Topic: Ledger hacked (Read 383 times)

The OP's lack of details makes the case even harder to help, since the OP says he was robbed, but at no point did he provide the TXID of the transaction or any output address, so you may be right.

OP Either you exposed your recovery seed online at some point on a computer with malware, or someone had access to your backup, a passphrase would mitigate this attack if that's the case.

Have you spread your recovery seed backup elsewhere? Someone could have physically accessed it and you never knew! That's why using passphrases is important, but I think this case may be a bit unlikely.

A lot of details aren't presented by OP. I've some immediate questions which haven't been confirmed by OP's presentation of his case.

Which wallet software did show zero balance? Was it properly synced and has this been verified (see also next question)?
We all know that Ledger Live is a real piece of shit software that sometimes has some real bad sync issues.

Are there transactions visible on block explorers that confirm stealing/emptying OP's funds?
I mean that should be an obvious check to make first. OP doesn't say anything about it. Don't assume, verify!
Valuable time is wasted without following flow of funds...

Are the mnemonic recovery words stored in only one place? If one place, who has access to this place?

If there exist multiple backups in different places, who may have access to all of the places?

Did you receive any authentic looking emails which pretend to come from Ledger company?


I can probably come up with more questions, but to shed more light into this case, I would like to have the above stated answered first.

Yes. There are professionals who specialize in analyzing blockchain transactions to potentially identify where stolen funds went.  They use sophisticated tracking techniques to follow the money trail and  however, their services are expensive and even if they locate the funds, actually recovering the assets can be extremely difficult. There is no guarantee of freezing or recovering them without law enforcement involvement.

I recommend consulting with a reputable cybersecurity expert or a lawyer who specializes in crypto-related legal matters. They can provide you with more accurate information and advice on your specific situation.

Yeah sure, let me just check my crystal ball to see what really happened here  

I am not defending ledger as a company or their devices but it is more likely that your seed words got leaked or stolen.
You didn't say if you wrote them on paper or in digital form, but ''hacker'' don't need to have physical access to your devices if he has your keys.
There is a chance for potential hack only if you signed up for ledger recover services, but that is a paid feature.

Could you elaborate your case a bit more? Ledger device comes in a few flavors - nano x, s, s+ and so on. Which one is yours? Did you share with them your SEED via their controversial Ledger Recover payed service for its custodial backup? Did you extended you SEED with passphrase and if you did, then, how this passphrase was kept by you, separately from SEED or not?

I wonder if a person can contact blockchain analysis companies in situations when crypto gets stolen/hacked and ask them for assistance? In theory, that should be possible. They will surely ask for a fee to conduct their research, but at least there is a chance that they do something productive instead of coming up with arbitrary rules and definitions about "dirty" coins that is based on nothing.   

He may only be able to do this if he's able to track where his funds went through. But it could also be too late for him to track it down when the culprit was already able to transfer it multiple times and increase his/her privacy. Thus, the special treatment and expedited process to give this kind of order to these centralized services will only be recognized if it's coming from a known person or someone who's got a huge fund that they may commission afterward, the possibility is there but chances are pretty low that a random guy will be able to do this. I'm afraid that OP might not be able to satisfy himself with any of these possibilities as transactions moving to and fro are too quick for him to track. Unless, if he's too quick to track it(unlikely) and became a stablecoin like USDT for which there were some cases that they're able to freeze the funds from criminals.

There is too little information about the incident to understand where the danger vector comes from: whether from the Ledger manufacturer or any other. The author needs to conduct a more detailed investigation and try to find out why exactly this happened. Well, the company would not rob its customers "specifically". If Ledger ever does something like this, it will be a mass phenomenon. And as they said during the discussion of this topic, most likely, the user himself made a "mistake" somewhere that led to the theft of his savings on the ledger hardware wallet. Therefore, statements about "Ledger hacked" remain premature and unfounded without detailed evidence (sorry, true ldger haters, but that's exactly it).

Only law enforcement can order custodial and centralized services to freeze funds deposited in their platform, a random person cannot do that, so if that is what you are looking for, report to the authorities, but there is a high chance they would not pay any attention to your case i'm afraid. Can you post the transaction id of the outgoing transaction that was made by the scammer, that is if you are not worried about the privacy concern.

Hardware wallets are good for cryptocurrency fund storage but only if people purchased hardware wallets a right way and use these wallets a right way too.

Choose open source hardware wallet, backup wallet seed a right way, and use it a right way.
Open Source Hardware Wallets
[GUIDE] How to buy a Hardware Wallet the right way
back up a seed phrase a right way
Hardware wallets can steal your seed!
Attack vectors for Hardware Wallets

Hardware wallets are constructed in such a way that even if the PC is infected with malware, they couldn't steal your coins from you remotely. Don't forget that you need physical confirmation with button presses on the device before you can broadcast transactions. But malware can find seeds and private keys. Clipboard malware can change addresses, but OP isn't claiming that he sent his coins and they ended up in the wrong address. He just noticed an empty balance one day. 

Downgrading Ledger firmware isn't possible from what I know. You can only upgrade. That doesn't explain the disappearance of the crypto.

The possibility of it being an inside job isn't far-fetched or it could also be due to careless management, monitoring and a carefree adherence of security protocols.

I have read some articles on how good hackers can retrieve or use brute force techniques to have access into a locked wallet and if it were possible to retrieve a hacked account with stolen funds, then am sure you would learn more if you visit this link and learn for yourself.

https://cointelegraph.com/magazine/hackers-crypto-wallets-recover-savings/

For someone who has been working with computers for 30 years, you don't seem like that at all. It's obvious that you don't know to protect yourself, because if you knew then you wouldn't ask for help from complete strangers - you would remember that you act in such a way that all known CEXs would already have your letter with a detailed description of what happened and all the details, and you could hope that the hacker is stupid enough to try to sell the stolen coins in that way.

If you really became a victim, ask yourself only two things - could anyone get into the possession of your backup (seed) or into the physical possession of your hardware wallet? Everything else is conspiracy theories.

You're not giving any information on how your bitcoin and Ethereum was hacked, it would have been better if you can send something like the transaction id for more information on it, then you're not also giving any information about how it all happened.

let me just remind you incase you're forgetting, bitcoin transactions are irreversible once it has been confirmed, the security of your wallet lies in your hands, if you can endure and to protect yourself, you're free.

That's what I'm also thinking because in this case now no one can help him to recover something that is being hacked and when it has been hacked I don't think his coin will be in the wallet again because immediately scammers hack your system and get into your wallet they will wipe everything and left you with nothing, from my observation maybe he login in someone phone or in a fake website where his wallet is being connected and they will have access to his wallet, this is why they many members of the forum always repeat that never click on any link and try as much as possible to protect your wallet by hiding your seed phrase because when your seed phrase enter anyhow that know much about cryptocurrency and he or she is into online stuff you are in big trouble, so with this your story now I don't think anyone can help to get who hack the ledger back to you safe without nothing missing in the wallet.

You're probably right because I have a ledger wallet with the same balance. I don't remember the exact time I bought it but it had to be in 2019 or 2020 and everything is still there, even checked the wallet 5 min ago after reading OP.

99% problems when handling software and hardware wallets come from neglect and user mistake.

How is your seed phrase stored? How is the device stored?

I am sorry to hear what happened, have you think the possibility of your PC being infected? Because it is either your PC is infected your ledger had been hijack by some one else.  Have you played with your ledger and try to downgrade or update it?  Or has your ledger information been phished?  I know this won't help to retrieve your fund (because it is irreversible) unless you pinpoint the culprit but realizing why this thing happened may not only help you in the future but also the people reading this thread.

I second the statement that it is impossible to retrieve the hacked fund in your ledger.  If someone DM you that they are capable of retrieving your funds, it is most likely a fraud and they are attempting to scam you into paying their fraud services.  So I want to warn and be aware of this kind of scam attempt.

Maybe don't look far and try to recall if someone has been acting weird in your surroundings that you've talked about in relation of investments and crypto. This could be an inside job from whoever is close to you.

But even with that, unfortunately, no one is going to be able to recover that anymore. If the hacker has transferred it already and your wallet has been swept by him into zero balance, only in good fate is your chance if he'd return it back to you.

Other than that, I'm sorry for your loss.

I wouldn't say it was hacked, probably it's more on a mistake on your side that give this hackers the change to steal your crypto. And as we can see, there's a lot of speculation as how they did it.

But since you are not sharing that much info, including the Bitcoin or Ethereum address, at least we can trace it as where the funds go. Maybe the criminals used a CEX as deposit address and so you can request them to freeze it for you.

Usually when people lose their bitcoin, it's 9/10 because of a mistake they made. The other cases come from terrible choice of software. Ledger has made some awful business choices in recent years, their Ledger Recover feature (actually a vulnerability) is the icing on the cake. But I repeat, people aren't getting their Ledger's hacked all over the place. If that happened on a daily basis, crypto media would be all over it.

I don't have an explanation about how all of a sudden all your coins are gone and no mistakes happened on your end.
How do you store your seed and who could have potentially had access to it? Has anyone ever seen your seed words? Who knows where your Trezor is held and does anyone know its PIN?

Do you care to share the addresses where your Bitcoin and Ethereum went to? Keep it mind that doing that might be a privacy risk. Do it only if you are comfortable with it.   

I'm sorry for your loss. It's impossible to revert the money that was stolen by the hacker. The only good thing to do is to avoid using ledger.

There have been a lot of cases related ledger's hack. Ledger is a flawed wallet.

There were many victims telling Ledger developers about this, but they never cared.

I'm sorry for you loss, I don't think that anyone can help you out to get your funds back, as we all know that addresses doesn't have a name.

Not sure though how you lost your BTC and ETH, it could be from a phishing attempt on you or another sophisticated methods by the criminals. Maybe you connect your ledger to a already compromised machine of yours, I reckon.

And let this be another lesson for everyone here, just be careful and make sure that before you plug your ledger, check everything first and if you are updating your ledger live, be sure that you are connect to the legitimate website as there are a lot of phishing website out there.

[


There is absolutely zero chance of that because i never used that seed phrase, never, and never stored it amywhere beside on ghe piece of paper. I have no idea what happened. And right now that is not my primary concern. Police report is filed but I have no hopenin that. What I am looking for is for somebody who can track such things and help me freeze it on some exchange if that is possible, I am also seeking legal help locally, but technical part I dont have. If somebody is capable and willing to do so please contact me. Yoi will not br helping for free, thatbI guarantee. Advice about internet security I dont need, I am dealing with crpto for 10 years and and with computers for 30 and nkw jow to keep myself safe. This is an incident for which I need help. quote author=Pmalek link=topic=5509482.msg64541595#msg64541595 date=1726574137]
What did you do?

Despite Ledger being closed-source and no longer a recommended wallet, people who own them don't magically get hacked and have their wallets emptied. I think that one of two things happened: You entered your seed phrase somewhere online or in a fake software that was emailed to you and you believed it to be genuine or someone got hold of your recovery phrase and took everything you own. A third scenario is possible, and that is that you imported your seed in a hot wallet, where again it could have been a scam wallet or you have malware and keyloggers on your system.

Unless you tell the complete story in full details, you and us we will never learn what really happened.
The transactions are irreversible. You can file a report with the police and track the flow of the coins. If they get deposited into a centralized exchange, there is a small possibility that the service will freeze them if you provide the right documentation.  
[/quote]

What did you do?

Despite Ledger being closed-source and no longer a recommended wallet, people who own them don't magically get hacked and have their wallets emptied. I think that one of two things happened: You entered your seed phrase somewhere online or in a fake software that was emailed to you and you believed it to be genuine or someone got hold of your recovery phrase and took everything you own. A third scenario is possible, and that is that you imported your seed in a hot wallet, where again it could have been a scam wallet or you have malware and keyloggers on your system.

Unless you tell the complete story in full details, you and us we will never learn what really happened.
The transactions are irreversible. You can file a report with the police and track the flow of the coins. If they get deposited into a centralized exchange, there is a small possibility that the service will freeze them if you provide the right documentation. 

Going out on a limb here, but if it was an inside job I would *think* that we would see a lot more complaints popping up then just 1 random person.
Not saying it can't be, but until we have more information I would go with some other issue.

-Dave

Also if he backup his seed phrase with those companies, that could be a other reason. Ledger Nano is not a recommended wallet. The wallet compromisation can be through offline attack, it can be through close source secure element, and it can be through online seed phrase hack from the companies. Attack for a good hardware wallet should be just through offline attack. Although, you are most likely correct that it is most likely an offline attack but ledger has been vulnerable in the past. I prefer open source airgapped hardware wallet which are the hardware wallets  that I can recommend.

Ledger is close source and there are hardware wallets that are open source and people need to buy hardware wallets in right ways too.

[LIST] Open Source Hardware Wallets
[GUIDE] How to buy a Hardware Wallet the right way

Since a Ledger is a hardware wallet, it limits the scope of attacks that can affect you. Most likely, the point of failure was the way you stored your recovery seed. However, since Ledger is closed source software, you will never be able to rule out the possibility that it was an inside job.

No one can help you to reverse Bitcoin or Ethereum blockchain. Bitcoin has no record of blokchain roll back even years ago after Binance exchange was hacked, their CEO Changpeng Zao proposed the idea to roll back Bitcoin blockchain but it was not supported by community.

Ethereum blokchain has a bad record with Ethereum the DAO hack, after that Vitalik team decided to roll back ETH blockchain. It caused a community split and chain split to Ethereum Classic and Ethereum. But Ethereum team will not roll back their blockchain because of your or any person individual mistake or personal hack.

You learned a hard lesson, now it's time to move on. You have to learn more about security of your devices, wallets and improve your practice on device and on internet.

Cryptocurrency security checklist.
Bitcoin security and resources.

Ledger itself has bad records with data leaks, hacks.
Ledger Security Breaches from 2017 to 2023: How to Protect Yourself from Hackers

I just got hacked, Ledger wallet, stolen BTC and ETH.
Anyone who can help retreive funds, all help is appreciated. Reward in terms of percentage of retrieved funds is absolutely possible.