Pages:
Author

Topic: Fake Security Vulnerability: Ledger Nano X and Ledger Nano S? (Read 367 times)

legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
im confused here.  So they want you to download something but isn't the nano ledger x and s not hackable?

Please stop bumping old topic with stupid questions, don't you know how to read? How can you be confused by something that is explained in a way that a child of 10 years can understand? Maybe you should stick to traditional banking, though I believe you have a problem with that as well, because you are not adopting the information you are getting. I have a feeling that at some point you will do something stupid and lose everything you have in crypto...



I'm not actually aware of anyone who fell for this phishing attempt (at least I didn't see anyone posting about having used the "Ledger SE Checker" and then losing all their coins Tongue)

There is warning about this on Reddit some 6 months old, and when it started I remember few users who were naive enough to share their seed with hackers. One is lost 600 ZEC (some $16k at that time), other $30k worth of BTC...
legendary
Activity: 2730
Merit: 7065
im confused here.  So they want you to download something but isn't the nano ledger x and s not hackable?
Phishing and hacking are two different things. Your device wouldnt get hacked. The tool wants you to enter your seed words and send them to the hacker. It has been said many times before that the seed should never be entered into a software. It is only meant to be looked at on the hardware wallet.
HCP
legendary
Activity: 2086
Merit: 4361
It's an old warning about an old phishing email that some users received. It attempted to get the user to download something and I believe input their 24 word seed mnemonic.

I'm not actually aware of anyone who fell for this phishing attempt (at least I didn't see anyone posting about having used the "Ledger SE Checker" and then losing all their coins Tongue)
full member
Activity: 1750
Merit: 186
im confused here.  So they want you to download something but isn't the nano ledger x and s not hackable?
legendary
Activity: 3472
Merit: 1724
for fun, try to break into your main emails accounts on a fresh computer (ie one thats never logged into that email account before) by clicking "forgot password" link and seeing how far you get. you may be surprised.

Coinbase (? - probably them, IIRC) had a long guide somewhere instructing users how they can setup their gmail account to make it practically impossible for anyone* ever to recover access should a stranger try to hijack someone's account or should the original owner forget the password. Smaller or lesser known email providers might be more susceptible to social engineering attacks. Same goes for registrars and hosting providers if someone's using an email with their own domain name.

*realistically speaking, google may change their policies, their employee(s) can go rogue, etc.
hero member
Activity: 1680
Merit: 583
xUSD - The PRIVATE stable coin - Haven Protocol
Ledger is, from my poin of view and experince, a great crypto company
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
The Pharmacist, there is another thread with same topic and it was concluded that there was no hacking on Ledger's email database. The person who received the email in question says the following :

Yeah, I was using this mail in some bounties and airdrops years ago, not a lot of them, but one wrong is enough, usually I use a telegram bot (TempMail) that is generating an unique email box for bounties and airdrops
It’s good to know that other Ledger users didn’t recieve this mail cause that can be a proof that nothing inside the Ledger system has been hacked or list leaked

I think Ledger is too serious company to allow itself to sell its databases like some others (Facebook), and that they make decent money from the sales of their devices. However, all that is needed is a corrupt or perhaps careless employee, because most hacking shows that people are the weakest link when it comes to security.
legendary
Activity: 3528
Merit: 7005
Top Crypto Casino
I wonder how you and/or anyone received that email? I'm a subscriber of ledger and never received such kind of email.
I didn't get the e-mail either, but now that I think about it I don't know if I ever gave them my primary e-mail address or not.  How would scammers get access to Ledger's database of e-mail addresses anyway?  Did they get hacked, did Ledger sell them?  Just thinking out loud there.

You should absolutely be using different email addresses for different things.
I'll keep protonmail in mind--I'd never heard of them before.  But boy, I hate using multiple e-mail addresses--I have a couple of different ones, but I don't even use e-mail much anymore so it's a pain in the ass to keep checking several of them.  Fortunately spam filters are so much better than they used to be in the early days of the internet.  I always hated getting adverts for sex toys and Viagra and the like, not to mention all the scam attempts.
legendary
Activity: 4354
Merit: 3614
what is this "brake pedal" you speak of?
You should absolutely be using different email addresses for different things. As well as helping to prevent this kind of thing from happening, it also increases your security as an attacker gaining access to one email account can't try to reset passwords on every online account you own, and it also increases your privacy by not linking your crypto activities to the rest of your details.

Just be careful when choosing email addresses as recovery email addresses on each email account so that one compromised account doesn't result in other accounts getting hacked.

also try to use 2FA on any important emails accounts. not a text message to a phone number that can be taken over, something OTP based like google 2fa (or its open source equivalents).

for fun, try to break into your main emails accounts on a fresh computer (ie one thats never logged into that email account before) by clicking "forgot password" link and seeing how far you get. you may be surprised.
legendary
Activity: 3472
Merit: 1724
You should absolutely be using different email addresses for different things. As well as helping to prevent this kind of thing from happening, it also increases your security as an attacker gaining access to one email account can't try to reset passwords on every online account you own, and it also increases your privacy by not linking your crypto activities to the rest of your details.

Just be careful when choosing email addresses as recovery email addresses on each email account so that one compromised account doesn't result in other accounts getting hacked.
hero member
Activity: 1680
Merit: 583
xUSD - The PRIVATE stable coin - Haven Protocol
Tnx for the link and for the suggestion
I will consider your advice and take an action asap

Best regards
legendary
Activity: 2268
Merit: 18748
I have to make a new private email
You should absolutely be using different email addresses for different things. As well as helping to prevent this kind of thing from happening, it also increases your security as an attacker gaining access to one email account can't try to reset passwords on every online account you own, and it also increases your privacy by not linking your crypto activities to the rest of your details.

Have one email for work/university/school, have one for fiat finances like online banking, bills, credit cards, online shopping, have one for personal things like friends, social media, and have one for financial crypto sites such as exchanges. For everything else, particularly ICOs or bounty campaigns, make a completely new throwaway address or use one of the many temporary email address generators to sign up.

For your main email addresses, you should also be looking to use a privacy respecting provider. Protonmail is widely recommended, but you can find other good providers here: https://www.privacytools.io/providers/email/
hero member
Activity: 1680
Merit: 583
xUSD - The PRIVATE stable coin - Haven Protocol
I wonder how you and/or anyone received that email?
He used the email in connection with a bounty or airdrop most probably. Just like big_daddy in a different thread.
Yeah, I was using this mail in some bounties and airdrops years ago, not a lot of them, but one wrong is enough, usually I use a telegram bot (TempMail) that is generating an unique email box for bounties and airdrops

All that data is posted freely in the google sheets for bounty campaigns so it is easy for scammers to compile it in a database and do what they want with them.

Yup
That’s true
I checked my address here https://haveibeenpwned.com/
And it’s not good Sad

I have to make a new private email...
Shit.
legendary
Activity: 2730
Merit: 7065
I wonder how you and/or anyone received that email?
He used the email in connection with a bounty or airdrop most probably. Just like big_daddy in a different thread.
Yeah, I was using this mail in some bounties and airdrops years ago, not a lot of them, but one wrong is enough, usually I use a telegram bot (TempMail) that is generating an unique email box for bounties and airdrops

All that data is posted freely in the google sheets for bounty campaigns so it is easy for scammers to compile it in a database and do what they want with them.
legendary
Activity: 1498
Merit: 1117
i did not receive the message in the inbox of the account i used to communicate with ledger. just in a "spam-account".
legendary
Activity: 3234
Merit: 1375
Slava Ukraini!
I wonder how you and/or anyone received that email? I'm a subscriber of ledger and never received such kind of email. Most probably your/their email was used on some cloud minings, bounty campaigns, ico, etc. and was sold to these scammers, that's why people keep receiving emails from scammers.
I also didn't received this email. You and me subscribe emails from Ledger, so it probably means that they received email of OP and some other people from somewhere else. Internet is full of offers to buy databases of emails from ICO's, bounties or hacked websites. Also, it's possible that OP posted his email somewhere in public.
copper member
Activity: 2142
Merit: 1305
Limited in number. Limitless in potential.
I wonder how you and/or anyone received that email? I'm a subscriber of ledger and never received such kind of email. Most probably your/their email was used on some cloud minings, bounty campaigns, ico, etc. and was sold to these scammers, that's why people keep receiving emails from scammers.
legendary
Activity: 2730
Merit: 7065
Could an admin maybe merge this thread and its posts with this one? https://bitcointalksearch.org/topic/security-vulnerability-ledger-nano-x-and-ledger-nano-s-5196022
I just think that all the posts of those two threads should be in one place as they are discussing the same issue.
legendary
Activity: 2702
Merit: 4002
The degree of success of this type of fraud depends on the extent of users' anxiety.
people behave irrationally when deciding in a hasty, so the warning is always strongly worded and recommends fast downloading.
Besides, the user does not verify the official website but follows the link sent to him.

Always check out decentralize sites such as forums, the official site can be hacked.
legendary
Activity: 2352
Merit: 6089
bitcoindata.science
You did correct. Check official website before doing anything
Personally, I never plug in my hardware wallet, just when I need to do transactions (few times a year).
Never plug it just to install something, you don't need. Your coins are safer away from the computer
Pages:
Jump to: