You buy a hardware device to store your coins with greater security and lose them, demoralizing
It is better to buy direct from the manufacturer even if the price is higher
Thanks for sharing
Topic: Even if you buy a hardware device from an authorised reseller, you need to check - page 2. (Read 293 times)
October 26, 2020, 05:54:39 AM
October 26, 2020, 05:28:27 AM
Now that we’re on the matter of Ledger issues as of late (this is also applicable to other hardware wallets), while trying to find a screenshot of the fake Ledger Live related to the latest phishing attempt, which presumably asks you to reset your pin, and requires your 24 mnemonic to do so (see Warning - Ledger phishing emails!), I came across a relatively recent thread on Reddit.
On that thread, a person explained how his friend (allegedly) bought a Ledger Nano S at Amazon UK (sold by Ledger, fulfilled by Amazon), only to find that the device had come with a default pin, and a prefilled 24 word mnemonic. The friend, unaware that this is not how it should be, moved some BTC onto one of the device’s addresses, only to see it vanish a week later.
Likely, someone bought the device, initialized it, printed a fake prefilled 24 mnemonic card, and returned it to Amazon. The person at Amazon who received the returned package had no clue that the device had been tampered with, and likely place it back for resell on the shelf (note: sensitive material such as this should always be sent back to Ledger in my opinion). It could also have been a rouge employee.
The moral of the tale: even if you purchase the device through an authorised reseller, you need to make sure the device has not been tampered with (as is the case, allegedly).
Corollary to the moral of the tale: Resellers should install a protocol that sends these returned devices back to the manufacturer, always (and, in turn, the manufacturer should review the product properly before even considering placing it back for sale).
See: https://www.reddit.com/r/ledgerwallet/comments/je8o4m/friend_got_btclink_stolen_on_ledger_wallet/
On that thread, a person explained how his friend (allegedly) bought a Ledger Nano S at Amazon UK (sold by Ledger, fulfilled by Amazon), only to find that the device had come with a default pin, and a prefilled 24 word mnemonic. The friend, unaware that this is not how it should be, moved some BTC onto one of the device’s addresses, only to see it vanish a week later.
Likely, someone bought the device, initialized it, printed a fake prefilled 24 mnemonic card, and returned it to Amazon. The person at Amazon who received the returned package had no clue that the device had been tampered with, and likely place it back for resell on the shelf (note: sensitive material such as this should always be sent back to Ledger in my opinion). It could also have been a rouge employee.
The moral of the tale: even if you purchase the device through an authorised reseller, you need to make sure the device has not been tampered with (as is the case, allegedly).
Corollary to the moral of the tale: Resellers should install a protocol that sends these returned devices back to the manufacturer, always (and, in turn, the manufacturer should review the product properly before even considering placing it back for sale).
See: https://www.reddit.com/r/ledgerwallet/comments/je8o4m/friend_got_btclink_stolen_on_ledger_wallet/
Jump to: