Author

Topic: IMPORTANT WARNING for Ledger user, it has been attacked by malware. (Read 240 times)

full member
Activity: 756
Merit: 112
For clarity so people won't panic: Ledger has NOT been compromised. Your wallets are pretty much safe as long as your computer doesn't get infected by this malware. It's an attack on user's Windows computers, not on the Ledger device, or Ledger's software.

Based on Ledger's tweet[1], the fraudulent software asks the users to re-enter the 24-word seed on the computer, whereas if you aren't stupid, you definitely wouldn't do.




[1] https://twitter.com/Ledger/status/1121439219086495745

Oh so it's mostly an attack for those who doesn't know how to use Ledger. Well, as per my experience, you will use the recovery keys on the Ledger device itself. You will need to type in the each words in the Ledger device. Don't worry its with the use of it's word prediction AI.

A useful video here from Ledger -
https://www.google.com/search?q=how+to+recover+a+wallet+in+Ledger+Nano+S&oq=how+to+recover+a+wallet+in+Ledger+Nano+S&aqs=chrome..69i57j0.15640j0j1&sourceid=chrome&ie=UTF-8#kpvalbx=1 (link is a clip from google)
legendary
Activity: 1386
Merit: 1123
Essentially this requires a series of unfortunate events in order for your coins to be stolen. As secure as hardware wallets are, you would be safer using them on a secure system that is not utilized for regular browsing, torrenting, gaming, etc. So you'd have to fail that test, and get yourself a virus to start the chain. Then, you have to fall for the phishing attempt that the virus prompts. I'm not a ledger user, but Trezor has literally never asked me for my seed, and I would find it very suspicious if it suddenly did.

Moral of the story, don't use your wallet on a potentially infected system and when in doubt do not provide your seed. Sounds like common sense and due diligence come out on top again!

I'll remain calm until the hardware wallets themselves become vulnerable without handing over your private key.
mk4
legendary
Activity: 2870
Merit: 3873
📟 t3rminal.xyz
Thanks for the clarification mjglqw! Was shocked when I read the headline Wink

Well made phishing attempt in my opinion, I am sure that a lot of lesser advanced users are going to enter the passphrase ...

Yea, it was pretty much somewhat like a phishing attempt, that's far more convincing(for the uneducated) as the users think they're still opening the same program on their computer. I won't be surprised if the casualties are high on this fiasco.
legendary
Activity: 2520
Merit: 3054
Enjoy 500% bonus + 70 FS
Thanks for the clarification mjglqw! Was shocked when I read the headline Wink

Well made phishing attempt in my opinion, I am sure that a lot of lesser advanced users are going to enter the passphrase ...
full member
Activity: 168
Merit: 214
WhoTookMyCrypto.com
Yeah if users understood the purpose of a hardware wallet they probably wouldn't have fallen for this ie. It's function is to achieve a separation between your keys and your desktop. Entering your seed into a desktop application just defeats the whole purpose of having one.

Your seeds should only be entered into your hardware device, never on your desktop / other electronic devices.
mk4
legendary
Activity: 2870
Merit: 3873
📟 t3rminal.xyz
For clarity so people won't panic: Ledger has NOT been compromised. Your wallets are pretty much safe as long as your computer doesn't get infected by this malware. It's an attack on user's Windows computers, not on the Ledger device, or Ledger's software.

Based on Ledger's tweet[1], the fraudulent software asks the users to re-enter the 24-word seed on the computer, whereas if you aren't stupid, you definitely wouldn't do.




[1] https://twitter.com/Ledger/status/1121439219086495745
legendary
Activity: 2422
Merit: 2228
Signature space for rent
Duplicate post isn't allow by forum, but unfortunately not much peoples are active on wallet section. So in order to help Ledger  user I will post my warning topic link here. Please read this topic if you are using Ledger , WARNING! Ledger detected a malware . Don't fall any malware attack, save your crypto.
Jump to: