Sharkey Posted August 11, 2020 Share Posted August 11, 2020 Wow, I was never expecting this to happen, and I hope that someone on this forum has an idea of how I should proceed. I have three Ledger Nano S hardware wallets, and I have purchased all directly from Ledger's website. I have never shared the seed phrases, have never stored them electronically in any way, never printed them, etc....and the Nanos themselves have been kept in a locked safe where no one has had access to them. Also, the seed phrases are kept in a separate and secure area, where no one can access them. This evening, I connected one of the Nanos to my Mac to make a transfer of some BTC to my Kraken account. I have been using the Ledger Live app through the App Store. Later this evening, when I checked the sending wallet's balance, I discovered that an additional 0.5 BTC had also been sent to an unknown BTC address, obviously without my knowledge. I believe that I have taken all precautions possible, so I am pretty shocked. Interestingly, there is still a BTC balance in the original sending address, so it was not all taken. My questions are: WTF happened to allow this breach? How I can safely access the remaining BTC balance, as I am afraid to reconnect the Nano to the existing Mac, and using the same Ledger Live app?? I have emailed Ledger, but don't really know if/when I will receive any help from them...ANY suggestions would be greatly appreciated! Thanks! panmores, DavyJones, stickynoodle69 and 1 other 1 3 Link to comment Share on other sites More sharing options...
Panzer_Kitteh Posted August 11, 2020 Share Posted August 11, 2020 Do you use a clean device when using your Nano S? My question isn't going to help you, but I've always suspected that the Nano S can be compromised by some man-in-middle attack when using it from your office or family PC. Sharkey 1 Link to comment Share on other sites More sharing options...
Sharkey Posted August 11, 2020 Author Share Posted August 11, 2020 Do you mean the actual computer? It's mine, and no one else has ever used it. it's about a year old. Link to comment Share on other sites More sharing options...
Panzer_Kitteh Posted August 11, 2020 Share Posted August 11, 2020 (edited) @Sharkey I wonder if it's related to this? https://decrypt.co/37063/bitcoin-wallet-ledgers-database-hacked-for-1-million-emails The firm specified that more detailed personal information was leaked in 9,500 cases, including phone numbers, postal addresses and what product they purchased. The announcement added that, "More detailed personal information could have been exposed." Edited August 11, 2020 by Panzer_Kitteh panmores and Sharkey 1 1 Link to comment Share on other sites More sharing options...
NightJanitor Posted August 11, 2020 Share Posted August 11, 2020 (edited) Some 15 year old in Europe broke these things with alligator clips and an oscilloscope like 4 years ago, before they could connect to anything. Once they added flash memory for downloadable firmware updates, I knew the news was going to get worse, in time. Then came the "sorry, we leaked all client data" - probly time to extract keys/seeds and make like a tree... Edited August 11, 2020 by NightJanitor Link to comment Share on other sites More sharing options...
FOOD Posted August 11, 2020 Share Posted August 11, 2020 Looks like you didn't fall victim to this, but to be sure, never provide your seed to anybody/site... I recall a scam involving a fake ledger live site that requested the seed (which would never be asked for as that defeats the purpose of the ledger nano)... https://cointelegraph.com/news/fake-ledger-live-chrome-extension-stole-14m-xrp-researchers-claim If you provided your seed, you have been scammed and I would transfer all assets to an exchange or one of your other devices (assuming same situation does not relate to them).... infact, I would probably to that regardless... I'm sure you will hear back from Ledger and I am sure they will want the transaction hash... do you want to share that here? Sharkey, Trisky and stickynoodle69 2 1 Link to comment Share on other sites More sharing options...
Dario_o Posted August 11, 2020 Share Posted August 11, 2020 (edited) 5 hours ago, Sharkey said: Wow, I was never expecting this to happen, and I hope that someone on this forum has an idea of how I should proceed. I have three Ledger Nano S hardware wallets, and I have purchased all directly from Ledger's website Did you receive any weird email from a stranger with some attachment lately? And did you open what was looking like a safe file (MP3 / MP4 / JPG / PDF)? It's plausible some hacker sent you a trojan and took control of your computer . Edited August 11, 2020 by Dario_o stickynoodle69 and Sharkey 2 Link to comment Share on other sites More sharing options...
