Topic: My ledger got hacked (Read 418 times)

I think hackers got into your laptop while you were using a public wifi hotspot at Stansted Airport, in London. now we have to be very careful in using public hotspots because hackers can enter laptops through public hotspot networks, we should store very important data on a special laptop at home and not to be taken out of the house to avoid hackers.

public wifi isn't safe anymore nowadays mate, wherien even you use a very secured wallet as long as you're connected to the wifi because that's how they can access your private information and etc..
I hope you read these if you used to connect public wifi especially when travelling..
 ^{"in this way, the criminal can access users' banking credentials, account passwords and other valuable information. Public Wi-Fi is inherently insecure — so be cautious. Laptops, smartphones and tablets are all" susceptible to the wireless security risks. Don't just assume that the Wi-Fi link is legitimate."}

Although I haven't used Hardware wallet yet for my crypto assets but we know that it is the most strong and secure system for crypto storing, then how is it possible i can't understand.
You used public wifi, maybe it your mistake. I know that public wifi is not secure, although i can't understand that what is the main mistake but i think it this was your mistake.       

One thing that I thought about when I read this is that Ledger has the paper to write your seeds on to, why did you even bother to put it in an online storage? The probability of guessing some random seed phrase that has balance is nearly impossible. If it was that easy, cryptocurrencies should be no longer existing because it's flawed but it's not. So it's still here.

Probably make amends with yourself and accept the loss. You can't do anything about it anymore. Anyway, did you see the transactions that had happened in your wallet? That it really left the address etc?

Export the history of your browser and take a look at each individual website that you visited and check any downloads that you recently downloaded which should be stored on your browser. The only way that someone could take that Bitcoin would be if your computer was hacked by a virus. The Trezor requires confirmation on the device to send a transaction which requires physical access. They would not be able to withdraw funds without that physical access unless you disabled that before it got hacked. Are you sure you did not make a mistake instead?

You should never use public wifi for sending Bitcoin transactions but the question is how did they get physical access to your device to confirm the sending of Bitcoin?

First thing I checked was the portal, where I put my credentials. So I went back to my browser history and this was the URL : portal.live.virginwifi.com

I couldn't access it, shows error 500, i guess because Im not connected to the AP. The details I used to connect where random. Something like test/test etc. I didnt use my real info.

The ssid I connected was : _stanstedairport_WiFi. I have already contacted the airport and I gave them the SSID, in case it was a fake SSID

Google knows your credentials, and what's the point of hardware wallet if you are going to keep seed words online...
Your ledger was probably not hacked, but you made some mistake, and it's possible that you had some clipboard malware on your computer.

Don't be silly please  

In that case, it's not clipboard malware, though it's weird that the hacker didn't touch anything but Bitcoin - unless the rest of the coins you had are not worth the effort. The only logical thing is that your seed is compromised.


Are you sure you have connected to the official wi-fi from the airport? Such public places are ideal for what is called an evil twin attack, and if you were connected to such a fake network and logged in to your e-mail or any other service, all your data fell into the hands of hackers.

Even if OP did not make any additional mistakes beyond storing his seed phrase on the cloud, or was using a perfectly clean computer on his own private WiFi, his seed phrase could still easily have been stolen from the cloud. We have no idea how many servers around the world OP's seed phrase was copied to, how secure those servers were (physically or digitally), which Google employees or third party employees could access them, how robust their encryption algorithms are, and so on. Google don't exactly have the best security practices, previously being caught storing passwords in plaintext for 14 years. This is why cloud storage is always a risk - you have absolutely no idea who else can access it.

There is no real reason not to do this. It takes a few seconds at most, and guarantees your security. Checking only the first ~3 and last ~3 characters still leaves you open to a small risk of theft from clipboard malware, and this risk will only increase over time as hardware becomes more powerful and vanity address generation becomes quicker.

There is absolutely nothing stopping your laptop from having multiple different pieces of malware on it, one which will change your clipboard and another which will steal your seed phrase. Indeed, the fact that you have one piece of malware on your laptop increases the risk of you having others, since you clearly do not have the best security practices or behaviors. I would be formatting that laptop and starting from scratch.

No, I didn't make any transactions at the time while I was waiting at the airport. I don't make transactions when I am at public places and I didn't need to make any transaction at that time. I found out that my copy-paste function has been compromised yesterday, when I tried to send the funds away from the hardware wallet. I double checked the address I copied and paste and they didn't match! So I stopped, I downloaded kaspersky, paid for it, set it up properly, reboot the pc, the malware gone!

I still don't know how the hack happened. but I am sure it happened at the Stansted airport.

I thought the same, to write emails to as many exchanges as possible and hope that they will freeze the funds. I am also going to meet the airport manager if possible to explain the situation. If their wifi is not safe for public use, then they should take immediate action.

If I understood you correctly, only BTC was stolen with the help of clipboard malware - which means that you had to make a transaction in which the malware replaced the address, and that the seed was not compromised.


Coins are still at that address, but by checking it I didn't find that it can be connected to some crypto service. What you can do right now is write an email explaining your situation and sending it to as many crypto-exchanges as possible, because a hacker might make a mistake and send stolen funds to one of those exchanges - and they can then freeze coins. What you definitely need to do is sign messages from all the addresses from which the BTC was stolen as proof that you are indeed the real owner.

I won’t lie to you that your chances are great, but you have the choice to come to terms with the loss, or to try to do something.

Public Wifi has nothing to do in your case unless your machine was itself infected in the first place. because the ledger has its own security mechanism.
since your saved your seed in the cloud. that seems the culprit.

also, never use any app which facilitates your SMS from your phone to your machine like YourPhoneCompanion in android and messages/imessages in mac. and also don't install 2FA apps in your machine like Authy. use them on your phone only and do not connect your phone with your machine all the time. do so while your internet connection is off.

and nope, guessing your seed is impossible. don't even think about it.
It may be someone in your close proximity who might be snooping on you. that's what I can think of in my expert opinion.

Never leave your password on your laptop or online server. I keep my passwords on two portable flash disks in case one fails. Which is the safest possible option. Clean your PC of malware and avoid fake websites that looks like the original website that steals your Metamask.

These clipboard hijackers are nasty -- you can read about them here: https://www.bleepingcomputer.com/news/security/clipboard-hijacker-malware-monitors-23-million-bitcoin-addresses/

Any time you paste a crypto address, you need to check that the first few and last few characters of the address that you paste matches the address that you copied. 

(Ideally you'd check every last character of the address.  It's theoretically possible, but computationally expensive, for this malware to create a public address ahead of time for each of the addresses that they are watching that matches on the first few and last few characters).

BTW, it really is worth reporting this to the police.  You never know when a criminal will be caught, and they could sitting on a private key that generated the address where your funds are.  It's certainly possible -- though unlikely -- that you could get your money back.  It has happened before (at least in the case of crypto scams -- there are a couple of examples at the end of this article: https://cryptoassetrecovery.com/2021/07/15/best-practices-recover-funds-from-crypto-scams/)

Dont use google chrome, for anything. Even they announced about a week ago that it has been easy to exploit its software for the past months !

This might have happened through your connection to public WiFi which is never advisable for me. There more sophisticated tools hackers do use on public WiFi that do make connected devices to be vulnerable to them and becoming easier to manipulate. If you know that you have significant data on your system, it's better you keep it off from public WiFi than to lost your information.

I was almost a victim of hack the very time I connected my phone to public wifi. I was enjoying the free data I was using but suddenly my phone started hanging and I knew something is fishy somewhere. Within few seconds I noticed that my phone started operating itself without my consent which enlighten me of how dangerous connecting to public WiFi could be.

Hi guys, thank you all for your replies. I spent a lot of time today to update my security protocols. 1 of my main protocols was not to connect to public wifi and routers I dont personally own, or know they are safe. At airports I always use my mobile hotspot. Except yesterday. Yesterday, my mobile was running out of battery and while I was charging it, I decided to connect to public wifi to do some work. Unfortunately, previous weeks were too stressful for me, and I didnt even think about my protocol. I cannot prove it's the wifi but today I realised this :

My laptop must have a malware, I tried to move all of my other funds from the ledger to exchanges until I sort my computer and my ledger out. I tried to copy an 0x hex address from the exchange, and when I pasted it, it was a different address!!!!

This is the transaction where my ledger funds were transferred to another address :

https://blockstream.info/tx/9744253a268a18c61b2d33addc0dcbcfae7e8471985868adcd001e396299d609


Whoever this person is, has made 0.5btc in less than 3 days.

I am so sorry for this, I thought this happens to a newbie but when I saw it 4 years down the line I know it was not a joke. I recently got to know that using public wifi is bad and can easily access ones' IP address and all.

What a unfortunate way of losing your funds and it's sad  that to happen in any person in the crypto world to be hacked. With so many hack incidents lately it's always to keep our seed safe from intrusion and that's the only way of preventing these to happen in the future. Connecting to public wifi is also risky and maybe that's the reason your assets were hacked.

@psycoclan1, now that we're pretty sure how your digital assets were stolen, it would be a good idea to edit the title - it's not your device that has been hacked, but someone has come into possession of your backup in one way or another. Unfortunately, this only proves that the weakest link in the security chain is still a person, and storing such sensitive data online is so wrong that it is not clear to me how anyone can do it at all.

You didn't write if someone stole $100 or $10 000 from you, but you can report the case to the police or hire a professional who can try to track the transaction and possibly find the perpetrator.