Bitcoin Forum

Anyone have any suggestions?

Is your Ledger Bitcoin crypto app updated to the newest version? There was a derivation path vulnerability in the past, but it should have been fixed with Bitcoin app v 1.4.6. The error seems to be related to a wrong derivation path by the wallet software compared to the derivation path used by the coin's app according to this source by Ledger. (https://support.ledger.com/hc/en-us/articles/360015738179-Derivation-path-vulnerability-in-Bitcoin-derivatives?support=true)

I don't remember the exact error message, but I've got some similar strange error (but it was telling about the change path - is there a chance you've misread the message?) when I wanted to send the change of a transaction to one of the funding addresses in my wallet. (But it was not multi-sig).
My point is that:
1. I'd agree with the previous post that's probably 2 outputs, not 2 transactions.
2. I'd expect that the large transaction is the change. In that case, if you go on this path, make sure it indeed goes to an address from within your wallet.
3. If you want to avoid that error, look at the transaction you make and change something (like for example don't set the address for the change yourself, if it's the case)

So this is exactly it.  Regarding Point #2, I see that the address shown that the larger transaction is going to is in my "address" tab on elecrum, as a previous receiving address.  Does this indicate that I am able to approve the message?

It depends also how you do it.
If you have value_x on Your_Address_1 and just want to send value_y to Coinbase_Address_1, your transaction will be

In: Your_Address_1
Out_1: Coinbase_Address_1
Out_2: Your_Address_2 (the change, meaning value_x - (value_y + tx fee))

Now, if you have made yourself the transaction as "Pay to many" and put yourself Your_Address_2 you wanted, this may be the problem; in my case this was it and I've fixed it by NOT using Pay to Many and instead only send to Coinbase_Address_1 and let the wallet do the rest.

Problem 1: I don't know what you actually done and you don't look as somebody that would have been using pay to many.
Problem 2: This kind of things should be discussed publicly because I may be a scammer trying to get more info from you and steal your money. And it should be public because others may also have good ideas.
Problem 3: I don't know if your Electrum is clean. I don't want to scare you, but another direction would be to uninstall Electrum, download it, verify the signature and install/run it again; just to make sure you don't have some odd Electrum clone that's trying something fishy.  --> update, this may not be the case if the second address is indeed part of your wallet

I won't say what you should do, I would be uneasy too with such messages (and I don't know how good you checked the addresses, no offense).
I've sent you quite a long message in private, I don't know how your tx looks like, I will post it here too:


Since my use case differs from yours, since I didn't do multisig (and I don't have experience with that), I'll leave to the others find a way that maybe the Ledger won't complain. I think that such direction would still be option #1.

Where are you sending the funds too? If it's a wallet you control then it might be possible that it's asking you to confirm sending "change" but if you're unsure then I'd try sending it all to the other address/wallet and back to see if that works.

If it was the latest version then it might be a bug it needs to report directly to the ledger about this issue.
Just try to report it and maybe you are also eligible to bug bounty program from here https://donjon.ledger.com/bounty/

After doing a ton of research to really understand what was happening, -snip-