Sharkey Posted August 11, 2020 Author Share Posted August 11, 2020 12 minutes ago, Dario_o said: Did you receive any weird email from a stranger with some attachment lately? And did you open what was looking like a safe file (MP3 / MP4 / JPG / PDF)? It's plausible some hacker sent you a trojan and took control of your computer . Thanks, but I haven't opened any attachments or files from anyone I don't know. But I wonder if there's an issue with the Ledger Live app, after reading more online about the vulnerabilities. Link to comment Share on other sites More sharing options...
Sharkey Posted August 11, 2020 Author Share Posted August 11, 2020 2 hours ago, EcneitapLatnem said: Looks like you didn't fall victim to this, but to be sure, never provide your seed to anybody/site... I recall a scam involving a fake ledger live site that requested the seed (which would never be asked for as that defeats the purpose of the ledger nano)... https://cointelegraph.com/news/fake-ledger-live-chrome-extension-stole-14m-xrp-researchers-claim If you provided your seed, you have been scammed and I would transfer all assets to an exchange or one of your other devices (assuming same situation does not relate to them).... infact, I would probably to that regardless... I'm sure you will hear back from Ledger and I am sure they will want the transaction hash... do you want to share that here? The Ledger Live app that I used was downloaded from the App Store. I have used it without any issues for some time. I was not prompted to provide the seed. I do want to move the remaining BTC to an exchange, but I'm actually afraid to use the Nano (or the app) again before learning how to rule out both of those as the source of the breach. I have sent the info to Ledger and included the transaction hash. I'm somewhat reluctant to share the hash on this forum, although I am very motivated to solve this problem, and know I can't do so without expertise. I really appreciate your thoughtful suggestions, thanks! Cesar1810 and FOOD 1 1 Link to comment Share on other sites More sharing options...
Sharkey Posted August 11, 2020 Author Share Posted August 11, 2020 5 hours ago, Panzer_Kitteh said: @Sharkey I wonder if it's related to this? https://decrypt.co/37063/bitcoin-wallet-ledgers-database-hacked-for-1-million-emails Thanks, and I did see this. Ledger had recently sent emails out to inform customers about this issue. The email, and also the description on their site seems to be adamant that any data impacting the hardware was not impacted. But now, I don't feel as sure about that, given the "coincidental" timing of this mess. If I get any helpful response from Ledger, I will post it here, if that could be helpful to anyone else. Link to comment Share on other sites More sharing options...
FOOD Posted August 11, 2020 Share Posted August 11, 2020 I understand that completely @Sharkey and I wish the best outcome for you! Sharkey and Cesar1810 1 1 Link to comment Share on other sites More sharing options...
LetHerRip Posted August 11, 2020 Share Posted August 11, 2020 7 hours ago, Sharkey said: Later this evening, when I checked the sending wallet's balance, I discovered that an additional 0.5 BTC had also been sent to an unknown BTC address, obviously without my knowledge. The unauthorized transaction happened at the same time as the transaction you willing performed? Sharkey 1 Link to comment Share on other sites More sharing options...
SCHUMIXRP Posted August 11, 2020 Share Posted August 11, 2020 Jeeese this is scary, I'm really sorry. Did you ever do any of the device updates? Sharkey 1 Link to comment Share on other sites More sharing options...
Sharkey Posted August 11, 2020 Author Share Posted August 11, 2020 5 minutes ago, SCHUMIXRP said: Jeeese this is scary, I'm really sorry. Did you ever do any of the device updates? Thanks, and yes, I actually did do a device update yesterday, just before the "nightmare" began...hard to imagine that this would be the source, but I really have no idea. Still haven't gotten a word back from Ledger. Link to comment Share on other sites More sharing options...
Sharkey Posted August 11, 2020 Author Share Posted August 11, 2020 29 minutes ago, LetHerRip said: The unauthorized transaction happened at the same time as the transaction you willing performed? Yes, does that have a significance at to the source of the breach? Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now