Topic: My ledger got hacked - page 2. (Read 418 times)

I think the obvious question to ask OP, is if he travels with his "Seed"?

You cannot transfer tokens out of the physical ledger (hardware wallet) ...without having the PIN and having access to the physical device. (I have to confirm the transfer of tokens on the Ledger Nano, with a key press and the PIN) 

So, the only way for people to get access to your coins, would be if you kept your Ledger Seed in your luggage and when they searched your luggage, one of those people took a photo of the Seed and then imported that to another software wallet and took the tokens on that wallet. 

I hope you do not travel with your Seed? 

I was thinking about this during the night... And i did manage to think up some more scenario's:

You saved your seed in your google drive. IF you have your drive open on your device AND the device contains malware, said malware should be able to access your drive from your actual device, not needing the 2FA (since you'll provide the 2FA token yourself when you use drive on the infected device).

A second one would be if you used the wifi in the airport and didn't use a vpn, there are still attack vectors if you do this... https://www.cloudwards.net/dangers-of-public-wifi/ (not mine, just one of the first google hits i got when searching for the dangers of using public wifi). Some of these attack vectors might be able to steal your google credentials, install malware,...

Bottom line is: it's allmost impossible somebody randomly guessed your 24 words in the correct order. The odds are so close to 0, that in reality you could say they're ~0.
I know, i know, when you see 24 words, you'll always think: "hey, it should be easy to brute force such a seed". But it's not... Ledger used to have a really interesting article about this, but they removed it when they cleaned up their site, but it's still in the google cache: https://webcache.googleusercontent.com/search?q=cache:xR-zGi4JaQ0J:https://ledger.readthedocs.io/en/stable/background/master_seed.html+&cd=1&hl=nl&ct=clnk&gl=nl

So, there are only 2 types of attack vectors left: either somebody got to your seed, or somebody compromised your ledger device... And in all fairness, it was probably the seed you saved in your google drive... Am i 100% sure: no, but the odds are stacked against you.

It's like if i rented a super new and hard to brake anonymous safe deposit box in the public basement of a bank, but i stored the key, the combination to the lock and the directions to the safe deposit box together under a rock in my front yard: if i get robbed, there's a small chance the robber found a way to break into a super hard to brake deposit box by crafting a new key and using a stethoscope to find my combination, but the odds are far bigger he just saw a strange rock in my front yard, picked it up and found a key, combination and directions to my safe...

Saving a hardware wallet's seedphrase in a cloud storage is reducing your hardware wallet's security to the level of any run of the mill online wallet.

Now, the above bolded part might seem like i'm victim blaming, but believe me: i'm not... I just tought it needed to be bolded out to make sure newbies with the same idear as you had see this part straight away. I'm very sorry for your loss (like it has been said before: transactions are irreversible). Even if you made mistakes, nobody has the right to take your funds from you... It's not because i leave the doors to my house open that somebody has the right to steal my stuff... But if i want to know why my stuff has been stolen: it's because i left the front door open...

Saving seed online defeats the purpose of having a ledger in the first place. Thats is worse than saving your private key on your email because with seed, you dont need anything else to access your wallet.
I am worried for having seed written on two pieces of paper at home in case of fire or something, dont even imagine how paranoid i would be if i saved it online.

If they did get access of your computer then they've probably spoofed your email to somehow circumvent the 2FA, it's not a new thing, a lot of hackers use that to try and bypass 2FA and if they're able to do that then you wouldn't notice that they've logged in. Plus, you have a physical device so it's much more difficult to access your wallet in that manner. Can you show us the transactions?

I had this experience at the beginning. At that time, the whole person didn’t know what happened. After seeing this post, I probably understood the reason, and as a lesson learned, I posted it on the forum to let more novices notice and avoid losses.

Condolences to your loss , You need to be extra careful with all of today's sophisticated crypto asset misappropriation , Especially passphrase keys. Your files should be stored in a place do not choose google drive or store documents in your computer , The best advice is to write it down by hand and save it in a journal.
We all should be careful nowadays there are a lot of hackers and sophisticated acts that infiltrate our computers and all our information , You have learned from this loss I believe you have learned the lesson , My sincere advice is that you should record in the logbook of all manual operations , Then we can safely protect our assets by hackers.

AFAIK, there is no way to obtain the seed or the private keys from a Ledger without physically accessing the hardware inside it.

If someone stole your coins, there will be one or more transactions showing it. Please post the transaction IDs.

You're wrong, it's totally safe to use a public Wi-Fi, I will give you a link about a video regarding the true stuff behind the protection offered by almost any VPNs in the market, it's a short one so it's not that tiring to watch.

https://youtu.be/WVDQEoe6ZWY

I'm sorry to burst the bubble for you but there's no way to get back your money. Probably the hackers have been using mixer to obfuscate their foot prints in the blockchain.

Expensive lessons here and I do hope that many members here will learn from the OP experience and not repeat the mistakes of using public wifi or cloud storage to hide your sensitive data.

I don't think you've caught some malware somewhere but not the airport, you connecting to the airport Wi-Fi has nothing to do with you being hacked, the VPN ads lies about that part, I think the abuse has been obsolete because the Wi-Fi tech was changed. Maybe the people behind that hack was biding their time.

Guessing your 24 word recovery phrase randomly is not remotely possible. If it were, the entire network would have collapsed already as anyone lucky enough would be able to guess the recovery phrase of any wallet and steal the coins linked to them.
Any of the suggestions given above by @mocacinno could be the exact scenario that happened, or there was some other source of security leak which you are not yet aware of.

It’s easier to steal the words then to guess them. It’s just not worth it.

Nobody knows my credentials (as far as I know). It was just me and noone else around. I can't really tell how this happened and that confuses me. 2FA in my google authenticator app on the phone. Yeah it's an expensive lesson I guess.

Is there any possibility that anyone could guess the 24 words correctly randomly?

Google 2FA is trash. There are ways to get into the account with for example access to pw and recovery email.

My account got hacked via a malicious browser extension. They had access to everything, took me about 4 months, the police and hours on the phone with unhelpful google employees, to recover access.

If you had your seed in the cloud, that’s 100% how they got it.

DO NOT PUT YOUR SEED ANYWHERE DIGITALLY. (No NAS, no usb, no phone notes)

I have my seed laser engraved in a metal plate (my own personal laser not connected to the internet) and then hidden in the wall in my apartment.  

Regret do always come in the end and not from the start.You should have known that it is risk on storing up seeds on the cloud and it would be much better if you do save it offline.
Having those keys or seeds written on a paper is less risky than you had save up your keys on the cloud which its never been advisable.In talks about your question about
recovery then this is something the sad part.There's no way on getting those coins back and sorry for your loss. I know its hard to move on but there no such
thing you could do.

Even if you log in to a public wifi, your funds are supposed to stay intact on your ledger, unless of course there are other people knowing your login credentials that is. Or your machine itself is infected by something, but even then the funds should still remain intact.

Have you checked whether there are others around you that know of your crypto activities? They could possibly be the ones who might be behind this.


Where are you receiving your 2FA notifications? Through your mobile device or some other machine?

As for recovery, I don’t think there is a way for you to get back the funds as it was already sent to another address.

Well so sad to hear about your loss.
Yes, it is your lesson to learn and be careful next time that it won't happen again. How many newbies like you will fall victim first before they will learn?
Most newbies I saw a problem like this which is they can completely be avoided if they know how to avoid on their own. We should always be knowledgeable enough before using bitcoin because that has a value and the transaction is irreversible, once it will send to the hacker's address it will never retrieve. So, therefore, next time you must be careful.

To be honest I should have deleted this seed from the cloud. I saved it in June 2017 and I completely forgot about it. This was the very first time I have ever used crypto. I guess it's a way to learn a lesson. The 1 million dollar question is if there is any way to recover. I know it is not possible, just asking...mostly out of desperation

Yup as above cloud storage is fine for photos of your pets and your car but not for
sensitive information. The trouble with free email and storage is its too convenient
to use and a lot of people use it by default rather than spending a bit more time to
make use of a securer alternative.

How does your 2FA work, does it go to a second email account? maybe the hackers
had access to that also over the public wifi?

Sorry to hear this.

It's never advisable to store your seeds or private keys into cloud storage such as google drive. That's probably the reason why you've been hacked. I thought about when you've access on the public wifi, maybe there's also something to do with that as it's also never advisable to do that with your laptop that you use to access your funds.