Author

Topic: Stolen funds from Ledger Live? (Read 335 times)

newbie
Activity: 1
Merit: 0
December 02, 2020, 07:56:49 AM
#30
Probably, pin-hole camera or imagining radar something.
legendary
Activity: 2730
Merit: 7065
November 24, 2020, 05:11:25 PM
#29
The fact that you couldn't access your Ethereum accounts without an update a month ago is suspicious, especially since you were then robbed a few minutes later.
The two events don't have to be connected. During October, Ethereum accounts couldn't sync within Ledger Live. Their developer team found out that users who had Synthetix tokens, TIC, and sUSD couldn't sync their ETH accounts for whatever reason.

He used his Ledger Live account on 21 August. This is the official response from Ledger regarding the sync issues:
Quote
Attention #Ledger #Ethereum users

Your #ETH account may be stuck in syncing if you ever had one of these tokens:
- Synthetix (old contract address)
- TIC
- sUSD (old contract address)

While we're working on fixing this, you can use your Ledger with
@MyCrypto
 or
@myetherwallet
https://twitter.com/Ledger_Support/status/1318899089241743361

@ KrJS81
Did you, or do you still have any of those 3 tokens on your hardware wallet?
Can you walk us through (if you remember) your online activity on the day your funds were stolen? As much details as possible.
legendary
Activity: 1624
Merit: 2481
November 24, 2020, 01:18:07 PM
#28
Another option is to use a Faraday cage to cut all external connections to the phone. Include a white noise generator next to it (or inside the cage) if you're afraid sounds are recorded offline only to be streamed once the phone reconnects to the internet.

That's definitely an option for the over-paranoid (some of them probably even are right in being paranoid about this).

Another option would be a completely open source mobile where the software and the hardware is open source.
Precursor is such a project. This isn't just a mobile built with purely open source software, but even the hardware can be verified.

That's a project from bunnie who held a very interesting talk about the supplychain of hardware and how an open source design is not enough to protect against supply chain attacks. This 1 hour long video can be found here. It is definitely worth to watch.
legendary
Activity: 1134
Merit: 1598
November 24, 2020, 11:35:55 AM
#27
However, if you fear getting spied on through your smartphone, you'd also have to make sure it can't record ambient sound.
Whether that is paranoid or a possibly used attack vector, is completely up to you and depends on you and the situation you are in.
While I'm quite paranoid about smartphones and cameras, imo if one gets to the point where they're so paranoid that they can't trust their smartphone at all anymore, it may be time to use a dumb phone instead. Like, I do this as a security and privacy practice - not necessarily because I'd be scared of someone monitoring my webcam activity.

For ambient sounds, if you're talking about microphones, it's quite hard to get the 3 microphones disconnected from a smartphone. I don't think there are any (or a lot of) smartphones out there that have modular microphones, they're usually soldered into the motherboard and requires micro-soldering skills to disconnect them. And that implies some very rough possible consequences: you'd have to only use headphones for microphone, so imagine having to call 911 in an emergency.

The thing is, even with your cameras and microphones removed, your phone's hardware and OS are the main issue. If you fear being spied through microphones and cameras, I'd have a much larger fear for the blobs and closed-source stuff the operating system has. At that point, Librem phones should be considered if you really need a smartphone (or a dumb phone, which is as cheap as a meal and can be disposed at any given time).

Another option is to use a Faraday cage to cut all external connections to the phone. Include a white noise generator next to it (or inside the cage) if you're afraid sounds are recorded offline only to be streamed once the phone reconnects to the internet.
legendary
Activity: 1624
Merit: 2481
November 24, 2020, 10:44:48 AM
#26
Is it possible to have one's smartphone hacked, so when your lift it and the camera points to the desk with the paper in sight it captures the words taking a screenshot?

Possible? Definitely.
But is it likely? Not so much.

If you want to be sure that no one is spying on you through your smart phones camera, i'd recommend a webcam cover, i.e. something like that:


Source: amazon.com

They are pretty cheap and are available for all kinds of cameras (smart phones, laptop, webcams).

However, if you fear getting spied on through your smartphone, you'd also have to make sure it can't record ambient sound.
Whether that is paranoid or a possibly used attack vector, is completely up to you and depends on you and the situation you are in.
legendary
Activity: 2268
Merit: 18711
November 24, 2020, 10:38:09 AM
#25
Is it possible to have one's smartphone hacked, so when your lift it and the camera points to the desk with the paper in sight it captures the words taking a screenshot?
Yes, this is entirely possible. It also applies to cameras on laptops or tablets or standalone webcams plugged in to a computer. When they are not being used, you should disconnect any cameras you can, and cover them if you cannot disconnect them. A piece of tape is a sufficient and cheap option, but you can also buy phone cases with physical sliders or shutters to block cameras.

