Bitcoin Forum

https://i.imgur.com/dja3Nej.jpg

https://i.imgur.com/XHEMsI6.jpg

https://i.imgur.com/fh0AqRD.jpg

Ledger is again trending in Twitter and for all the bad reasons.
One guy reported 100k of his erc20 tokens have been missing from his Ledger wallet, and Ledger is investigating this.
https://twitter.com/StackingUSD/status/1294254623591739392

It could be he was a victim of phishing attack, but I would not suggest anyone using eth or any other erc20 shit for now.

It is possible that he used a fake MEW or something like that, that could lead to some other exploit similar to that one from last week:
https://support.ledger.com/hc/en-us/articles/360015738179

I don't know if the two incidents are related.

I am worried about my ledger now....

I was thinking the same thing. Probably related with pervious bug that was reported.
Lucky for me, I don't hold any altcoins on Ledger wallet.

More updates for this case:
https://twitter.com/StackingUSD/status/1294274025213112322

https://i.imgur.com/mQqVNnS.png

Everything he is saying like "I just reseted my ledger", "I said it was here" doens't mean anything.

 he could have just reseted and went into a fake MEW, or wrote his SEED in phising website...

Probably, and I wouldn't be surprised.
When people can send bunch of Bitcoins to twitter hacker and youtube scam videos, then anything is possible.
However he does have his own TG group with over 4600 members, twitter with over 30k followers, and I don't think he is some naive newbie.

I am waiting for Ledger final reply.

Maybe, maybe not.  It certainly could be that he was vulnerable to a phishing attack that he's not aware of, but now I'm a bit worried and I'm curious to see what Ledger's response is.  

You guys think this is just an ETH-related thing?  I don't own any ETH or tokens, but hearing news like this is unnerving.

Edit:
I don't know exactly what I mean.  I'm just wondering whether there's a real vulnerability that could affect everyone or just this member or a particular coin/token.  Never mind my question, as it's just my ignorance of how these things work speaking.

Not Ledger's fault but good on them on trying to figure out what happened. My initial thought was he bought a tampered HW from a scammer but he says phrase was reset a week before. We can't be sure if that resetting was true though.   

What do you mean? If you say it's a vulnerability in erc-20 code, then I doubt it. Nobody can just take tokens away from someone's hardware wallet.

---

 ;D

https://i.ibb.co/JvX6d5s/ledg.png

https://i.imgur.com/K3INSFO.png

New update:
Hacker moving large amounts of coins from his wallet to OKEx exchange
No he is asking exchange to freeze the funds and going to contact police for investigation.
No reply from Ledger yet.

This is a very stupid move from a hacker.

If the "hacker" knows a zero day bug on ledger and how to sploit it, he would certainly also know how to keep the funds anonymous using a mixer or coin join etc.. he would never send that to an exchange where he could be easily identified and reported and frozen.

Looks like he was scammed by some idiot. Phising site, or someone close etc.

Let's assume what he says is correct - he reset his Ledger and set up a new seed phrase a week ago, and his Ledger has been in his possession in a safe since and no one has had access to it.

• If the Ledger device had generated a non-random seed or there was some other flaw allowing an attacker to brute force the seed without having access to the device, then we would be seeing millions of a variety of coins and tokens being stolen
• If there was a flaw with the Ethereum app or interface, then again, we would be seeing millions of different ERC20 tokens being stolen

As with the vast majority of hacks, the most likely cause here is user error - insecure seed back up, entering seed in to inappropriate place, fake/malicious wallet or app, etc.

This made me worried about my Ledger but after analyzing it and reading the thoughts of o_e_l_e_o and everyone, I'll agree that it could be the guy's fault. Does the victim don't hold bitcoin? or he's just mainly into erc20 tokens? where's the TXIDs?

I quickly read and scroll through the replies of the people interested in that tweet. Most questions were asking for the TXID but the author seems to ignore it.

According to Andreas Antonopoulos he believes that it could be an inside job rather than something else. Someone close to him who had access to the safe robbed him. His tweet came as a response to some other user's question who asked if it was possible there could have been a seed collision with a seed already used by someone else.

This is the tweet (https://twitter.com/aantonop/status/1294427896896004097).

More bad press about Ledger. Maybe it's not their fault this time but karma is a bitch. They decided to focus on their clothing assortment and overprices crypto buying service instead of fixing security bugs and now the problems are pilling up.

To me, this seems like a little more adding fuel to the fire in an attempt to further damage Ledger's reputation. The tweet that appeared after the alleged hacking raises even more suspicions that this is the case - one person was allegedly hacked, and another reportedly received the same amount on his Ledger.

I noticed that both messages end identically : "What the actual fnck @Ledger". Of course neither of those two Twitter users posted their addresses or transactions, which could only help to at least determine where the tokens ended up and whether the alleged hacker would try to sell them.

Users report hacking their HWs every week, and in the end it turns out that they are victims of phishing or that they kept the seed in unencrypted digital form. I'm 90% sure that's the case here too, the remaining 10% goes to some real unknown vulnerability or to an attempt of bad PR.

Could this be somehow connected to resent Ledger security breach, when about 10k users private data was stolen?  Could this stolen private info help “current topics hacker” to stole 100k usd?

No and yes and no.
No, there is no way that knowing that info will get you into someones PC or Ledger.
Yes, in the fact that it might make you more vulnerable to Spear Phishing or a more targeted attack.
No, in the fact that if the above did happen the user would still have to "do something wrong" somehow.

-Dave

Without disclosing what actually happened, the guy has apologized to Ledger


It's definitely a user error. He probably asked Ledger's support not to disclose the findings in exchange for his apology because it's embarrassing.

He's moving on now and continue with his shills.

I guess its time to end the discussion here.

Or it is the most common attempt to attract attention in order to promote something else, such as some shitcoins that the user normally promotes. People are not so stupid as not to see what is happening, and when someone avoids giving an answer to the simple question "What actually happened" everything can be reduced to this tweet :

What utter nonsense. He had the equivalent of $110,000 stolen, and in the space of less than 12 hours went from threatening Ledger with "you will repay me", to "I'm content moving forward". He has also been completely silent on what actually happened.

This is one of three things:

• He did something so monumentally stupid that he is embarrassed by the whole thing, such as type his seed phrase in to a website
• He fabricated the whole thing for tax evasion or money laundering purposes
• He fabricated the whole thing to advertise a shitcoin

Regardless, almost certainly nothing to do with Ledger and no security vulnerability of the hardware device.

Just... wow! ::) ::) ::)

I'm guessing the fact that he retweeted the Ledger "Phising" warning (https://twitter.com/StackingUSD), and then publicly apologised to Ledger is the biggest indicator of what happened:
https://talkimg.com/images/2023/11/15/zf0rz.pnghttps://talkimg.com/images/2023/11/15/zflW2.png


100% he either entered his 24 word recovery phrase into either a fake version of Ledger Live or a phishing website etc when he reset his seed a week ago.

Sucks his lost so much, but I'd have way more respect for him if he explained what actually happened instead of these somewhat "vague" tweets which are the twitter equivalent of "nevermind, I fixed it" posts on forums ::) ::) :-\

He is a sucker if he really did that and got scammed by fake phishing ledger, but I still have some doubts and think that one of o_e_l_e_o theories may be close to truth, and he wanted to avoid paying taxes (with gains he made during this bull market), so he staged the whole show in public.
Just my crypto conspiracy theory and I could be totally wrong :)

There's no evidence but it is definitely weird. If I lose that much I'd be stressed out like hell unless I'm a whale with 10 millions cash to burn everyday. At least this means Ledger is still safe to use, and not really surprising at all since most 'hacking' method that have been published require access to the HW itself. 

It's a case-closed. It's his fault and the analysis of o_e_l_e_o is correct, it's either of those factors which led the complainant's negligence of losing his funds.

The guy took the attention of many crypto folks especially, Ledger's and whatever his agenda is, it brought me a short-time fear for my own self-keeping. I commend Ledger's response and how they're willing to help the guy although it's after-sales.

I wonder if Ledger will go after him with the buzz and after damaging their reputation with what he's done.

This example proves that no matter what someone has $100k in crypto (although that fact is also questioned in this story), this does not mean that he has enough intelligence to follow the simplest instructions such as downloading software from the official site, or not entering his seed anywhere except in the hardware wallet.

