Topic: Ledger Nano S is not safe!! (Read 261 times)

What I said there is correct, taken in the context of the rest of my post - i.e. an external address you are trying to send bitcoins to.

Let's say I have some malware which will change an address I copy in to Ledger Live when I go to sign the transaction. I copy "Address A", which is my exchange deposit address. I head over to Ledger Live, and create a transaction to send 0.1 BTC from my hardware wallet to "Address A". Just as I go to confirm the transaction, the malware on my device changes "Address A" to "Address B", which is an address belonging to an attacker. This transaction is pushed to my hardware wallet for me to review and sign. The transaction I see on my hardware wallet will show "Address B". When I double check the transaction on my hardware wallet, I will see that "Address B" which shows up on the screen is not the same as "Address A" from my exchange account, and so I will reject the transaction. There is no way for malware to change the address I am sending to in Ledger Live without this new address being displayed on my hardware wallet screen.

This is not the same when considering a receiving address generated by your Ledger wallet, which is what you are talking about. Malware could potentially change the address you see in Ledger Live, but your hardware wallet would show the true address instead, which you would again pick up when you double check the address and would therefore reject it.

That's not practically feasible.

If they were to implement such a change, this would automatically mean that you can not use your hardware wallet with the software wallet you want. You would be forced to use ledger live.
And that would be ... a really dumb decision.

There is no way for the hardware device to know whether it is talking to a malicious ledger live or to a 3rd party application (e.g. electrum, wasabi, ..).


The real security mechanisms is that transactions on a genuine device can only be signed using the buttons and that the transaction to be signed is shown on the screen.

That is exactly what I thought Ledger hardware wallets do until you confused me with the below part of your previous post which I will quote .

This part made it sound like the altered address would be displayed on the screen of the Ledger device instead of the real address generated by the user.

By buying devices myself ^^
You managed to throw  doubt on me, but I checked the site and it says the same thing

Anti tamper seals
Ledger deliberately chooses not to use anti tamper seals on its packaging. These seals are easy to counterfeit and can therefore be misleading.

I don't remember exactly when they stopped but it's a bit old now


I assumed the person already used the device between December and February

So, my reply above was in relation to creating a transaction on Ledger Live (or any piece of software) which is then pushed to the hardware wallet for signing. The hardware wallet will always display the address in the transaction it is signing, so even if some malware is altering the address you see on your computer screen, the real address will show up on your Ledger Nano and so you can double check it is correct and reject it if it isn't.

In terms of receiving addresses, then you should always confirm the address using your Ledger Nano by following these instructions: https://support.ledger.com/hc/en-us/articles/360006444193-Receive-crypto-assets. Again, the Ledger Nano will only ever show the real address, and so if some malware is changing the address on your computer screen, you will see that they do not match.

What about when you create receiving addresses in Ledger Live? You suggested that if a malware changed the address in Ledger Live, that same address would be displayed on the screen of your Ledger hardware wallet as well. Is that correct?

If that is true, how would the user know that he is about to confirm a transaction that will be sent to the wrong address?
If the two addresses match, but a malware caused you to generate an address that doesn't belong to your wallet, how would the user know that?
I always thought that it wasn't possible to pair your hardware wallet with a fake Ledger Live software. Upon connecting, the Ledger device should notice that it's communicating with a fake app. The biggest treat is inserting your recovery phrase in the fake software, which is how people lose money. 

Sure. Ledger Live is just like any other piece of software. Malware could target it and change a transaction you are creating in the software. What it can't do, however, is change what shows up on the screen of your hardware wallet. So if malware altered a transaction you were making in Ledger Live, whatever alterations it made would show up in the screen of your Ledger Nano. Provided you are double checking what shows up in the screen of your Ledger Nano before you confirm it (and if you aren't, then why are you even using a hardware wallet in the first place?), then you will notice these alterations and therefore not sign the transaction.

This is possible, yes. If malware changes the address in Ledger Live, then this changed address will be what shows up on your hardware wallet, which you will notice when you double check and therefore not sign. What it can't do is show the correct address on your hardware wallet while actually signing a transaction to a different address.

But could such malware enter Ledger Live, for example, and tamper a particular transaction you are about to confirm? I used to experience pasting an address but the one that would appear is different from the one I copied. I almost confirmed it before I noticed it looked different. That was a long time ago and it wasn't a Ledger transaction.

Anyway, is it possible that the address that appears on Ledger Live as well as on the hardware itself are exactly the same address but one which did not come from you?

Thanks for the response, by the way. Apologies, OP, for hijacking your thread. I'm out.

Walk us through the entire process of you purchasing, configuring, and receiving Bitcoin on your Ledger device. There are already a bunch of questions for you to answer, so I wont be repeating those. Check your browsing history and copy/paste the site where the wallet was purchased from.

Where did you send those coins from and was the transaction ever confirmed on the blockchain? Or did you just see a balance update in Ledger Live?
How does the device look? Does it look like it has been opened? Check the hardware integrity article from Ledger and compare it with the wallet you have (https://support.ledger.com/hc/en-us/articles/115005321449-Check-hardware-integrity).

Have you received any phishing mails recently that looked like they came from official Ledger support that asked you to download an updated software because your funds might be in jeopardy?

It's a reasonable position (and indeed, the correct position) to be critical of a company when they have obviously failed (such as in Ledger's database breach), but not jump to conclusions without evidence regarding other issues (such as in this case). Literally every time I have seen someone complain that their hardware wallet was hacked, it has turned out to be user error, not following the set up guide, insecurely backing up their seed phrase, entering their seed phrase on a website, etc., and no fault of the hardware wallet or its manufacturer.

How do we know it wasn't his first transaction? Regardless, lots of people with hardware wallets make a small "test" transaction first, and many more use it to slowly build up their funds over time. If the attacker knew the seed phrase from the outset (as they would in the case of a pre-initialized device), then it may well be in their best interests not to clear out the wallet immediately, but to wait a few months for a larger amount of coins to be deposited. Or perhaps the attacker only just discovered the seed phrase because OP had entered it on a website, uploaded a screenshot to a cloud backup, or something similar.

By plugging your hardware wallet in to a computer with an internet connection which is filled with malware, the worst thing that can happen is that some malware creates a transaction and pushes it to your hardware wallet to be signed. Without you physically approving the transaction on the hardware wallet itself, then the transaction can never be signed and therefore never be broadcast, and your coins can not be stolen. The only way coins can be stolen in this manner is if you are completely careless and approve a transaction on your hardware device that you didn't create and without checking it.

From Ledger themselves:

He wrote that in February he has received money, not sent. I'd say that at that time he opened the wallet to get an address.
And this can mean that until that point nobody stole anything simply because there was nothing to steal.

The reason why the OP lost his Bitcoin is simple, is either he exposed his wallet or the wallet was not buy from the ledger's official distributors or retailers because when the wallet company was attacked by hackers in late June in Paris none of the wallet user experience any loss of fund despite some private information that was stolen by the hackers.

Do you get the wallet from an untrusted source online?
How many people have access to the safe where you kept the wallet backup words?

I'm a bit troubled by this. I wonder how the actual stealing took place. Hopefully, it doesn't have anything to do with the hardware itself. But I really am very curious how everything transpired.

On a side note, I understand that a hardware wallet if fully air-gapped is secured, but I'm now wondering, does plugging your hardware wallet to your online PC or laptop necessarily pose a risk of whatever degree to your funds? That is, even if you are only operating on your Ledger Live, for example, for the entire duration?


How was this information obtained? I mean that the boxes are not sealed anymore.

The boxes are not sealed anymore, probably since 2019 IIRC. Since it can easily be reproduced, it becomes a useless security


He bought the device in December and in February spent some BTC on the wallet. Considering it was not his first transaction, why the wallet wasn't hijacked before February? Personally, I think it's a human error.

The coins were never on Ledger. The coins are never "in the wallet". The coins are "on the network", the wallet is only a tool to spend the money.

Now, think what you could have done in a way that have allowed others get your seed:
* did you initialize/properly reset Ledger yourself?
* did you write the seed somewhere else (a website, or a notepad to print it out)?
* how did you transfer money "to Ledger", did you provide only an address or something more?

I have a Ledger for a year now and no funds were stolen from me.


You'll have to give us much more info, but until now I tend to believe that you either got a tampered device, either done something that allowed somebody else steal your money.

I'm surprised you're almost sticking up for Ledger here, as you usually are quite critical of them if I'm not mistaken--but you're right.  I don't think I've ever read about something like what OP is describing happening with a Ledger.  If there were even one or two cases of that, I'm pretty sure Ledger's reputation wouldn't be as sterling as it is (though it's been tarnished as of late).

I have the same questions for OP as others have asked, and hopefully he doesn't abandon this thread without answering them.  I'd be very interested to know where he bought the Ledger, and that info might help the community if it was from a 3rd party.

Ledger wallets are a well-known safe hardware wallet for Bitcoin and other cryptocurrencies, so before accusing them, let us know first where did you buy that Ledger Nano s wallet.

If you have bought your Ledger nano s device on these authorized distributor/reseller networks, you're probably safe and not the device fault losing your Bitcoin, but if not, you might have used a not genuine device and probably a preconfigured or tampered one which they can access your device.  To avoid a headache, always purchase on the official site.

It might be helpful if you read this article and you might find the answer to your problem but unfortunately, not to recover your Bitcoin's loss. and sorry for your loss, learn this mistake don't let it will happen again.

Here we go again...
Don't blame it all on ledger right away because it is probably your own mistake or you have been a victim of some Hardware Wallets Attack vectors, maybe you purchased wallet from bad source or you entered seed words on some phishing website from some link you clicked.

Why you wrote the same question in Nederlands (Dutch) section and locked the topic?

Not quit a reason you should think Ledger Nano is not safe.

Where did you buy the wallet?
Hope it is new when you bought it?

Normally, Ledger Nano wallets is safe in this regarding, and you have no prove. Sorry for the loss, but there is a breach somewhere like someone knows your seed phrase, it may be the reseller you bought it from or someone close to you.

Did you buy the Ledger Nano S from Ledger themselves? Was the seal intact? Did you write down the seed yourself?