Topic: Fraudulent transaction along with the correct one(Ledger Nano S + Electrum) (Read 600 times)

20kevin20, why you did not read my post about change path attacks? What you are referring to is something completely different, and if you read the topic from the beginning it is quite clear that OP is not a beginner and that he has not downloaded a fake wallet. If that was the case, then the attacker would have emptied his entire wallet, because in that case he would have access to everything.

You also forget that OP uses a hardware wallet, and Electrum is just a UI. Any action need to be approved by clicking button on Ledger, no modified Electrum is capable of it (as far we know).

I'm afraid this is much more complicated than any ordinary hack we've seen before.

Well, they tried, but I guess that without having access to the machine they only can try to replicate the bug using the high-level specs (Windows 10 1903/Electrum 3.3.8/Device firmware 1.6.0 BTC app 1.3.16).
Considering how widely used this setup is, and given that I didn't manage to find anything similar reported in the last 6m/1y, it's not so surprising that it's very hard to replicate otherwise hundres/thousands of reports would be made ...

I see. I'll have to arrive home and I'll look more things up to see if I find anything helpful.

I'm honestly surprised Ledger didn't try helping you out with finding where the problem is, knowing it could turn out to be a huge vulnerability nobody's found before.. especially because it's supposed not to be able to send any tx without physical confirmation..

Yes the malicious servers were sending a link to a malware advertising it as update in the wallet's GUI, but I didn't get this sort of message as I only installed the 3.3.8 version which doesn't allow this anymore (and thus didn't do the "update"). So even if the two servers mentioned were part of that attack, I don't see what they could have done in my case ...
And even if the 3.3.8 I installed from the official website was still a malware (because I didn't check the PGP signature on my initial download) I still can't see how the fake Electrum managed to hide the fraud transaction in Ledger's display.

If anyone could modify Electrum in a way in which it can by itself do this (without having access to the physical device) then I would consider my problem "solved" ...

It's not that you've downloaded a compromised wallet. From my understanding, there was an exploit in the official version of Electrum that let hackers display a fake update notification. Those who've updated through that notification have updated to a modified version of Electrum.

And if I got it all right, I believe the servers removed by MB were servers through which you've got the malicious update of your Electrum.

If you read the MalwareBytes article, you'd get an idea of what has probably happened.

So I gave a Google search of the two servers you've mentioned in the third post of this thread. A Google search of "exs.ignorelist.com phishing" resulted in a report from MalwareBytes, and I don't believe it's a coincidence.

Something smells fishy to me here. I've taken a look over all the posts on this thread and, according to #4, the address 34Y6nb5SRxAGkozUpyKa59Qq7f87acC98s, which OP confirmed was one of the addresses he used as an input in one of his transactions, is listed right next to its private key on https://bitkeys.work/?page=725.

I'm confused, to be honest.

Edit: apparently the website generates a random private key for the richest wallets, hoping to collide with the address.. I thought it was one of these "all BTC private keys" websites.

Still, the Google search I've done linked me to the report above. Hence, OP might've downloaded an infected Electrum wallet..

Edit 2: I've done another search for the second server MalwareBytes categorized as a "Phishing". According to this link I found,

In other words, OP has fallen victim to a phishing attack... Press CTRL + F and look for "exs.ignorelist.com" and "endthefed.onthewifi.com", you can find them in the code above. I'm sorry, OP. Please take measures ASAP to secure all your funds before they'll steal more out of your wallets..

---

Considering your wallet is compromised, I can assume you might also have other compromised softwares installed on your computer. Therefore, I'd suggest switching the internet off on the computer you've got Electrum on (or plugging out the Ethernet cable), backing up everything important (don't forget to backup the wallet.dat files!!!!) and doing a fresh, SECURE complete wipe out and reinstall of the operating system.

If you connect your computer to the internet again after reinstalling the OS, please make sure the software you install is legit.

We're talking about very large amounts at stake, so taking appropriate measures against phishing might save you from another disaster. I really wish I could've helped with the recovery of your funds..

---

Apparently my attempt to do an extensive research of the MB detection from the first few posts of the thread turned out to be just a shitty failure in the end. Will try to look up the change path scenario Lucius has linked and anything useful will be posted on the thread.

Look at post number 10 in this topic, there is link which explain change path attack, which for now is the only thing that makes sense, because apparently the missing assets were not actually stolen, but were hidden somewhere in Ledger. It is also strange that only one problematic transaction took place and that the OP successfully moved the rest of the coins to safety without repeating a similar incident.

