Topic: My BTC hardware wallet was compromised (Read 505 times)

Using non custodial wallets is like double-edged solution with some risks mentioned by you, but fortunately its advantage overwhelms disadvantage. It's unsafe to store bitcoin or cryptocurrencies in custodial wallets, like in accounts on centralized exchanges or platforms. Because as said and warned, users don't have access to private keys and completely rely on centralized platforms to proceed withdrawals, transactions for them.

With non custodial wallets, full control of our coins but we must secure our device, wallets very safely. With acount on centralized exchanges, there are different layers to hack it, like account password, 2FA for account, email password, 2FA for email and also detective tools of centralized exchanges that can be so powerful to detect suspicious login and activities of a hacked account.

Well, if someone can't keep his wallet's mnemonic recovery words (and possibly other details necessary for a full wallet recovery) offline and redundantly safe and secret, then his non-custodial wallet might not be the safest secrets keeper of his crypto coins.

Don't get me wrong, I definitely don't encourage to keep your coins where you don't possess the private keys to move them. I know and understand the message of "Not your keys, not your coins!".

Users of non-custodial wallets have to understand and accept the responsibilities they have with using such wallets. There's no way around this, in my opinion.

And any cloud services syncing with multiple devices is a terrible place for such important secrets. Usually most users don't have much control over the actual security status of all those devices (you know, the weakest link breaks the chain) and a cloud service is just someone else's computers. Good luck with control of your data there, if there's no verifyable end-to-end encryption in place.

OP already said how he stores his backup phrase in his last post in his thread, and it is in google cloud drive, and i am pretty sure that is how OP lost his funds.
It is crazy that there are quite a lot of people like OP, who think they are safer user exchange wallets. Ledger is not a good hardware wallet to use, but it is definitely better to keep on using ledger, than to switch to an exchange wallet.

It's quite odd when users move their funds from cold storage to an exchange account to keep them safe. It should be the other way around. Something's amiss when one feels more secure after switching to a centralized and custodial platform from a hardware wallet. Although Ledger has a somewhat stained reputation, I don't think the fault is on their end. You must have done something wrong along the way, OP. My guess is that you're either storing your backup phrase in a hot device or you entered it somewhere.

This.
I'm sorry for your losses OP, that's quite expensive but celebrate not by saying this;

You're not lucky, you might regret this later. Move out your funds from those exchanges and move it with your new wallet that has generated a new seed. It's safe to use that nano s as long as you've generated new seed phrases from it. Or if you feel unsafe, might get a new wallet and not a Ledger but a Trezor or any other known brands.

It seems to be a "false friend" translation as I'm no native English speaker (but somewhat used to it). I wanted to say examine/check/confirm all your transaction details, especially of course all the transaction's outputs because this is where a malware could do you harm even when you use a hardware wallet. Malware can't control a well designed hardware wallet, but it could manipulate the output addresses and trick you to sign a transaction to wrong output target addresses if you're not cautious to check with care.

OP everything was good until you said you backup  your seed on a cloud storage.. it’s just like saving your seed on your gmail I see no difference ( there’s a little difference though) there has been a lot of theft due to backing up your phrase to a cloud storage, not even that saving sensitive datas on your cloud storage is risky.
Well it’s done already guess you’ve learned something , too bad you just have to lose money ( sorry about that ).
Do you mean ‘ control confirm your transaction details’?? and yeah thanks for mentioning the OUTPUT address( very important ).

Why on earth would you do that?
Coins sent to centralized exchanges are NOT yours anymore, and they are NOT safer than being held in any non-custodial wallet.

This are both silly decisions, and there is not much difference from using g00gle cloud to store your keys, or exchanges holding coins for you.
Not your keys = not your coins.

Oh, this is prolly how your seed was compromised and how your funds got stolen, it is not safe to save your seed phrase online or electronically, it can always be compromised and you will lose your money. Your backup should be offline.
Do you still keep your assets in centralized exchanges? I know you lost your money in a non-custodial wallet, but it was because of how you backed up your seed phrase. Do not keep your assets in an exchange, not your keys, not your coins, keep them in a non-custodial wallet that is open source, and keep the seed phrase safely offline.

