction from SCHUMIXRP in Ledger Nano S hacked   
    agree...they might be hiding behind their under-reported hack mess...can't say I'm sure they are unrelated. 
  12. Thanks
    Sharkey got a reaction from SCHUMIXRP in Ledger Nano S hacked   
    You can also just check your balance on 
    https://www.blockchain.com/explorer assuming you have your wallet address handy. 
  13. Haha
    Sharkey reacted to XRPisVELOCITY in Ledger Nano S hacked   
    Take your seed and move your funds to a new wallet somewhere else. Take the nano outside and shoot it. Shoot your computer while your at it.

  14. Thanks
    Sharkey reacted to LetHerRip in Ledger Nano S hacked   
    You notice that those links I posted about the vulnerability are over 2 years old, they probably have since found a way to sneak in a unauthorized transaction, hidden, along with the legitimate transaction at the same time. Clients who have purchased from Ledger, that data base info was also recently stolen from Ledger so they have probably been sending out malware to Ledger clients via email since they have all that info now and that might be how you go infected. Like I said the most important thing is to keep your wallet accessing PC offline and only for that purpose. Have an other PC for regular web surfing and stuff.
  15. Thanks
    Sharkey got a reaction from DavyJones in Ledger Nano S hacked   
    Wow, I was never expecting this to happen, and I hope that someone on this forum has an idea of how I should proceed. 
    I have three Ledger Nano S hardware wallets, and I have purchased all directly from Ledger's website.  I have never shared the seed phrases, have never stored them electronically in any way, never printed them, etc....and the Nanos themselves have been kept in a locked safe where no one has had access to them.  Also, the seed phrases are kept in a separate and secure area, where no one can access them.  This evening, I connected one of the Nanos to my Mac to make a transfer of some BTC to my Kraken account. I have been using the Ledger Live app through the App Store. Later this evening, when  I checked the sending wallet's balance, I discovered  that an additional 0.5 BTC had also been sent to an unknown BTC address, obviously without my knowledge.  I believe that I have taken all precautions possible, so I am pretty shocked. 
    Interestingly, there is still a BTC balance in the original sending address, so it was not all taken.  My questions are:
    WTF happened to allow this breach?
    How I can safely access the remaining BTC balance, as I am afraid to reconnect the Nano to the existing Mac, and using the same Ledger Live app??
    I have emailed Ledger, but don't really know if/when I will receive any help from them...ANY suggestions would be greatly appreciated!  Thanks! 
     
     
     
     
  16. Sad
    Sharkey got a reaction from SCHUMIXRP in Ledger Nano S hacked   
    My virus software is up to date and scans daily.  Also, I scanned the drive after this occurred to be sure. Nothing was found in the scan.  I use the virus software recommended by Apple (Malewarebytes Premium).  I was on the phone with Apple support for over an hour today, and also screen shared with the tech...they found nothing at all.  This is quite disturbing.  
  17. Thanks
    Sharkey reacted to jargoman in Ledger Nano S hacked   
    steps you could do to secure the account would be to enable a regular key and disable your master key. This is only useful if the attacker has the private key.

    This could be done without using the ledger at all and instead using your word list. It's a rather complicated process

    Go to this site and use your word list to extract your private key
    https://iancoleman.io/bip39/
     
    This online wallet is the only wallet I know of that can sign a tx from a private key (I may add support for private keys in one of the wallets I've created)
    https://ripplerm.github.io/ripple-wallet/
     
    Then you use your private key to set a regular key and disable the master key. (DO NOT disable your master unless you are certain you've set a regular key)

    After that you can use any wallet that supports signing with a regular key.



     
  18. Thanks
    Sharkey reacted to LetHerRip in Ledger Nano S hacked   
    https://bitcoinist.com/ledger-hardware-wallets-vulnerable-man-middle-attacks/
    https://www.hackread.com/all-ledger-hardware-wallet-vulnerable-to-man-in-the-middle-attack/
  19. Like
    Sharkey reacted to ixarepe in Ledger Nano S hacked   
    This indicates that it is possible to ‘sneak in’ an unwanted transaction which doesn’t require physical confirmation. That is troubling. Please let us know what Ledger comes back with. 
  20. Like
    Sharkey reacted to SCHUMIXRP in Ledger Nano S hacked   
    How terrifying. How how could one know if they were using an infected pc before it was too late. Run a virus check before using ledger again? 
  21. Like
    Sharkey reacted to DD_XRP in Ledger Nano S hacked   
    This freaks me out. I bought a ledger in 2017, set i up and never touched it again. 
    I allready freak out by the thought that one day, these zerps are worth a lot of money and I'll have to use the device to transfer them 
  22. Thanks
    Sharkey reacted to Trisky in Ledger Nano S hacked   
    I am sorry to hear about these issues @Sharkey. I would recommend to do nothing at this moment. It's important to analyse the issue thoroughly. This forum will probably be of little help imho.
    It's recommended to hold for a moment and get feedback from Ledger. Please provide them with accurate details. Also trace your steps and start with the beginning if you must do something.
    I believe the first step would be to confirm whatever you have done so far is legit and checked step by step with a Ledger dev. or their Support. After that worry about anything else happening behind the curtains. Things may look a certain way and because you take action you can fall into a trap as well. Be careful for that one and be sure to know your limitations for the moment if you're not tech savvy.
    And if something looks impossible; are there any impossible options you can 100% eliminate? Options knowing what is where besides you? A terrible thought of course  but nonetheless. From my line of work I can tell 95% of all issues are user 'mistakes', something to think about perhaps. There are many angles to cover and we here know little. But you should eventually.
    I hope you can recover your losses, best of luck.
  23. Thanks
    Sharkey reacted to LetHerRip in Ledger Nano S hacked   
    Also do you have the latest firmware on your Nano? Previous versions where vulnerable to this exact man in the middle attack. You need to make sure you running the latest Ledger Live software as well as having the latest version firmware on your Nanos.
  24. Thanks
    Sharkey reacted to LetHerRip in Ledger Nano S hacked   
    Yes, that means you where subject to a man in the middle attack, the problem is most likely on your Mac. They need you online using the infected PC to be able to perform the attack. If a hacker had your seed he would empty your wallet at any time without the need of your connected PC and Ledger. Check you BTC account if no crypto has moved since you should be safe for now. Format you PC, and re install ledger live from the official site. Don't use the same PC system to trade crypto as you use normally on a daily biases to surf the net. Have your trading system upto date and a good full security system software installed.
  25. Thanks
    Sharkey reacted to SCHUMIXRP in Ledger Nano S hacked   
    Hang in there I'm sure you'll hear from them. I hope for a good out come for you. Sorry I can't be of any help. 
×
×
  • Create New...