The OP contacted Ledger, but to my knowledge, they were unable to help him. It might make sense to contact Saleem Rashid who showed a great deal of knowledge 2 years ago when he discovered some vulnerabilities in Ledger Nano S. I see he is still active and there is e-mail/twitter in his contact info :

https://saleemrashid.com/

I'm still wondering in what circumstances this possible hack took place. One thing I can think of is that someone might've physically altered your device to get the funds transferred from your device to their wallet, although the chances are slight considering not many know what the hell a Ledger even is. But it's worth giving it a thought.

Otherwise I have no idea what the hell could've happened.. Have you tried contacting Ledger? Maybe they've got the right person to help you out. AFAIK, in these cases they'll ask you to send the possibly compromised device for further testing.

Bought the Ledger Nano S from their website more than 2 years ago, did multiple transactions during this time with it without any issues.
Can't exclude the fact that the firmware was somehow compromised during this time, even if I don't know how it's possible to do it.
Didn't open the device to check if it's genuine yet, in case it gets to the police and they need it.

About the malware that replaces Ledger Live and asks for the seed (or any other malware/social engineering attack that asks for the seed), it didn't happen ... 

from where you bought your Ledger? maybe it is fake, or you upgraded firmware with a fake one that do dirty thing just once (just a suggestion)
 
check your device:
https://support.ledger.com/hc/en-us/articles/360002481534-Check-if-device-is-genuine
https://support.ledger.com/hc/en-us/articles/115005321449

also look here:
https://www.reddit.com/r/ledgerwallet/comments/bhb2o2/warning_weve_detected_a_malware_that_locally/

Hi,
The "false" transaction appears in the Ledger Live as well, even with "Extended account search" (what does this even do precisely ? what derivation paths does it look into ?) and Custom gap limit = 999 ...
Additionally, I generated about 50m addresses from my mnemonic with the most used derivation paths and variable ranges where I thought the coins might be, but didn't manage to find this address ...

I honestly looked a lot into this and I couldn't find anything similar to this described over the internet (well, at least not recently) so I think that the conditions needed to replicate this bug/exploit are very specific, I wouldn't worry about it too much if i was you ... (hell, if you manage to replicate this, you can claim a bounty with Ledger which in most cases will be bigger than the lost amount ...).
When sending the remaining coins to a custodian afterwards, I restored my wallet from the seed to a new Ledger device and used the new one to sign on an offline machine the last transaction which went through properly, so I guess you can do this if you're worried ...

Have you tried creating a wallet account on Ledger Live to see if the BTC shows up as missing there too? If it's an Electrum bug, it must show up in Ledger Live. I think Magnum Wallet (no need to download it) works as well with the Bitcoin wallet on your Nano S. Suggesting this in order to see whether it's Electrum's fault or there's a serious security risk with the hardware wallet. If the latter is the case, then I gotta put mine away for the time being. 

Thank you for your answers.
Indeed, when I make any transaction I assume my OS is compromised so I check properly the details on my screen.
Even in this case, I did check them properly (the proof being that the first intended transaction was properly sent).
The only way for me to accidentally accept another transaction would be after pressing the "Validate transaction" for the first one, to press "accidentally" a few times the right button without looking at the new transaction details and then validate it by pressing both buttons, which, while not impossible, is very hard to believe ...

I'm still scratching my head on this btw, so if someone at least has other ideas on how it might have happened (even assuming compromised OS etc) please let me know.

I'd guess that OP would have seen on his Ledger the new transaction he has to confirm and would have rejected it...
And in such a case this whole topic would have no substance.

Actually it is very well imaginable that your OS is compromised.

Nothing stops malware from generating transactions and sending them to your ledger for your to accept/verify them.
A locktime of 1 could mean that the person creating the malware/transaction simply just wanted to have the tx to be confirmed as fast as possible (i.e. can be confirmed in the next block) without checking the current block etc.

The safety which comes from using a hardware wallet is, that the transaction details shown to you on the HW screen can not be manipulated and that you actively have to confirm the transactions by pressing a button.
But if your OS is compromised, he definitely can just create transactions and send them to your HW wallet in hope for you to accept them. Waiting until one is created by electrum seems a not too dumb move which might have caught some people off-guard.


And honestly i'd think that your OS is compromised, than that this is a bug from electrum and/or ledger.

Unfortunately, I just cited one pretty harmless example that was easily fixable because it was my recklessness and ignorance about how Ledger checks all the generated addresses. This of course could be corrected with Electrum gap limit increase, but in the case of OP, something made a transaction which he did not approve, and for which he could not determine whether it was a hack or a change path attack.

The only positive thing about this is the possibility that it is an address that is possibly part of a wallet, but as far as I understand from the description of the attack, finding that address is extremely difficult.

This might be the solution here, one can only hope. 

It's disturbing because it seems like this points to a bug with either the Ledger or Electrum.  I don't see anything the OP could have done to cause it, so it's probably not an operator error.  I use a different hardware wallet myself, but I use Electrum, and own a Ledger.  If this an issue with Electrum it may not be limited to one brand of hardware wallet, which is quite concerning.

Hi Lucius,
Unfortunately nothing new for now. I've generated about 50m addresses from my mnemonic seed by now on the derivation ranges I thought probable, but no luck so far.
I'm pretty much trying to understand what happened at this point, can't do much without knowing what went wrong, generating addresses is a shot in the dark.
I guess I'll need to get the help of a digital forensic and try to find a trace of the receiving address on my machine.

Electrum_LedgerNS_Issue, is there any new information regarding your case? I see that the problematic transaction is still intact/unspent which can be a good sign (if it is not in the classical hack), which means that there is still hope for a solution.

I have something similar in past when I play with change address from Ledger, and one transaction was invisible because Ledger Chrome app was set to not check all addresses. I fix that in Electrum with increasing the gap limit. If only the solution would be so easy in your case...

I'm hoping more that it's a bug instead of a change path attack (which indeed is supposed to be fixed, so at the very least it's not exactly the same attack), but given that the Ledger is supposed to NOT show only transactions towards the change addresses, I have some hope albeit small.

Thanks for your input.

What is weird that I personally have never been alerted by MB (using the premium version) regarding the Electrum servers, which may just be a coincidence, even though I have the servers set to automatic.

I must admit I've never heard of change path attacks, and it will be really weird if this is the case here, because that's supposedly should be fixed. If I understand correctly, in this case, the attacker actually initiates a transaction that does not allow him to access to the funds, but by changing the path hides the funds and then requests a ransom for info where coins are located.

I cannot technically say how this can be done, but there may be a possibility that some of the servers you mentioned may still be guilty of this, although this is just one of the options.

I see you've taken the right steps in trying to find where the coins ended, and I really hope you can find them. I would only advise others to be careful until it is revealed exactly what happened in this case.

Hi,

These "pages" seem to be Electrum servers (you can see them in your own server list probably).
When I downloaded Electrum I didn't check the PGP signature initially.
After the incident, I looked into my browser history (the link was correct), accessed the link from history, downloaded again the installer and checked the signature which verified.
It's possible my initial install was corrupted, not very probable though.
Also, I'm running an algo on an offline machine right now with the seed to derive possible addresses.
Parameters: m/bip'[0,44,48,49,84]/0'/account'[0-100]/visibility[0,1]/index[0-5000]
Will also test indexes up to 50k on 49 afterwards (based on this github.com/LedgerHQ/ledger-app-btc/pull/90).
If you have any other ideas where to look for, shoot.

Also, it is indeed possible that It was a targeted attack, but unfortunately this doesn't get me any further in understanding how it was done

Thanks

The hardware wallet should be safe to use even on an infected computer, but it's just an assumption based on what we know, which certainly doesn't mean that some clever hacker didn't find a way to circumvent the protection that Nano S should provide.

Now that you have shown us both transactions, I can see that these are really large amounts and that you may be the victim of a very targeted attack, so you have to wonder who all knew that you owned such a significant amount of BTC.

On the other hand, when I look at the first legitimate transaction, I notice that second transaction is had fee of only 200 satoshi, compared to the first one that had a 5x higher fee. Hackers in such cases usually place a maximum fee to get confirmations as soon as possible. Considering this, it is possible that this is some kind of bug in Ledger or in Electrum, and that coins are still in your wallet, but in an address that you can't see for some reason.

I can confirm that both of the pages you cited are really blocked by MB, one because it contains exploit and the other because of phishing. If MB is blocking those sites, do you visit them or this is happening when you surf on some other site which is maybe try to redirect you to that sites?

Can you confirm that you downloaded Electrum from the official site https://electrum.org/#home , and did you maybe verify GPG signatures of downloaded files before installing?