Recovering such is almost impossible,  if the address could be traced to an exchange and if it happens to be a kyc exchange then there's a chance but it will cost you a whole lot, literally you may have to involve the law enforcement or you may just let it go especially if the transaction has been confirmed ot have been credited to the new wallet.

Years back, many Ledger Nano users just bought the wallet thinking the security part had nothing to do with the recovery seed, they thought the most secured part is the hardware wallet itself but they are wrong, they stored the keys on the cloud and it got compromised, some were a victim of fake Ledger upgrade website that looked identity to the original.

Ledger isn't even an open source hardware wallet, some users can't even tell the difference too, RIP to OPs Bitcoin, there is no way he can get it back and I hope he can move on from this, because the internet is full of scammers promising people like OP that they can help get their BTC back, it is all a lie.

Your opinion is quite right, OP should have reported this incident long enough maybe the hackers could have been caught at that early stage it happened with proper tracking but it is obvious that it is too late now. I think it could be tracked from one wallet to another to see if there could be any identity to hold onto like an exchange in which a deposit from the wallet that received such funds was made.

OP can not get back his Bitcoin at this stage but the only thing that could be done is just to blacklist the wallet if at all it is or it would be active because I believe the hackers would have long abandoned the wallet for another so that their activities can not be traced as it is that they use wallets to perpetrate their evil act and eyes would be on the wallet monitoring its activities to possibly tracking to get them caught.

This incident happened since three years ago, and you haven't found a way to report this case since, you gave it too much space because that's more than enough time for person to have done with the Bitcoin if the scammer wanted to sell them at the time, it's most likely you can't get your bitcoin again, except you have reported it and this address was put on red an alert in various exchanges, in case of any transaction coming from the address to any centralized exchange.

Sorry to hear this. Recovery is tough without exchange or authority help if the coins are traced to identifiable accounts. Secure your setup, enable 2FA, and consider expert advice carefully.

This was a terrible mistake you made by using the Google Cloud option to save or back up your seed phrase because if compromised, your data and details will get leaked. Possibly all these might have happened at the airport just as you have said but still, you should not have saved your seed phrase with Google Cloud Drive as that was the first mistake you made. However, you have learned your lesson for this, do not use this option to save your seed phrases again as you can save them manually so you can easily retrieve them without anyone having access to them, but you could track the transactions to the exchange wallet if you can make time to do it.

Yeah that is how scammers operates. They would keep moving the fund from wallet to wallets just to make the pseudonymous transaction traces so broad and sophisticatedly confusing with the intension not to leave the last end where they final transaction is made in an exchange untraceable.

They are usually taking the first transaction steps on the non custodial wallets until it is rested in an exchange where they tend to trade it with.

I have not experienced fraud before but I think this is how such related to your story works.

This is quite unfortunate. Even though hardware wallets are considered as one of the safest ways of storing bitcoins, users need to be extremely careful and security conscious when choosing or handling their wallets. @op, there are chances that you may have gotten a compromised hardware wallet right from the beginning. People can actually buy hardware wallets that have been tampered with, especially when they buy from sources that cannot be trusted.

Aside this, the wallet itself might not be compromised, but if we do not store our seedphrase properly or if we enter them online, it might expose the seedphrase to hackers, thereby giving them unauthorised access to our wallets.

The deed has already been done and the transaction right now is irreversible, but with the replies given so far, you should be able to properly protect yourself to prevent reoccurrence.

Consider the mnemonic recovery words potentially compromised when you store them on any cloud service, with minor exception to verifiable end-to-end encryption services. Still there's no good reason to expose the recovery words to any online device. Keep it offline and analog and no digital hacker can steal them.

Each device where you login with your Google account can potentially access your Google drive data. Computers, mobile devices, any of those could be potentially compromised by some malicious software or app.


Good point and also a rule that should never be bypassed: always, ALWAYS control all transaction details, especially the output address(es) BEFORE you sign a transaction with your hardware wallet. No exception!

Your private keys that are used to sign transactions never leave hardware wallet. The maximum harm intruders could cause ^{should you machine was infiltrated} is to slip in their own destination address for signing. Without interaction with your hardware wallet transaction that emptied it balance could not happen.   Did you check the details of   transactions you signed that time?

Thank you all for your reply.

Let me dig into it. First of all just FYI i am aware that there is no recovery, i am sharing my experience because I just noticed the hacker moved the funds from the wallet to somewhere else. At the time of the hack it was me and another 2-3 other transactions. Mine was 0.25Btc at the time.

I never use public wifi for this reason. In this particular time, I connected to Stansted Airport public wifi because my mobile reception was not good enough.

The hardware wallet was a ledger nano S, which i havent used since, and moved the rest of the coins to an exchange.

The seed was stored in my google cloud drive. The reason for this is that when I bought the ledger back in 2017, i was still studying about cryptos and I never thought that it could be compromised. Also I wasnt expecting to have massive amounts of cryptos ever. Luckily most of my coins were stored in coinbase and kraken, so "only" 0.25btc was gone.

I was 1000% sure that someone local at the airport hacked my laptop (windows 10) over the public wifi, and I contacted Stansted airport stating what happened. Stansted airport replied that their wifi is secured and all this nonsense.

After that I just gave up and forgot about it. Even now, it is more of a reporting thing, than pursuing the coins.

Here are some info of the specific transaction :

Transaction ID : 9744253a268a18c61b2d33addc0dcbcfae7e8471985868adcd001e396299d609

From : 3GAJEN47f6kxafAPxmSMaMAeseWZszPLGX
          3PKrP4TBP3agDKZoMZpjBK4SQXXNvdhA3Q

To : bc1qye8jqulxsk6jd4ehkjcm9rtp9fuufntqgqcagn

Any good and decent hardware wallet should provide some indication to check it's running genuine firmware and hasn't been tampered with (the latter may be difficult because seals and so-called tamper-proof stickers aren't that good mostly, exceptions may exist).

With verified genuine firmware (open-source preferred) of trustworthy hardware wallets (this is not Ledger for sure) I wouldn't have trust issues with such a device. Everything is better and safer than a hot software wallet.

In my opinion and from my perception compromised hardware wallets are very very rarely an issue of the hardware wallet itself but rather by some sort of user faults with handling and storage of the mnemonic recovery words generated by the hardware wallet.

Most commonly it's some sort of online digital exposure of the wallet's main secrets (taking digital pictures, screenshots, being tricked to enter the recovery words on some online website and similar no-noes, granting malicious contracts access rights to your wallet in some Ethereum or token shit space the user doesn't understand, ...). If you do any of these, you clearly don't understand your non-custodial wallet security.

What do you use, then? HWs are currently the most secure methods of storing your cryptocurrencies and cases like the OP's are the exception rather than the norm. Mind you, if you buy a HW buy it directly from the house, don't buy it second hand or from sites like Amazon.

Sorry to hear that,
Maybe during any progress of the hardware wallet 's creation or shipping, it been modified
Address or secret key been added into
All your wallets address had been altered.
That's why I don't use it

Indeed, chances of getting back one stolen Bitcoin on-chain is not possible, taking precautionary measures could help minimize the risk of losing one's Bitcoin to scammers and hackers.  If people are careful with how they save their keys and properly check their wallet addresses before sending bitcoins, they will never encounter challenges such as missing coins or sending bitcoins to the wrong wallet address. Concerning hacking, one should just avoid public wifi, and also random links should be avoided so they do not get hacked.

I believe there is a possibility of OP tracking the transactions or movement of his Bitcoin on-chain to the final destination. Maybe if OP could devote his time to doing proper tracking and tracing of transactions, OP could get details of the CEX wallet addresses related to the wallets linked up to the hackers' wallet, It could help to further know who the hackers are.

Bitcoin blockchain is really hard to attack 51%, and nearly impossible, and Bitcoin transactions are consequently irreversible. This means if a person becomes victim of scammers, hackers, bitcoin lost through on chain transactions, will not be reversible.

Chance to get stolen or scammed bitcoin back is very small, if not say it is nearly zero chance.

Prevention, therefore, is better than try to recover your scam bitcoin.
Security and Privacy Encylopedia

Sorry to hear your loss, after learning what had happened you should secured at least your backup in a safe place, it must be the one that was compromised. Higher chance is you were victim of phishing link and fake app. Regardless if someone had the same experience as you, you cannot recover those funds that's why prevention safety should be followed.

No way to recover. You either bought a tampered ledger wallet off of ebay, or you somehow got your keys visible.
Maybe you had spyware on your pc, or maybe someone saw the seed keys and copied them, who knows. But one thing is sure, you can kiss those BTC goodbye

Ledger devices are closed source junk, and I always warn people to stay away from that crap, BUT it's much more likely that your seed words backup got compromised, and not your device.
Another option is that you purchased this device second hand or from some suspicious seller that added some malicious modification to your device.
There is also a chance that you have some malware on your computer, especially if you are using wiNd0ws 0S.

It's almost impossible to do that, unless you find out who did it and how.

The moment that the forum members here discovered that ledger wallet was no more secured for privacy use, they dissociate themselves from making recommendation over using it, because they have no trust when it comes to that and you're making use of that same wallet.

Secondly, it may be that someone have already hacked or is having access to your wallet and such is using that to steal from you without you knowing, my advise is that you should change the wallet and use another hardware wallet that is more secured like Trezor.

Of course this is possible, but several considerations must be taken into account ; you can know the platform to which the address belongs, and the platform in turn knows who used that address to deposit, but it cannot help you without legal permission from the authorities. That is, you have to go to the authorities and file a complaint stating that your data and digital assets have been stolen, along with providing evidence of your ownership of the addresses and assets therein. The authorities, after confirming this, will contact the platform and force them to provide the necessary data to identify the thief. The problem is not that it was a crime that occurred three years ago, because crimes do not expire with the passage of time, but that the stolen amount is not worth all this trouble.

Store wallet files, wallet seed on a device (computer, laptop, phone, usb stick) is risky because if someone steal that device or compromise it, your wallet will be accessed by them and your coins will be stolen.

I agree that paper as a wallet backup when you are moving around is safe. It's safer than device that can be connected to Internet, as you might not lose your device but it will be still compromised by hackers. With paper, except if you lose it, you will not lose your wallet and your coins.

How to back up a seed phrase.

Forget about recovering that unless the authorities will caught that hacker together with the funds. But it is most likely that the funds were already gone and moved again from other addresses or converted into a privacy coin, et.al. What you can share us is on how you were hacked. What things you did for that hacker to steal your funds from your hardware wallet. Did you received some airdrops on your address and you clicked on the link that's attached to the NFT or airdrop through your ledger live?

Providing the principal address the coins was moved out from doesn't mean there is anything we can do to help him but just to be sure that the wallet actually belongs to him, that is why i told him that it would be better to provide the address and a signed message with the wallet address just to authenticate that he is the true owner but as for the coins that has been moved out already, nothing can be done 

It is such a terrible thing that someone stole your funds like that, and you feel helpless because you can't do anything. Because of such incidents, the crypto world is notorious for scams, and people don't trust it. I know Bitcoin transactions are irreversible, and the only way to recover your funds is if the thieves cooperate, which is impossible. So the only option you have is to follow up on that address. As you mentioned, the last transaction was made in April, so if they send your funds to any exchange, then maybe you can negotiate with them and provide your evidence against that theft. Perhaps they can do something for you. But remember, this is just my suggestion, it may not work for everyone. However, I wanted to share the possible solution that came to mind. So before doing anything, do your own research (DYOR). There are also other people who have complained against that address, so maybe some results will come up.

So sorry about your experience mate. I read your other response to comments where you said you checked your wallet last before you boarded a flight and I want to ask if you used the airport wifi because that is one of the possible causes of your hack if you used the public wifi and another question I would ask is if you stored your seed phrase in google cloud? because that is another aspect of safety people make mistakes of and sometimes it does not end well with their assets as it is being stolen.

It is best you store your seed phrase on a piece of paper and keep it in a safe place where only you can access it whenever you want to.  As for your assets, you can track them here to see for yourself where it was sent to and other final destination of your assets.

https://intel.arkm.com/tracer?address=bc1qye8jqulxsk6jd4ehkjcm9rtp9fuufntqgqcagn

https://intel.arkm.com/explorer/address/bc1qye8jqulxsk6jd4ehkjcm9rtp9fuufntqgqcagn

Since the wallet address that stole from you is the above, it would be better if you provide the wallet your assets were stolen from so that it would be properly traced by other members because, with this address you have provided, nobody can know where the assets were stolen from because there are lots of transaction recorded to the wallet you provided that stole your asset.