This isn't just good security, but given the mass spying and surveillance conducted by the US government and others, it is just common sense. The ex-director of the FBI says he covers all his cameras when not in use.
legendary
Activity: 1932
Merit: 2354
The Alliance Of Bitcointalk Translators - ENG>SPA
November 24, 2020, 10:31:13 AM
#24
Are you sure that no one had access to your desk?

Since the transaction happened shortly after this session and you had your mnemonic on your desk, the possibility of someone taking a photo of it to steal your funds theoretically exists.
As well as someone using your ledger to sign such a transaction.

Did you ever use your mnemonic code for anything?

I am everything but an opsec master here... but just in case, and sorry if the question is dumb, I have to ask, as this is something that I care about every time I take out the paper with the phrase out of the envelope:

Is it possible to have one's smartphone hacked, so when your lift it and the camera points to the desk with the paper in sight it captures the words taking a screenshot? every time I touch the paper I try to make sure no cameras can look at it (and I feel a bit paranoid, but hey! better safe than sorry).
legendary
Activity: 1624
Merit: 2481
November 24, 2020, 10:15:56 AM
#23
I don't think it's a matter of the recovery phrase since the fraud happened shortly after I was logged in (for the first time in many months). Coincidence?
[...]
That said I did put my fingers on the recovery phrase and put it on my table for a while. And I did leave my desk - maybe with the Ledger device connected. But even if that is the case, how can it happen that the money left my account (as I didn't do anything related to a transaction or approving anything physically other than logging in a couple of times).

Are you sure that no one had access to your desk?

Since the transaction happened shortly after this session and you had your mnemonic on your desk, the possibility of someone taking a photo of it to steal your funds theoretically exists.
As well as someone using your ledger to sign such a transaction.

Did you ever use your mnemonic code for anything?
legendary
Activity: 3500
Merit: 6320
Crypto Swap Exchange
November 24, 2020, 10:09:08 AM
#22
There were (are) still some sophisticated phishing attacks against the ledger live app.

https://www.coindesk.com/phishing-attack-ledger-cryptocurrency-wallet

Even someone with good opsec can still mess up now and then.

And there have been a few fake extensions put up. They usually get taken down quickly but there are still up occasionally.

So even with what the OP said, there is still a chance that it came from elsewhere.

-Dave

legendary
Activity: 3584
Merit: 5243
https://merel.mobi => buy facemasks with BTC/LTC
November 24, 2020, 09:08:48 AM
#21
--snip--
Thanks and I agree - I rely a lot on the police now and hope they manage to investigate this properly.

Not sure whether I risk to blow up something if I share the transaction info?

you risk your privacy if you do so...

Your account name is known, your ip is known (bitcointalk uses cloudflare)... If you post your txid, people can couple some of your addresses to this account, and a couple of law enforcement agency's can do the same with your ip...
But other than this, you can do no harm by posting addresses or transaction id's.
newbie
Activity: 8
Merit: 3
November 24, 2020, 09:05:45 AM
#20
I'm having my recovery phrase - the paper file - stored in my home office in a folder between random documents where only family have access.

Although it is not easy to suspect any of your family members, the way you kept your seed leaves enough doubt that any of them (or their acquaintances) came into possession of that information. Why the funds disappeared after you last logged in to Ledger Live remains a question, maybe it's just a coincidence or someone wanted you to think so.



I have obviously reported this as a crime to the Police here in Denmark as well as reached out to Ledger's Support through their standard formular. Awaiting their feedback.

In that case, the police should do their part and determine if anyone has touched the paper on which the seed is (check the prints), and if anyone other than family members has entered your office. Furthermore, your computer should be thoroughly checked by someone who knows what to look for.

What's even more important is to follow the trail left by the hacker, which means to find out where the stolen coins ended up - so if you want to post both transactions it may help, of course be aware that this can always be a privacy issue.


Thanks and I agree - I rely a lot on the police now and hope they manage to investigate this properly.

Not sure whether I risk to blow up something if I share the transaction info?
legendary
Activity: 3584
Merit: 5243
https://merel.mobi => buy facemasks with BTC/LTC
November 24, 2020, 09:05:07 AM
#19
--snip--
That said I did put my fingers on the recovery phrase and put it on my table for a while. And I did leave my desk - maybe with the Ledger device connected. But even if that is the case, how can it happen that the money left my account (as I didn't do anything related to a transaction or approving anything physically other than logging in a couple of times).

Can you recall why you had the recovery phrase on your table for a while?
There must have been a reason for this... I never take my recovery phrase out...

I'm not saying you fell victim to phishing, but a month ago there were loads of phising mails going around... They were professionally made, and they pointed to a professional looking site that prompted you to enter your seed phrase for verification purposes.
legendary
Activity: 2268
Merit: 18711
November 24, 2020, 09:01:10 AM
#18
The fact that you couldn't access your Ethereum accounts without an update a month ago is suspicious, especially since you were then robbed a few minutes later. Did you update Ledger Live or install any new software at this time?

When you first set up your hardware wallet, did you set it up as a new device with a brand new seed phrase, or did you import a seed phrase from another wallet? Since then, have you ever entered your seed phrase anywhere? (This includes in to Ledger Live, to restore it to another wallet, etc. Anywhere at all?)

Who else would have had access to your seed phrase while it was sitting on your desk? Who else would have had access to your unlocked device while it was connected?
newbie
Activity: 8
Merit: 3
November 24, 2020, 08:56:46 AM
#17
As a summary, it it correct to assume the following:
  • you bought the nano S about 2,5 years ago
  • you funded your addresses a long time ago
  • this morning, you received an email
  • after receiving the email, you checked your hw wallet, and shortly after this, you got robbed


Not exactly.
OP logged in today after receiving an email.
But his funds were stolen 1 month ago (29th October), roughly 30 minutes (a guess from OP) after logging in.

That's at least the information according to the OP:

Today this morning I logged in to my Ledger Live (using Ledger Nano S) [...] since I was logged in last time on 29th of October. [...] all my funds were sent away from my wallet on the 29th of October(!) with 7 minutes between the transactions. Probably within 30 minutes after I logged into the wallet.
--snip--
I bought my device 2.5 years ago. I haven't got any phishing emails until this morning which reminded me about my crypto's. I logged into my account just to how my crypto's were going. I didn't click on links in that email or replied back. Furthermore I haven't received any text messages related to crypto.

No idea how this can happen as it seems like someone was aware that in that exact moment for the first time in many months I logged in - shortly after the funds left my account - which I guess underlines that the recovery phrase wasn't in use?


As a summary, it it correct to assume the following:
  • you bought the nano S about 2,5 years ago
  • you funded your addresses a long time ago
  • this morning, you received an email
  • after receiving the email, you checked your hw wallet, and shortly after this, you got robbed

Some follow-up questions: this morning, when you received said mail, just before you were robbed:
  • did you click any link in said mail? It doesn't even matter if you closed the browser window afterwards, but did you click the link?
  • just before you got robbed, did you physically touch the piece of paper used to write down your seed phrase? If so: what was the reason?
  • did you install any program on your pc recently?
  • just before you got robbed, did you create a tx for any altcoin(s) using your ledger?
  • just before you got robbed, did you spend any BTC from your ledger? (i'm thinking about copy/paste virusses here)
  • are you running the latest version of ledger live and an updated version of ledger's firmware?


Let's say it was a Trojan horse and everything which I did that day was captured by a thief. I guess the person still needs to confirm the transactions physically on the Nano device?
Well, he either got you to confirm the transaction (potentially by abusing the vulnerability i talked about in my previous post... You could have been thinking you were signing a tx to send 3 DOGE, but sent 3 BTC instead due to the vulnerability) OR the thief got your seed phrase...

IF he had your seed phrase, you wouldn't have to confirm anything... The seed phrase is used to calculate the xprv, the private keys get derived from this xprv. Anybody who has your seed can restore it into any wallet he wants, and spend your funds without you having to confirm anything.