Yes, I'm banging my head against the wall for two weeks now and can't still figure what happened (bug or exploit ?) or at least how ...
Didn't raise an issue in the github, will do.
Thanks for your reply

That is indeed a puzzle... I've honestly never seen anything like this. I would hazard a guess that it was a bug... as the UTXO generated is still unspent and given the current price of BTC, I would expect it would have been moved/sold by now if it was 'stolen'.

Quite how you can "accidentally" sign a second transaction is a complete mystery and it seems it would be incredibly difficult to replicate the issue. I've certainly not experienced anything similar.

If Ledger support are unable to assist, I doubt anyone here will be. Have you tried raising an issue on the Electrum github? https://github.com/spesmilo/electrum/issues

Yes that was me, I moved everything before posting the transaction IDs, seed still safe ...

Did you also create this transaction today?: https://www.blockchain.com/btc/tx/362b50e056ec340a8be9204885a9c8c65d333c494d8b3f791faff7d8eeb8c255

It appears that another lot of UTXOs from that address: 34Y6nb5SRxAGkozUpyKa59Qq7f87acC98s (along with UTXOs from other addresses) were consolidated into 39ycTMCUiC7yqABzR1sdaTbUhsGFi7cQ2Z. If you didn't execute this transaction, it's likely that your seed has indeed been compromised.

Thanks for your reply.
Indeed, I searched my PC trying to find traces of the address string and I didn't get anything, thus either a script injected it then deleted itself either it was derived by Ledger somehow with a wrong derivation path.

I've tried recreating the bug the same day with a different Ledger which had the keys on a much smaller account and didn't manage to recreate the behavior.

As for security, only Avast and the Windows firewall at the time when the incident happened.
Downloaded Malwarebytes after it happened and ran a scan - only some PUPs but the realtime protection detected 2 things afterwards: Malicious site "exs[dot]ignorelist[dot]com pointing to electrum-3.3.8.exe and qualified as an exploit and endthefed[dot]onthewifi[dot]com pointing to electrum-3.3.8.exe qualified as "Phishing", so this might be a lead even if I don't see what a server can do to cause this.


Greatly appreciate any help or ideas.
Thanks

I have to admit that this is the first time I've ever heard of a case like this, and it's really weird this happened to you. I see that you are not a beginner and that you understand the basics on which a hardware wallet works, so I will not doubt that everything you wrote is true.

Assuming you have legitimate software (Electrum, firmware in Nano S and legit Windows 10) I would personally assume it was some sophisticated malware that somehow bypassed the protection Ledger had and added another transaction. Another possibility is that it's some kind of internal bug that is a combination of some incredibly strange circumstances that occurred during your legitimate transaction. Still, the question remains, where did this new address come from if it wasn't some malware?

I understand your privacy concerns, but it would still be advisable to put the ID of both transactions, there are members who can conclude something from the transactions. Are you using any kind of antivirus protection, have you tried scanning your computer for possible virus/malware?

I used the Nano S in combination with Electrum a few days ago, and the transaction went pretty normal.

Hi guys,

I posted this topic 2 weeks ago in the Ledger subreddit and created a support ticket with Ledger, but they came back to me saying that they can't find an issue/replicate my problem so I'm trying again here.
I someone would be able to replicate this bug I would be extremely grateful, as i'm at a loss here ...

So, I used Electrum wallet (installed as described here: https://support.ledger.com/hc/en-us/articles/115005161925) with Ledger Nano S.
Electrum: version 3.3.8
Ledger Nano S firmware: 1.6.0
Bitcoin app 1.3.16.
OS: Windows 10 Pro 1903

I created a transaction and pressed "Send". The details of the transaction appeared on my ledger device, I checked them and then validated the transaction (first screen was Output #1 or #2, correct amount, correct destination, "Validate", then second screen with the correct fees and "Accept").

The transaction was sent correctly (2 outputs - one recipient one change).

The problem: At the same time with the correct transaction, another transaction got generated - my biggest UTXO was sent in full towards an address not controlled by me (the address had no transactions in it and the coins didn't move since).

Please note that there are still other bitcoins on my wallet which weren't moved so i doubt my seed was compromised (both on the subwallet which contained the "stolen" UTXO and other wallets derived from the same seed).

Things I noticed: one weird thing about the second transaction is that the LockTime was 1 instead of a block number close to the one when the transaction gets broadcasted, so I think it got created through the console ?
Would it be possible somehow to inject a second transaction while I was on my Ledger checking the details of the original one ? Or modify the script hash so that one validation sends two transactions ?
It is possible for my operating system to be compromised, but even then I still can't understand how I got to accept this ...
I'm at a complete loss ... Help ?