I'm not surprised that this genius may want to hide his shame, but it's pretty frivolous that Ledger didn't reveal what actually happened, but indirectly tells us what may have happened - another illogical move on their part.

And a fourth:
He fabricated this in a hope to get some money off Ledger to shut up.


I've done a 300$ worth of ERC-20 tokens transaction with Ledger and MEW less than one week ago and all went just fine. And all the expected funds are still in place.
So I'd go for the 3+1 list of possible causes for those posts.

The kind of person who owns $100k worth of some random ERC20 token is almost certainly someone who took a wild punt on some ICO and happened to hit the jackpot when it pumps and dumps. For everyone one person who gets rich on a shitcoin, there are a thousand more who lose all their money. I would say that people throwing their money in to random altcoins and hoping to get rich quick are far less likely to be clued up on good security practices and the technical side of owning crypto than someone who owns $100k worth of bitcoin.

Reading through his tweets, he also admits to be an "advisor to the project", so I wouldn't be surprised at all if his 17 million tokens were airdropped to him for nothing.

Interesting thought however. If they were airdropped to him, or given to him as an advisor on the project (depending on where they live) they might still be responsible for the taxes. If your boss gives you an oz of gold instead of a paycheck and you drop that gold and never see it again, your boss still paid you and you still owe taxes on it.

Back to the main point, still looks like it was his fault and the fact as many have said, that he never said what happened just looks funky.

-Dave

No.
Ledger does not have any information about you which could help to bruteforce your mnemonic code or access your seed in any other way.


I'd say this person either was extremely stupid and negligent (which is pretty likely) or it is just a plain lie.
The fact not a single address or txid has been posted, makes me believe that it is the latter.

Usually, when people make dumb things, they start with pretty useless information and then release more and more useful information to actually figure out where they messed up. Not in this case.

Although he didn't release the TXID, there was a transaction for 17,000,000 of this token made a few hours before his tweet - https://etherscan.io/tx/0x479ee89c7cb976348f41cd66ba7232a95dadbf6026d12ca91d420b06918f7a01. These 17 million tokens were then moved again a few minutes later to a Uniswap contract.

He has since made a couple more tweets, again saying that this wasn't the fault of his Ledger device but being completely vague as to what actually happened:

What is he hinting at here? Much deeper than a hardware issue? Either the code of the shitcoin he is shilling is filled with bugs, or he is still trying to cover up his own stupid mistakes.

While this guy's Ledger was not hacked, to be cautious, people should be running multi-sig setups with both a Ledger and Trezor.

Is it possible a fake MEW to compromise Ledger (without entering somehow the seed)?
Ledger is supposed to sign transactions even to infected PCs....

We can never say never, as there could be a vulnerability we don't know about, but there is currently no known way for a fake MEW to compromise a Ledger device.

At most, a fake or malicious software wallet can push a malicious transaction to the hardware wallet. That transaction will only be signed and broadcast if the user presses the physical buttons on the Ledger device required to accept it. If the user rejects the transaction, then it cannot be signed and cannot be broadcast.

In terms of the recently discovered Ledger exploit - if there was a similar exploit for Ethereum and ERC20 tokens, then theoretically someone trying to transfer Ethereum or a token to an address could be tricked in to also transferring some other token to that address. There is, however, currently no known exploit which could achieve this.

I agree. This is , as far as I understand,  exactly the case in this recent exploit:

https://donjon.ledger.com/lsb/014/

As the user is already spending some altcoin, it is easy to be fooled and click the button for a bitcoin transaction while using a fake mew.

I will pay much more attention now when spending altcoins (I don't have much anyway)

I have suggested for a long time now that people should make more use of multiple different passphrases, and this seems to be another good reason to do so. If each of the different coins you store on your Ledger device were stored behind a different passphrase, then it would be impossible for this vulnerability to affect you.

However, I appreciate this wouldn't be easy for ERC20 tokens, since they are stored on standard Ethereum addresses and you need some Ethereum on said address to be able to spend/transfer them, so you would be forced to hold a few dollars worth of Ethereum in multiple different addresses, one for each token. In this case, there really is no substitute for paying close attention to what your hardware wallet is displaying on the screen and double and triple checking it matches the transaction you wish to make.