Once again: i'm not victim blaming... For what it's worth, you could have had the worst opsec in human history, that still didn't give the thief any entitlement to your funds. You were robbed, you are the victim here... Anything I ask is because i've been around for a while, and believe it or not: i do have some experience in this field... And from my experience, the odds somebody phished you, or had access to your physical device, or found your seed phrase an other way, or installed a copy/paste virus on your device are far greater than the odds of a firmware vulnerability. This does not mean a firmware vulnerability is impossible: i'm just relying on my experience and telling you what the biggest odds are...
I mean: i've seen loads of people with good opsec getting phished... I've seen people that suddenly remember they saved a picture of their seed on their dropbox ages ago...  I've seen people that suddenly remember they sent funds while they were drunk... I've seen people that got confused with change addresses... I've seen people getting confused when splitting their coins into BTC and BCH... I've seen people falling victim to copy/paste virusses by signing tx's without verifying which addres they were going to fund... But I haven't seen that many people that fell victim to a HW wallet vulnerability that couldn't been avoided by good opsec... Maybe once or twice: i can't remember a single one i've personally met, but i have a bad memory...


OP, in addition to the questions of mocacinno, could you please also answer these:
  • Does anyone have access to your hardware wallet ?
  • Is your PIN truly random and no one could guess it ?
  • Does your Nano look like it has been tampered with (case being opened) ?



I get your point. I'm trying to figure out how this can happen, recall my Ledger-session that day and whether I had my fingers on the recovery phrase.

I don't think it's a matter of the recovery phrase since the fraud happened shortly after I was logged in (for the first time in many months). Coincidence? That day I did not make any tx's - I just checked my balances and tried to figure out, why I could not access my Ethereum balance.

That said I did put my fingers on the recovery phrase and put it on my table for a while. And I did leave my desk - maybe with the Ledger device connected. But even if that is the case, how can it happen that the money left my account (as I didn't do anything related to a transaction or approving anything physically other than logging in a couple of times).
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
November 24, 2020, 08:55:47 AM
#16
I'm having my recovery phrase - the paper file - stored in my home office in a folder between random documents where only family have access.

Although it is not easy to suspect any of your family members, the way you kept your seed leaves enough doubt that any of them (or their acquaintances) came into possession of that information. Why the funds disappeared after you last logged in to Ledger Live remains a question, maybe it's just a coincidence or someone wanted you to think so.



I have obviously reported this as a crime to the Police here in Denmark as well as reached out to Ledger's Support through their standard formular. Awaiting their feedback.

In that case, the police should do their part and determine if anyone has touched the paper on which the seed is (check the prints), and if anyone other than family members has entered your office. Furthermore, your computer should be thoroughly checked by someone who knows what to look for.

What's even more important is to follow the trail left by the hacker, which means to find out where the stolen coins ended up - so if you want to post both transactions it may help, of course be aware that this can always be a privacy issue.
legendary
Activity: 1624
Merit: 2481
November 24, 2020, 07:41:44 AM
#15
As a summary, it it correct to assume the following:
  • you bought the nano S about 2,5 years ago
  • you funded your addresses a long time ago
  • this morning, you received an email
  • after receiving the email, you checked your hw wallet, and shortly after this, you got robbed


Not exactly.
OP logged in today after receiving an email.
But his funds were stolen 1 month ago (29th October), roughly 30 minutes (a guess from OP) after logging in.

That's at least the information according to the OP:

Today this morning I logged in to my Ledger Live (using Ledger Nano S) [...] since I was logged in last time on 29th of October. [...] all my funds were sent away from my wallet on the 29th of October(!) with 7 minutes between the transactions. Probably within 30 minutes after I logged into the wallet.


OP, in addition to the questions of mocacinno, could you please also answer these:
  • Does anyone have access to your hardware wallet ?
  • Is your PIN truly random and no one could guess it ?
  • Does your Nano look like it has been tampered with (case being opened) ?

legendary
Activity: 3584
Merit: 5243
https://merel.mobi => buy facemasks with BTC/LTC
November 24, 2020, 07:35:46 AM
#14
--snip--
I bought my device 2.5 years ago. I haven't got any phishing emails until this morning which reminded me about my crypto's. I logged into my account just to how my crypto's were going. I didn't click on links in that email or replied back. Furthermore I haven't received any text messages related to crypto.

No idea how this can happen as it seems like someone was aware that in that exact moment for the first time in many months I logged in - shortly after the funds left my account - which I guess underlines that the recovery phrase wasn't in use?


As a summary, it it correct to assume the following:
  • you bought the nano S about 2,5 years ago
  • you funded your addresses a long time ago
  • this morning, you received an email
  • after receiving the email, you checked your hw wallet, and shortly after this, you got robbed

Some follow-up questions: this morning, when you received said mail, just before you were robbed:
  • did you click any link in said mail? It doesn't even matter if you closed the browser window afterwards, but did you click the link?
  • just before you got robbed, did you physically touch the piece of paper used to write down your seed phrase? If so: what was the reason?
  • did you install any program on your pc recently?
  • just before you got robbed, did you create a tx for any altcoin(s) using your ledger?
  • just before you got robbed, did you spend any BTC from your ledger? (i'm thinking about copy/paste virusses here)
  • are you running the latest version of ledger live and an updated version of ledger's firmware?


Let's say it was a Trojan horse and everything which I did that day was captured by a thief. I guess the person still needs to confirm the transactions physically on the Nano device?
Well, he either got you to confirm the transaction (potentially by abusing the vulnerability i talked about in my previous post... You could have been thinking you were signing a tx to send 3 DOGE, but sent 3 BTC instead due to the vulnerability) OR the thief got your seed phrase...

IF he had your seed phrase, you wouldn't have to confirm anything... The seed phrase is used to calculate the xprv, the private keys get derived from this xprv. Anybody who has your seed can restore it into any wallet he wants, and spend your funds without you having to confirm anything.

Once again: i'm not victim blaming... For what it's worth, you could have had the worst opsec in human history, that still didn't give the thief any entitlement to your funds. You were robbed, you are the victim here... Anything I ask is because i've been around for a while, and believe it or not: i do have some experience in this field... And from my experience, the odds somebody phished you, or had access to your physical device, or found your seed phrase an other way, or installed a copy/paste virus on your device are far greater than the odds of a firmware vulnerability. This does not mean a firmware vulnerability is impossible: i'm just relying on my experience and telling you what the biggest odds are...
I mean: i've seen loads of people with good opsec getting phished... I've seen people that suddenly remember they saved a picture of their seed on their dropbox ages ago...  I've seen people that suddenly remember they sent funds while they were drunk... I've seen people that got confused with change addresses... I've seen people getting confused when splitting their coins into BTC and BCH... I've seen people falling victim to copy/paste virusses by signing tx's without verifying which addres they were going to fund... But I haven't seen that many people that fell victim to a HW wallet vulnerability that couldn't been avoided by good opsec... Maybe once or twice: i can't remember a single one i've personally met, but i have a bad memory...
newbie
Activity: 8
Merit: 3
November 24, 2020, 07:26:34 AM
#13
--snip--
What do you mean by spying? What are the options really - is it possible to steal the coins from Nano S without having access to the recovery phrase and/or the USB device?

At this moment in time, i don't think there are any vulnerability's described like this...

I was searching for a list of current vulnerability's, and ended up on sites like this one: https://wallet.fail/wallets/nanos/

IIRC, there used to be a vulnerability with app isolation earlyer this year, so you could be fooled to think you were signing (for example) an LTC tx, while in reality you were signing a BTC tx, but IIRC, even this vulnerability was very hard to exploit and if i'm not mistaken it was fixed.

However, ledger did suffer a big data breach, and it's users are constantly getting phishing mails, text messages,... Also, recently it seems like somebody succeeded in contaminating amazon's stock with pre-initialised device(s).

I'm not saying this is the case here... New vulnerability's get found all the time (well, not for hw wallets per sé, but in general) so in theory it is possible you fell victim to a new vulnerability. This being said: odds are bigger someone got their hands on your seed or your physical device...

EDIT: by the way, i'm not victim-blaming here... I'm relatively strict when it comes to opsec (not as strict as some other members, but still, i think i do OK), but a while ago i almost fell for an obvious scam myself: my grandmother passed away (she was 92 years old at the time, so i guess she had a full life) and while being numb after here passing i didn't pay as close attention as i usually do, and i almost fell for a trap...
What i'm trying to say: everybody has his weak moments... Never say it's impossible that you fell for a phishing attack or an evil maid attack, or an inventory attack.. It only takes one moment without your full attention to fall victim.

I bought my device 2.5 years ago. I haven't got any phishing emails until this morning which reminded me about my crypto's. I logged into my account just to how my crypto's were going. I didn't click on links in that email or replied back. Furthermore I haven't received any text messages related to crypto.

No idea how this can happen as it seems like someone was aware that in that exact moment for the first time in many months I logged in - shortly after the funds left my account - which I guess underlines that the recovery phrase wasn't in use?
newbie
Activity: 8
Merit: 3
November 24, 2020, 07:15:01 AM
#12
is it possible to steal the coins from Nano S without having access to the recovery phrase and/or the USB device?
Zero-day exploits are not uncommon but I'm almost certain that whatever is stored on your computer cannot be used to steal your Bitcoins. The whole point of HW wallets is to block the attack vector from your computer. Connecting your Ledger to a computer should not compromise your seeds or your keys and it would not make a transaction for you unless you approve it on your Ledger.

Did you approve anything on the Ledger when you're using the Ledger Live?

Exactly - and that was the whole point getting a physical device for my crypto currencies - to approve things physically on the device. I did not approve anything that day - and actually I had problems entering/seeing my Ethereum balance that day due to a software bug I guess. I remember I seeked info in Ledgers Q&A but didn't manage to solve it quickly and therefore I pushed it for today where I did a Ledger Live update which apparently solved the Ethereum bug (as I can now see my balance and the fact the funds left on 29th (wondering how that could happen since I couldn't even access the Ethereums myself)).
newbie
Activity: 8
Merit: 3
November 24, 2020, 07:08:09 AM
#11
It a quite big amount (actually near 50k euro) .

It is possible Someone who knows you knew that you had these crypro-currencies?

But try to remeber: are you sure that you haven't received any sms from LEDGER? This sms arrived me abount 1 mounth ago... So the period coincides


Sorry to heard your histoy, but just for undestrand: thieves have stolen a small or large amount from your ledger?

Why this answer is easy to understand:

1) If amount was small, it was probably a pissing attack and affected more people. Consider that some time ago I got some sms with Ledger as sender inviting me to do an update, which were a pissing attacks (I happened to receive two sms on my phone).

2) if amount was high,  it may have happened that some single person has spied on you, followed you in as far as knowledge of your wealth, until he could make the shot. In this latter case, perhaps you also have some hope of finding out who hit you.





Thanks for your input.

2) To me the amount is high - 2.9 Bitcoins and some few Ethereums 10.0.

What do you mean by spying? What are the options really - is it possible to steal the coins from Nano S without having access to the recovery phrase and/or the USB device?

Yes, some knew about my crypto currencies. But what I don't understand is how it can happen, really?

I was logged in on 29th of Oct. for the first time in 4-5 months and just shortly after the transactions took place apparently. So I guess it's likely that a Trojan horse was surveilling me rather than someone abused my recovery phrase (as if it was caused by leak of recovery phrase I guess the coins were stolen independent from my login?).

Let's say it was a Trojan horse and everything which I did that day was captured by a thief. I guess the person still needs to confirm the transactions physically on the Nano device?
sr. member
Activity: 1056
Merit: 405
November 24, 2020, 06:33:19 AM
#10
A troian in his pc?

--snip--
What do you mean by spying? What are the options really - is it possible to steal the coins from Nano S without having access to the recovery phrase and/or the USB device?

At this moment in time, i don't think there are any vulnerability's described like this...

I was searching for a list of current vulnerability's, and ended up on sites like this one: https://wallet.fail/wallets/nanos/
sr. member
Activity: 1056
Merit: 405
November 24, 2020, 06:32:40 AM
#9
It a quite big amount (actually near 50k euro) .

It is possible Someone who knows you knew that you had these crypro-currencies?

But try to remeber: are you sure that you haven't received any sms from LEDGER? This sms arrived me abount 1 mounth ago... So the period coincides


Sorry to heard your histoy, but just for undestrand: thieves have stolen a small or large amount from your ledger?

Why this answer is easy to understand:

1) If amount was small, it was probably a pissing attack and affected more people. Consider that some time ago I got some sms with Ledger as sender inviting me to do an update, which were a pissing attacks (I happened to receive two sms on my phone).

2) if amount was high,  it may have happened that some single person has spied on you, followed you in as far as knowledge of your wealth, until he could make the shot. In this latter case, perhaps you also have some hope of finding out who hit you.





Thanks for your input.

2) To me the amount is high - 2.9 Bitcoins and some few Ethereums 10.0.

What do you mean by spying? What are the options really - is it possible to steal the coins from Nano S without having access to the recovery phrase and/or the USB device?
legendary
Activity: 3038
Merit: 4418
Crypto Swap Exchange
November 24, 2020, 06:30:54 AM
#8
is it possible to steal the coins from Nano S without having access to the recovery phrase and/or the USB device?
Zero-day exploits are not uncommon but I'm almost certain that whatever is stored on your computer cannot be used to steal your Bitcoins. The whole point of HW wallets is to block the attack vector from your computer. Connecting your Ledger to a computer should not compromise your seeds or your keys and it would not make a transaction for you unless you approve it on your Ledger.

Did you approve anything on the Ledger when you're using the Ledger Live?
legendary
Activity: 3584
Merit: 5243
https://merel.mobi => buy facemasks with BTC/LTC
November 24, 2020, 06:30:39 AM
#7
--snip--
What do you mean by spying? What are the options really - is it possible to steal the coins from Nano S without having access to the recovery phrase and/or the USB device?

At this moment in time, i don't think there are any vulnerability's described like this...

I was searching for a list of current vulnerability's, and ended up on sites like this one: https://wallet.fail/wallets/nanos/

IIRC, there used to be a vulnerability with app isolation earlyer this year, so you could be fooled to think you were signing (for example) an LTC tx, while in reality you were signing a BTC tx, but IIRC, even this vulnerability was very hard to exploit and if i'm not mistaken it was fixed.

However, ledger did suffer a big data breach, and it's users are constantly getting phishing mails, text messages,... Also, recently it seems like somebody succeeded in contaminating amazon's stock with pre-initialised device(s).

I'm not saying this is the case here... New vulnerability's get found all the time (well, not for hw wallets per sé, but in general) so in theory it is possible you fell victim to a new vulnerability. This being said: odds are bigger someone got their hands on your seed or your physical device...

EDIT: by the way, i'm not victim-blaming here... I'm relatively strict when it comes to opsec (not as strict as some other members, but still, i think i do OK), but a while ago i almost fell for an obvious scam myself: my grandmother passed away (she was 92 years old at the time, so i guess she had a full life) and while being numb after here passing i didn't pay as close attention as i usually do, and i almost fell for a trap...
What i'm trying to say: everybody has his weak moments... Never say it's impossible that you fell for a phishing attack or an evil maid attack, or an inventory attack.. It only takes one moment without your full attention to fall victim.
newbie
Activity: 8
Merit: 3
November 24, 2020, 06:26:22 AM
#6
Sorry to heard your histoy, but just for undestrand: thieves have stolen a small or large amount from your ledger?

Why this answer is easy to understand:

1) If amount was small, it was probably a pissing attack and affected more people. Consider that some time ago I got some sms with Ledger as sender inviting me to do an update, which were a pissing attacks (I happened to receive two sms on my phone).

2) if amount was high,  it may have happened that some single person has spied on you, followed you in as far as knowledge of your wealth, until he could make the shot. In this latter case, perhaps you also have some hope of finding out who hit you.





Thanks for your input.

2) To me the amount is high - 2.9 Bitcoins and some few Ethereums 10.0.

What do you mean by spying? What are the options really - is it possible to steal the coins from Nano S without having access to the recovery phrase and/or the USB device?
sr. member
Activity: 1056
Merit: 405
November 24, 2020, 06:17:43 AM
#5
Sorry to heard your histoy, but just for undestrand: thieves have stolen a small or large amount from your ledger?

Why this answer is easy to understand:

1) If amount was small, it was probably a pissing attack and affected more people. Consider that some time ago I got some sms with Ledger as sender inviting me to do an update, which were a pissing attacks (I happened to receive two sms on my phone).

2) if amount was high,  it may have happened that some single person has spied on you, followed you in as far as knowledge of your wealth, until he could make the shot. In this latter case, perhaps you also have some hope of finding out who hit you.



newbie
Activity: 8
Merit: 3
November 24, 2020, 06:15:25 AM
#4
Hi All.

I hope you can help me in this quite critical situation.
Today this morning I logged in to my Ledger Live (using Ledger Nano S) to see how my Bitcoins and Ethereum had developed since I was logged in last time on 29th of October. Unfortunately my funds are gone - both currency balances are 0 and I can see in the transaction history that all my funds were sent away from my wallet on the 29th of October(!) with 7 minutes between the transactions. Probably within 30 minutes after I logged into the wallet.

I'm wondering how on earth this can happen since I have kept my recovery phrase safe?

I have obviously reported this as a crime to the Police here in Denmark as well as reached out to Ledger's Support through their standard formular. Awaiting their feedback.


In the meantime any advice and help would be much appreciated.



Regards

Could you elaborate on how you kept your recovery phrase safe?

Most of the times a HW wallet gets robbed it's either:
  • because somebody got their hands on your recovery phrase (most common)
  • because somebody had physical access to your HW wallet (very rare)

The first option (somebody getting their hands on your recovery phrase) is usually caused by:
  • a phising attack: for example an email telling you you were hacked, and urging you to visit a phising website where you're asked to enter your seed
  • buying an initialised device instead of initialising it yourself
  • the seed being stored online in some sort of cloud storage
  • somebody having physical access to the paper (or other medium) containing your seed
  • the seed being stored on any kind of online device that's fallen victim to a vulnerability or malware

As for getting your funds back: unless there's some kind of mistake (for example: you're looking at the wrong wallet, or you moved the funds yourself, or moving to a bech32 wallet, or splitting BTC-BCH) the odds of getting your funds back are slim to none... As soon as the tx created by the robber was confirmed, the only way of getting your funds back is if the robber sends it back (or if the police catch him and return your funds)

Thanks for your quick input.

By nature I'm very skeptical and would never fall for a phishing email or something similar. I always check links etc. before I potentially click or do whatever action sender would like me to do.
I'm having my recovery phrase - the paper file - stored in my home office in a folder between random documents where only family have access. My intention was to move it to a bank box safe though. I haven't taken/uploaded a picture of the phrases. I simply don't get how this can happen and the interesting thing here is, that it happened just within short time after I was logged into Ledger Live (which was the first time in 4-5 months time).

Very odd and frustrating. :-(
copper member
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
November 24, 2020, 05:59:41 AM
#3
Hej

What did you do last time you logged in? Did you send a transaction out from your wallet or something?

Where did you source the ledger from? Did it come from the official site or a reseller? Some report say resellers often don't check wallets are of original quality before being returned (eg they might have a mnemonic someone else noted down).

Also how long have you had the ledger.

legendary
Activity: 3584
Merit: 5243
https://merel.mobi => buy facemasks with BTC/LTC
November 24, 2020, 05:57:24 AM
#2
Hi All.

I hope you can help me in this quite critical situation.
Today this morning I logged in to my Ledger Live (using Ledger Nano S) to see how my Bitcoins and Ethereum had developed since I was logged in last time on 29th of October. Unfortunately my funds are gone - both currency balances are 0 and I can see in the transaction history that all my funds were sent away from my wallet on the 29th of October(!) with 7 minutes between the transactions. Probably within 30 minutes after I logged into the wallet.

I'm wondering how on earth this can happen since I have kept my recovery phrase safe?

I have obviously reported this as a crime to the Police here in Denmark as well as reached out to Ledger's Support through their standard formular. Awaiting their feedback.


In the meantime any advice and help would be much appreciated.



Regards

Could you elaborate on how you kept your recovery phrase safe?

Most of the times a HW wallet gets robbed it's either:
  • because somebody got their hands on your recovery phrase (most common)
  • because somebody had physical access to your HW wallet (very rare)

The first option (somebody getting their hands on your recovery phrase) is usually caused by:
  • a phising attack: for example an email telling you you were hacked, and urging you to visit a phising website where you're asked to enter your seed
  • buying an initialised device instead of initialising it yourself
  • the seed being stored online in some sort of cloud storage
  • somebody having physical access to the paper (or other medium) containing your seed
  • the seed being stored on any kind of online device that's fallen victim to a vulnerability or malware

As for getting your funds back: unless there's some kind of mistake (for example: you're looking at the wrong wallet, or you moved the funds yourself, or moving to a bech32 wallet, or splitting BTC-BCH) the odds of getting your funds back are slim to none... As soon as the tx created by the robber was confirmed, the only way of getting your funds back is if the robber sends it back (or if the police catch him and return your funds)
newbie
Activity: 8
Merit: 3
November 24, 2020, 05:56:04 AM
#1
Hi All.

I hope you can help me in this quite critical situation.
Today this morning I logged in to my Ledger Live (using Ledger Nano S) to see how my Bitcoins and Ethereum had developed since I was logged in last time on 29th of October. Unfortunately my funds are gone - both currency balances are 0 and I can see in the transaction history that all my funds were sent away from my wallet on the 29th of October(!) with 7 minutes between the transactions. Probably within 30 minutes after I logged into the wallet.

I'm wondering how on earth this can happen since I have kept my recovery phrase safe?

I have obviously reported this as a crime to the Police here in Denmark as well as reached out to Ledger's Support through their standard formular. Awaiting their feedback.


In the meantime any advice and help would be much appreciated.



Regards
Jump to: