Somebody (years ago) asked me for a little help. He lost some bitcoin to a receiving address, generated by a Ledger, that he could not access anymore with his device. He never changed his seed, he was 100% sure and never used a passphrase (25th word).
After alot of investigating i thought the same thing most of us would, he probably set a passphrase and forgot about it.
Two days ago i stumbled upon something that got me thinking again about that problem so i started to look at it again, i still have all the information.
So this is what he did:
1. In 2018 he used the Ledger Chrome app to create a BTC and a LTC address to receive funds.
2. They sent him the funds, both LTC and BTC, blockchain explorers confirm that the funds are received and confirnmed.
3. He wants to use his funds and faces the problem that his Ledger apparently does not hold the private key for his BTC address but it does hold the private key for his LTC address.
4. Both addresses where generated within a few minutes of eachother and inbetween the seed did not change, the device was not wiped or anything, everything was normal.
That's the background, from this point on things are gonna get very interesting.
Back in 2018 i already discovered that his BTC address (created by his Ledger) has funds in it on the BTC chain and the LTC chain, that got me thinking about a derivation problem or glitch. That wasn't the case because he sent funds to the BTC address on the LTC chain himself, a small amount of LTC to see if that would show up on his Ledger, it did not.
This is his LTC address:
https://chain.so/address/LTC/36ezRREzDYH3uSvADoSSpoLZrFVigQkmLpThis is his BTC address:
https://chain.so/address/BTC/36ezRREzDYH3uSvADoSSpoLZrFVigQkmLpBoth still hold the funds because his Ledger does not hold the private keys.
I started to trace back the transaction of the LTC he sent to himself to test, maybe i could see if his Ledger was doing something wrong with change addresses.
His small amount of LTC (sent by his Ledger to his "problem" address 36ezRREzDYH3uSvADoSSpoLZrFVigQkmLp) was sent using this transaction:
https://chain.so/tx/LTC/e6afd6122f60db9fdd40e7009a644d64a29d6241040d20728378d569a2335b3b from this address:
https://chain.so/address/LTC/LRQTUERzgmNBeC8EzRpWFX9Ya7doCLCUXwAs you can see in the transaction a small amount was sent to his "problem" address and a small amount was sent to this address: 3HZgtFDmfwohrz2cRfzSECxeszpEzJqiYY :
https://chain.so/address/LTC/LYNZgGrN1L7hGmCgtrRaGJbbixTipfu4jBKeep in mind, at this point all he did was sent a small amount of LTC to the corresponding address on the LTC blockchain of the address he lost access to on the BTC blockchain, just to test if the LTC would show in his Ledger and we know now that it didn't.
Now this is what blew me away:
I Googled the address the other part of this transaction went to: 3HZgtFDmfwohrz2cRfzSECxeszpEzJqiYY
I discovered that also this address is active on the LTC and BTC chain and it's not his... kinda weird but ok, nothing to be blown away about, untill i saw this in the Google results:
https://bitcointalksearch.org/topic/help-me-recover-my-bitcoins-3310150The owner of address 3HZgtFDmfwohrz2cRfzSECxeszpEzJqiYY had the exact same problem and asked for help on this forum back in 2018.
Uhm... what? This is another person, that had the EXACT same problem and even more, the addresses where created on the EXACT same day, May 22, 2018?
This can, in no way, be a coincidence so i started to look further.
One was using a Ledger with Chrome and the other one was using a Trezor with Chrome.
Both of them created an LTC and BTC address on the exact same day and both of them lost access to the BTC address.
Both of them lost access to a BTC address and the both addresses meet eachother within one transaction on the LTC blockchain.
Around that period, Google Chrome got this update:
The Web Authentication API adds a third credential type, PublicKeyCredential, which allows browsers to authenticate a user with a private/public key pair generated by an authenticator
as you can see here:
https://en.wikipedia.org/wiki/Google_Chrome_version_historyTwo people, that never saw eachother, don't know eachother and this happens?
The link is Google Chrome.
Discuss!
PS: This was not a copy/paste virus or anything like that, he took a picture of the address when he created it and the address IS created by his Ledger as you can see here:
https://imgur.com/hxhaAfJ