So I don't have a hardware wallet yet, only the coinbase wallet app on my phone, which nothing in it yet. I wanted to move my pennies from coinbase website to the coinbase wallet app, and it costs a fee to do so. Do you also pay somebody a fee if you move coins from your "frequent use" hardware wallet to your "rarely use" hardware wallet? I'm wanting to draw up a best practices document for myself, and there's been a lot of detailed information in this thread which I appreciate. Since my plan is to hodl very long term everything I possibly can, would I want to offload everything I plan to bank for years onto one (or more than one as has been suggested) hardware wallet and keep it locked in my safe? Pull it out once every few months to dump from my active hardware wallet to the "vault" hardware wallet? If I'm talking about having multiple hardware wallets over time, does it still make sense to keep the coins on separate wallets if they are all just in a stack in the safe together in one place? Or if they are all in on place does it makes sense to just keep it all on one device?
If my home burns down and the safe doesn't protect them, what recourse do I have?
If I put them in a bank safe deposit box like Phil suggests, same question - if the bank burns down, or is robbed completely... vault and everything... what recourse do I have? As I think I understand it, the hardware wallets are just paperweights without the seed list. But if one is lost or destroyed, and i still have the seed list, can it be recovered in any way?
As I am planning to invest and to mine, both as part of my retirement plan in 20 years, I really want to make sure I set myself up right from the beginning to do this as best as possible.
I'm going to read up on "air gapped" computers today, that's a term I'm unfamiliar with. I think have a sense of it's context, but I want to understand it better.
Topic: Stolen ETH from my Ledger - page 3. (Read 1491 times)
Even better you have hardware wallet you rarely use(bulk of your crypto) and another one you frequently use. If something bad happened to your frequently used hardware wallet(smaller amount of crypto), then you will know that you have something to fix so that your rarely used hardware wallet will be safe..
People just want something to rely on and use with a peace of mind..ledger is somewhat at fault too if people cannot use it with peace of mind.
Remember, always check the address before pressing the "send' button that is all you have to do.
People just want something to rely on and use with a peace of mind..ledger is somewhat at fault too if people cannot use it with peace of mind.
Remember, always check the address before pressing the "send' button that is all you have to do.
Yeah, I forgot to mention that too, thanks hehe
I also forgot..laziness (which we all have) tends to look for one best solution..but the best solution is always approach security with "LAYERS" .. we may call it as "layered security".
speaking of "forgetting"...that's why "layers", example: you forgot your password, but you have it written somewhere safe
altcoins that don't have hardware wallet support use this (Neo’s SafeKeys - or something similar) as a layer of security. I have a computer that got malware'd but the thief wasn't able to steal because password was protected hehe.
trezor one can also be used to U2F-FIDO (hardware 2fa) your gmail, yahoo, facebook etc. etc. account.....another use of that hardware wallet--> now you have more reasons to get more trezor to spead your coins to different hardware wallets hehe
Even better you have hardware wallet you rarely use(bulk of your crypto) and another one you frequently use. If something bad happened to your frequently used hardware wallet(smaller amount of crypto), then you will know that you have something to fix so that your rarely used hardware wallet will be safe..
People just want something to rely on and use with a peace of mind..ledger is somewhat at fault too if people cannot use it with peace of mind.
Remember, always check the address before pressing the "send' button that is all you have to do.
People just want something to rely on and use with a peace of mind..ledger is somewhat at fault too if people cannot use it with peace of mind.
Remember, always check the address before pressing the "send' button that is all you have to do.
Yeah, I forgot to mention that too, thanks hehe
Hardware wallets are not safe and are the first thing that are targeted since they are used solely for crypto. Instead use an airgapped computer that is NEVER connected to the internet. There is too much room for hardware wallets to be tampered with at the factory, post office, etc. Also Ledger could have done this themselves abut they only selectively scam people so they have a fresh crop of customers.
Luckily you didn't lose much money, only around 11 bitcoins worth of ethereum so you can learn from this and bounce back.
Luckily you didn't lose much money, only around 11 bitcoins worth of ethereum so you can learn from this and bounce back.
Any loss greater than $1k is significant in my book, just look at this section of the forum, people using celeron to mine in hopes to earn cents, not realizing their electricity spent is more than the cents they earn using the celerons, I know they are stupid but think about if one of those people lost $1k? they would rope themselves and be done with it and to tell you the truth, the op is too sane given he lost a lot lot of money.
Also to me, any cold wallet is not something that you would use all the time for any transaction, actually, you should rarely use it, I advise the use of it to be, 2 to 5 times a year.
Even better you have hardware wallet you rarely use(bulk of your crypto) and another one you frequently use. If something bad happened to your frequently used hardware wallet(smaller amount of crypto), then you will know that you have something to fix so that your rarely used hardware wallet will be safe..
People just want something to rely on and use with a peace of mind..ledger is somewhat at fault too if people cannot use it with peace of mind.
Remember, always check the address before pressing the "send' button that is all you have to do.
Luckily you didn't lose much money, only around 11 bitcoins worth of ethereum so you can learn from this and bounce back.
I had to load the BTCUSD and see if BTC crashed down to $10 a coin because hearing someone say 11BTC is not alot of money would only make sense if BTC was double digits like in 2012. 11BTC is a significant amount of money. You would need to have a net worth of at least $5Million+ to consider quarter million to be pocket change.
I don't think he will earn it back. Most likely he mined these ETH back when ETH was like $10 a coin and hodl'd. Only spend money on electricity and GPUs. So very little initial investment. Kind of like how everyone who mined BTC back in 2010 is lucky if they held till today. If they lost it all due to a hack, do you think they could earn it back? Probably not.
Hardware wallets are not safe and are the first thing that are targeted since they are used solely for crypto. Instead use an airgapped computer that is NEVER connected to the internet. There is too much room for hardware wallets to be tampered with at the factory, post office, etc. Also Ledger could have done this themselves abut they only selectively scam people so they have a fresh crop of customers.
Luckily you didn't lose much money, only around 11 bitcoins worth of ethereum so you can learn from this and bounce back.
Luckily you didn't lose much money, only around 11 bitcoins worth of ethereum so you can learn from this and bounce back.
Any loss greater than $1k is significant in my book, just look at this section of the forum, people using celeron to mine in hopes to earn cents, not realizing their electricity spent is more than the cents they earn using the celerons, I know they are stupid but think about if one of those people lost $1k? they would rope themselves and be done with it and to tell you the truth, the op is too sane given he lost a lot lot of money.
Also to me, any cold wallet is not something that you would use all the time for any transaction, actually, you should rarely use it, I advise the use of it to be, 2 to 5 times a year.
Hardware wallets are not safe and are the first thing that are targeted since they are used solely for crypto. Instead use an airgapped computer that is NEVER connected to the internet. There is too much room for hardware wallets to be tampered with at the factory, post office, etc. Also Ledger could have done this themselves abut they only selectively scam people so they have a fresh crop of customers.
Luckily you didn't lose much money, only around 11 bitcoins worth of ethereum so you can learn from this and bounce back.
Luckily you didn't lose much money, only around 11 bitcoins worth of ethereum so you can learn from this and bounce back.
B) 5 trezors with 76 eth coins in each would have been a better choice.
Thanks for remembering the 4th thing to do.
1st: never use ledger in your personal computer, the computer you will use ledger must have never been used for another thing other than ledger itself and the OS needs to be installed with the original image from the website itself. There are OS's that are modified, beware of that.
2nd: Make sure nothing in the network is running while ledger is plugged in your ledger specific computer or you can use a second network connection, much safer.
3rd: Keep you seedphrase in a fireproof case, this might be very expensive because most are not up for the job. Well, it has many other ways to keep it safe.
4th: Don't put all your eggs in one basket.
This is not paranoic, to make things simpler, you can use the same pc but not the same hard disk, swap disks will work here, a new pc is not needed for this.
or own 2 of these
https://www.ebay.com/itm/Lenovo-M73-Tiny-Mini-Business-Desktop-Intel-Core-i3-i5-Win10-Pro-Customizer/164477569226?
16gb ram 1tb ssd i5 4570t for about 220 well worth the money to hold coins
I have lots of them.
Yeah use ssd and back up your wallet.
I have a 80gb hdd used in a mining rig...used by the first owner and used by me for 7 years mining...it fell and it died.
Whats ironic is that millions of dollars probably went into Ledger research and developement to make it as secure as possible. There was that little bug a few years back if you forgot your PIN someone could bypass it, however a firmware upgrade fixed that. So they didn't overlook anything except their weak point was their web server security.
Web server security would of probably been much much cheaper to make secure than what it cost to make the ledger secure. However a simple email leak with first and last name to cause this much loss even after the individual did their due diligence and bought a hardware wallet in the first place is just sad and not fair.
Losing a quarter of a million dollars which would of been 50% of a house in most places is just crazy.
Web server security would of probably been much much cheaper to make secure than what it cost to make the ledger secure. However a simple email leak with first and last name to cause this much loss even after the individual did their due diligence and bought a hardware wallet in the first place is just sad and not fair.
Losing a quarter of a million dollars which would of been 50% of a house in most places is just crazy.
B) 5 trezors with 76 eth coins in each would have been a better choice.
Thanks for remembering the 4th thing to do.
1st: never use ledger in your personal computer, the computer you will use ledger must have never been used for another thing other than ledger itself and the OS needs to be installed with the original image from the website itself. There are OS's that are modified, beware of that.
2nd: Make sure nothing in the network is running while ledger is plugged in your ledger specific computer or you can use a second network connection, much safer.
3rd: Keep you seedphrase in a fireproof case, this might be very expensive because most are not up for the job. Well, it has many other ways to keep it safe.
4th: Don't put all your eggs in one basket.
This is not paranoic, to make things simpler, you can use the same pc but not the same hard disk, swap disks will work here, a new pc is not needed for this.
or own 2 of these
https://www.ebay.com/itm/Lenovo-M73-Tiny-Mini-Business-Desktop-Intel-Core-i3-i5-Win10-Pro-Customizer/164477569226?
16gb ram 1tb ssd i5 4570t for about 220 well worth the money to hold coins
I have lots of them.
B) 5 trezors with 76 eth coins in each would have been a better choice.
Thanks for remembering the 4th thing to do.
1st: never use ledger in your personal computer, the computer you will use ledger must have never been used for another thing other than ledger itself and the OS needs to be installed with the original image from the website itself. There are OS's that are modified, beware of that.
2nd: Make sure nothing in the network is running while ledger is plugged in your ledger specific computer or you can use a second network connection, much safer.
3rd: Keep you seedphrase in a fireproof case, this might be very expensive because most are not up for the job. Well, it has many other ways to keep it safe.
4th: Don't put all your eggs in one basket.
This is not paranoic, to make things simpler, you can use the same pc but not the same hard disk, swap disks will work here, a new pc is not needed for this.
386 eth = 250K
A) I am sorry for your loss
B) 5 trezors with 76 eth coins in each would have been a better choice.
C) I hope you are a very big whale and that this is not more then 10% of your holdings.
D) forget hacking think 5 dollar wrench attack having a 20 coin trezor and a 66 coin trezor in your home may convince them that is all there is.
E) in case of fire a second location is a good idea. Like a safe deposit box
F]It would have been nice to read that you lost only 36 coins because you have trezors in a bank safety box.
A) I am sorry for your loss
B) 5 trezors with 76 eth coins in each would have been a better choice.
C) I hope you are a very big whale and that this is not more then 10% of your holdings.