Did you use a public wireless network while you were at the airport or in the hours before the flight? If by any chance you are, there is a possibility that you have become a victim of something called "evil twin" attacks and it is very popular in all locations where a lot of people gather.


It's definitely possible, just as it's possible to report such things to the police - but the point is to do it as soon as possible, not to think about such things three years after they happened.

Once the transaction is already confirmed you cannot take it back again this could be considered as another charge to experience, can you tell whats the background story of the wallet why being compromised?, its the hardware wallet already so there's a possible case the seed was stolen or the wallet itself so the hacker easily use to make a transaction reason why the use of the hardware wallet is to keep away and store it online likely you don't have an active transaction on it.

So the hacker did not steal all of the Bitcoins or something? Or what else?

Whatever it is, never keep digital copies of your seed phrase ever. It should be in the paper world only. If you need to restore your seed on another computer, transport the paper there and type it manually. Never store it on a computer (as I am not really sure what exactly caused your bitcoins to get stolen).

I believe you can report it if the hacker sent it to an exchange such as Coinbase, but you will also need the assistance of local authorities for an investigation. The only issue is that most hackers do not use centralized exchanges, and I am sure they have other ways to launder their funds, such as using mixers or exchanges without KYC. Anytime they can use those exchanges to hide their identity and receive clean coins.

How exactly you save your backup seed? As others have mentioned, if it was just a file or screenshot, your backup may have been synced to a cloud-based platform. If we are correct, your backup seed is no longer safe.

Would you mind to tell us what hardware wallet you currently using?

I have seen a couple of cases in another forum over time, very similar to this one, where the affected people could not explain how their coins had been stolen if they had a hardware wallet, and after some investigation it turns out that they uploaded a copy of the seeds to the iCloud because they thought it was too secure. Lol. As bad as Ledger's reputation is for data theft on several occasions, their hardware wallets are still safe as long as you do keep the seeds safe.

Did you have a digital copy of your mnemonic recovery words (screenshots, photos, files)?

Did you engage with some shitcoins or shittokens with your wallet besides the Bitcoins it held? (People sometimes grant (unknowingly malicious) contracts in Ethereum or similar space full access to their wallet. Such contracts may not drain your wallet immediately but at some later time.

Where you tricked to enter your mnemonic recovery words somewhere else with your device being online?

OP you should have provided the said BTC address that was stolen from and not the address the coin was sent to then a signed message from the address for us to believe you are the real owner of the address just for clarity and for your story to look true. However bitcoin transactions cannot be reversed, if the coin has already been moved out of the original address then it's lost forever. Maybe your passphrases has been compromised as that is the only thing that can grant anyone access to your coin and they move it out.

I know it is unreversable and I did transfer the rest of the funds to my exchange account straight away. My laptop was switched off and offline when this happened as I was on a flight. I checked when I got home, couple of hours after landing. I can share the transaction details here in case anyone can trace it. Is it possible to prove theft if the stolen funds were sent to a proper exchange, like coinbase etc?

If it was already confirmed, you can't recover them because BTC is unreversable. This is not the same as PayPal, where you can open a dispute and reverse the transaction.

Did you check the date when the transaction was sent? Then compare it if you open your wallet at that time?
If you didn't open your wallet at that time and sent BTC then your wallet is compromised.

If you still have funds from that wallet, I suggest better make a new wallet and transfer all of your remaining funds to the new wallet.
Also, do this on another device that you know is clean because maybe your current PC is infected with viruses and malware, or install a fresh OS before you create a new wallet.

Hi guys,


i just want to share my experience with you. This incident happened 3+ years ago. I logged into my ledger live app, and I found out that my remaining balance was sent to an unknown btc address. At the time I searched on the internet and I found out that this wallet was reported by a couple of other people. Tonight, I checked again my wallet and I found out that the owner of that address moved the coins to other wallets, maybe an exchange, last April (2024). I was wondering if anyone has a similar experience with me, and knows if it is possible to recover the coins in any way. The address that stole my coins is this : bc1qye8jqulxsk6jd4ehkjcm9rtp9fuufntqgqcagn