Bitcoin Forum

Hi. When Im sending BTC i have 2 confirmations on the devices display. 1st - receive address and the amount. And the 2nd Im concern of. There are different address and another amount. After reading about the attack i havent send anything.

This is just your device ask you to confirm change address,it is normal in HD wallets to have change address.So when you send 0.01 BTC and you have in total 0.02 BTC,0.01 + fee will be send to address you pick,and rest will be send (free) on change address.I notice this few days ago first time in Electrum 3.0.5 in combination with Ledger Nano S.

From Ledger support is explained that sometimes as they say "minor bug" can cause such behavior on device.It should be safe,but since latest reports how easy is for malware to create receiving address in Chrome app,this is also represents a security problem.

https://support.ledgerwallet.com/hc/en-us/articles/115005469005-What-if-two-Outputs-are-displayed-Transfer-to-a-Change-address

As already mentionoed this is your change address.

This was a small 'bug' in an older version of the ledger nano s.
I would advise you to update your software.

Current versions:




The new "attack" is replacing your recieving address in the GUI of your application.
Ledger already has a workaround ready where you have to confirm your recieving address ony our nano S.

Note: The attack vector covers the GUI of your wallet. Not the wallet / the nano s itself.
Everything you confirm on your nano s can be considered as verified and safe.