D) forget hacking think 5 dollar wrench attack having a 20 coin trezor and a 66 coin trezor in your home may convince them that is all there is.
E) in case of fire a second location is a good idea. Like a safe deposit box
F]It would have been nice to read that you lost only 36 coins because you have trezors in a bank safety box.
--snip--
1st: never use ledger in your personal computer, the computer you will use ledger must have never been used for another thing other than ledger itself and the OS needs to be installed with the original image from the website itself. There are OS's that are modified, beware of that.
2nd: Make sure nothing in the network is running while ledger is plugged in your ledger specific computer or you can use a second network connection, much safer.
3rd: keep you seedphrase in a fireproof case, this might be very expensive because most are not up for the job. Well, it has many other ways to keep it safe.
1st: never use ledger in your personal computer, the computer you will use ledger must have never been used for another thing other than ledger itself and the OS needs to be installed with the original image from the website itself. There are OS's that are modified, beware of that.
2nd: Make sure nothing in the network is running while ledger is plugged in your ledger specific computer or you can use a second network connection, much safer.
3rd: keep you seedphrase in a fireproof case, this might be very expensive because most are not up for the job. Well, it has many other ways to keep it safe.
hm... These 3 rules sound a bit paranoid to me... Defenatly NOT bad OPSEC, as a matter of fact, it's good OPSEC. However, if you're going to be THIS paranoid, you're better off with an airgapped setup.
I mean, as soon as you're going to get a dedicated pc for your wallet, just do a clean install, remove the network card (or deinstall the drivers), install the latest version of bitcoin core or electrum by following an airgapped setup walktrough and you'll have a wallet that tops a hw wallet when it comes to security. Just make sure you do it right... There are several ways you can mess up an airgapped setup... Ah, and make sure you keep a backup of your seed or wallet.dat on a couple usb sticks which you only plugin in your offline airgapped machine (and use a strong password to encrypt them)
When it comes to safety, it's more or less (from safest to least safe)
- Properly generated airgapped setup
- Hardware wallet/Properly generated paper wallet (i've seen lots of debates as to which is the safest)
- Desktop wallet (on a legal, clean pc, with AV and firewall)
- Mobile wallet (on a clean mobile)
- Web wallet
- Brain wallet
When it comes to hardware wallets, i'd probably go for these rules:
- Go for a decent hw wallet... Stay with ledger or trezor... There are others, but these 2 brands are the most known
- Buy from trezor or ledger directly
- Make sure the box you receive hasn't been tampered with
- Make sure YOU initialise the device
- An an extra passphrase to your seed... Makes it THAT much harder to bruteforce
- Make sure you don't keep your seed on an online machine... It has to be WRITTEN down
- One or two laminated copies of the paper containing the seed won't hurt, but make sure they're kept in a safe place
- Make sure you always use the latest version of the firmware. Learn how to install firmware
- Make sure you always use the latest version of the wallet software
- Never ever enter your seed on any website... Seeds should ONLY be used for recovering your wallet, and should ONLY be entered on your HW wallet itself
- ALWAYS doublecheck any transaction on the screen of the HW wallet before signing it
- It's always a good idear to keep the device where you plug in your hardware wallet clean... I mean, nobody wants a nasty copy/paste virus that changes addresses by hacker's addresses or something... A virusscanner and firewall won't hurt, and installing random software you found online should be a big no-no... But these things are not specific for hardware wallets
- Make sure nobody has physical access to your hardware wallet...
- Don't brag about how much you hold
- Running your funds trough a mixer or a coinjoin session protects you from a $5 wrench attack... But some exchanges won't like you anymore if they cannot trace your funds...
....
We don't know how he got his funds stolen, to make sure you dont fall for the same thing, follow simple steps.
1st: never use ledger in your personal computer, the computer you will use ledger must have never been used for another thing other than ledger itself and the OS needs to be installed with the original image from the website itself. There are OS's that are modified, beware of that.
2nd: Make sure nothing in the network is running while ledger is plugged in your ledger specific computer or you can use a second network connection, much safer.
3rd: keep you seedphrase in a fireproof case, this might be very expensive because most are not up for the job. Well, it has many other ways to keep it safe.
Gosh, this is scary. I'm new to all this, and now I'm second guessing things I've ready concerning securely storing coins.
I presently don't have any kind of a hardware wallet, I do have the coinbase wallet app on my phone, but nothing in there just yet. My trivial amounts of crypto are just still in the coinbase account, which as I think I understand it, is NOT a wallet controlled by me, as they don't give you any seeds. I have had that account for over 3 years, but very little crypto in there. I am planning to start mining in January, and my plan is to mine and hodl for long term. I've had a few different recommendations on how I should store these earnings, there are different opinions. But maybe the way to ask the question is, for a guy getting started, and wanting to work and hodl long term, what is the very best, most secure way to store these coins? Should I invest in a hardware wallet? I don't quite understand how you connect to one, if it's meant to be offline, not on your network, etc... "Cold Wallet" is what I'm reading about.
If I buy one, how can I ensure that it isn't a return with somebody else's seeds on it? Is there a way to do a hard reset as soon as you get it to make sure it's safe?
I presently don't have any kind of a hardware wallet, I do have the coinbase wallet app on my phone, but nothing in there just yet. My trivial amounts of crypto are just still in the coinbase account, which as I think I understand it, is NOT a wallet controlled by me, as they don't give you any seeds. I have had that account for over 3 years, but very little crypto in there. I am planning to start mining in January, and my plan is to mine and hodl for long term. I've had a few different recommendations on how I should store these earnings, there are different opinions. But maybe the way to ask the question is, for a guy getting started, and wanting to work and hodl long term, what is the very best, most secure way to store these coins? Should I invest in a hardware wallet? I don't quite understand how you connect to one, if it's meant to be offline, not on your network, etc... "Cold Wallet" is what I'm reading about.
If I buy one, how can I ensure that it isn't a return with somebody else's seeds on it? Is there a way to do a hard reset as soon as you get it to make sure it's safe?
Not your keys = not your coins.
I definitely wouldn't use a web wallet like you're doing right now.
A truly cold wallet means a wallet on an airgapped device. Most hardware wallets are connected to your device to receive unsigned transactions, and for sending signed transactions, thus they are not 100% cold. They are still safe tough, since they're created in a way so your keys can never leave the hw wallet.
Basically, if you want secure storage, go for a ledger, a Trezor, an airgapped setup or a properly generated paper wallet .
I buy my hw wallets straight from the ledger or Trezor (never from resellers), check the package for tampering and make sure they're not preinitialized
Gosh, this is scary. I'm new to all this, and now I'm second guessing things I've ready concerning securely storing coins.
I presently don't have any kind of a hardware wallet, I do have the coinbase wallet app on my phone, but nothing in there just yet. My trivial amounts of crypto are just still in the coinbase account, which as I think I understand it, is NOT a wallet controlled by me, as they don't give you any seeds. I have had that account for over 3 years, but very little crypto in there. I am planning to start mining in January, and my plan is to mine and hodl for long term. I've had a few different recommendations on how I should store these earnings, there are different opinions. But maybe the way to ask the question is, for a guy getting started, and wanting to work and hodl long term, what is the very best, most secure way to store these coins? Should I invest in a hardware wallet? I don't quite understand how you connect to one, if it's meant to be offline, not on your network, etc... "Cold Wallet" is what I'm reading about.
If I buy one, how can I ensure that it isn't a return with somebody else's seeds on it? Is there a way to do a hard reset as soon as you get it to make sure it's safe?
I presently don't have any kind of a hardware wallet, I do have the coinbase wallet app on my phone, but nothing in there just yet. My trivial amounts of crypto are just still in the coinbase account, which as I think I understand it, is NOT a wallet controlled by me, as they don't give you any seeds. I have had that account for over 3 years, but very little crypto in there. I am planning to start mining in January, and my plan is to mine and hodl for long term. I've had a few different recommendations on how I should store these earnings, there are different opinions. But maybe the way to ask the question is, for a guy getting started, and wanting to work and hodl long term, what is the very best, most secure way to store these coins? Should I invest in a hardware wallet? I don't quite understand how you connect to one, if it's meant to be offline, not on your network, etc... "Cold Wallet" is what I'm reading about.
If I buy one, how can I ensure that it isn't a return with somebody else's seeds on it? Is there a way to do a hard reset as soon as you get it to make sure it's safe?
Buy it from the maker....
Gosh, this is scary. I'm new to all this, and now I'm second guessing things I've ready concerning securely storing coins.
I presently don't have any kind of a hardware wallet, I do have the coinbase wallet app on my phone, but nothing in there just yet. My trivial amounts of crypto are just still in the coinbase account, which as I think I understand it, is NOT a wallet controlled by me, as they don't give you any seeds. I have had that account for over 3 years, but very little crypto in there. I am planning to start mining in January, and my plan is to mine and hodl for long term. I've had a few different recommendations on how I should store these earnings, there are different opinions. But maybe the way to ask the question is, for a guy getting started, and wanting to work and hodl long term, what is the very best, most secure way to store these coins? Should I invest in a hardware wallet? I don't quite understand how you connect to one, if it's meant to be offline, not on your network, etc... "Cold Wallet" is what I'm reading about.
If I buy one, how can I ensure that it isn't a return with somebody else's seeds on it? Is there a way to do a hard reset as soon as you get it to make sure it's safe?
I presently don't have any kind of a hardware wallet, I do have the coinbase wallet app on my phone, but nothing in there just yet. My trivial amounts of crypto are just still in the coinbase account, which as I think I understand it, is NOT a wallet controlled by me, as they don't give you any seeds. I have had that account for over 3 years, but very little crypto in there. I am planning to start mining in January, and my plan is to mine and hodl for long term. I've had a few different recommendations on how I should store these earnings, there are different opinions. But maybe the way to ask the question is, for a guy getting started, and wanting to work and hodl long term, what is the very best, most secure way to store these coins? Should I invest in a hardware wallet? I don't quite understand how you connect to one, if it's meant to be offline, not on your network, etc... "Cold Wallet" is what I'm reading about.
If I buy one, how can I ensure that it isn't a return with somebody else's seeds on it? Is there a way to do a hard reset as soon as you get it to make sure it's safe?
Hope he didnt fall for the Uniswap airdrop scam (2nd / 3rd air drop) ive seen numberous times on Discord and other places. Takes you to a page to enter your eth wallet seed.....
So ya know they can confirm you balance and send you your airdrop....er.....i mean so they can empty your eth wallet......
So ya know they can confirm you balance and send you your airdrop....er.....i mean so they can empty your eth wallet......
Basically Ledger they had their email database hacked a few months back. From time to time they are sending phishing emails asking people to go to their website and update their software. The scam is clever because it uses your real first and last name. If you bought an authentic ledger then they stored your email, first name and last name.
The hackers are targetting people and making you click on a link which looks like the real ledger website and they trick you by entering your seed. Most likely this is what the OP is talking about.
Because I can't think of any other way he could of gotten his ETH stolen, even if his PC was full of malware. The ledger email phishing attack should be more in the news to make people aware. But if you got a busy life, don't keep up with crypto news, you might fall prey to this very easily.
The hackers are targetting people and making you click on a link which looks like the real ledger website and they trick you by entering your seed. Most likely this is what the OP is talking about.
Because I can't think of any other way he could of gotten his ETH stolen, even if his PC was full of malware. The ledger email phishing attack should be more in the news to make people aware. But if you got a busy life, don't keep up with crypto news, you might fall prey to this very easily.
That's really sad to hear... Whatever the reason was, you're a victim of this situation. transactions are irreversible, so the chances of getting your funds back are small. The best you can do is go to the police and file a police report.
Have you contacted ledger support? They're usually pretty helpfull.
This being said, the instances where people lost money due to a bug or vulnerability in their hardware wallet are very, very low. Especially if the enduser is paying attention.
Sure, bugs happen... They're usually not the kind of bugs that put your funds in jeopardy.
Sure, vulnerability's happen.... But the exploitation of these vulnerability's is usually so complex (and usually requires physical access to the device) that i've never met a victim of such an exploit. Also, vulnerability's are usually fixed pretty fast.
The thing is: ledger is using a secure chip. Private keys never touch your online machine (they stay on your hardware wallet). You should be able to use a ledger on an infected PC, as long as you review your transaction on your ledger's screen before signing it, your funds should be safe.
However, either ledger or trezor did have a vulnerability that allowed an attacker to trick a user into signing a "wrong" transaction. The victim would think he was signing a tx transfering 1 LTC, while in reality he was signing a tx transfering 1 BTC. Needless to say, this vulnerability has been fixed.
Did you create other transactions around the time you were robbed?
Now, I don't know what happened in your case, but based on my experience, in case somebody loses his/her funds stored on a decent hardware wallet, it's usually because:
Once again: i'm not victim blaming. It IS possible you fell victim to an unknown or unpatched vulnerability, and there was no way you could have avoided getting robbed... I'm just saying that if we look at the odds, then we must say the odds are small (but not nonexistant).
So, my advice would still be: open a police report, contact ledger, move your other assets from your ledger to a different secure wallet.
Have you contacted ledger support? They're usually pretty helpfull.
This being said, the instances where people lost money due to a bug or vulnerability in their hardware wallet are very, very low. Especially if the enduser is paying attention.
Sure, bugs happen... They're usually not the kind of bugs that put your funds in jeopardy.
Sure, vulnerability's happen.... But the exploitation of these vulnerability's is usually so complex (and usually requires physical access to the device) that i've never met a victim of such an exploit. Also, vulnerability's are usually fixed pretty fast.
The thing is: ledger is using a secure chip. Private keys never touch your online machine (they stay on your hardware wallet). You should be able to use a ledger on an infected PC, as long as you review your transaction on your ledger's screen before signing it, your funds should be safe.
However, either ledger or trezor did have a vulnerability that allowed an attacker to trick a user into signing a "wrong" transaction. The victim would think he was signing a tx transfering 1 LTC, while in reality he was signing a tx transfering 1 BTC. Needless to say, this vulnerability has been fixed.
Did you create other transactions around the time you were robbed?
Now, I don't know what happened in your case, but based on my experience, in case somebody loses his/her funds stored on a decent hardware wallet, it's usually because:
- the victim exposed their seed. Seeds get stored on cloud storage, seeds get stored in emails, seeds get stored on pictures on your phone, seeds get entered due to phishing attacks, pre-initialised wallets get sold by thieves, family members or friends or collegues steal seeds from the paper they're written on
- the victim exposed their xprv (or derived private keys). Usually be exporting xprv or prv and importing it into an other wallet
- there was physical access to their hardware wallet: for example, amazon is notorious for taking back used wallets and putting them back in stock, which allows people to install fake firmware or pre-initialise the device. Also, there are vulnerability's that allow the extraction of date from a trezor if you have physical access to the device
- bad opsec: not installing patches, not paying attention as to where you download software from, not paying attention when signing transactions,...
Once again: i'm not victim blaming. It IS possible you fell victim to an unknown or unpatched vulnerability, and there was no way you could have avoided getting robbed... I'm just saying that if we look at the odds, then we must say the odds are small (but not nonexistant).
So, my advice would still be: open a police report, contact ledger, move your other assets from your ledger to a different secure wallet.
Jump to: