Bitcoin Forum
November 04, 2024, 08:07:45 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: Security Vulnerability: Ledger Nano X and Ledger Nano S  (Read 280 times)
big_daddy (OP)
Hero Member
*****
Offline Offline

Activity: 1680
Merit: 583


xUSD - The PRIVATE stable coin - Haven Protocol


View Profile WWW
October 25, 2019, 09:06:44 PM
Merited by Lucius (1), Daniel91 (1), boltz (1), dkbit98 (1), Rikafip (1)
 #1

I’ve just recived this mail

It’s a scam

Do not open and download anything






If you don't believe it or don't get it, I don't have the time to try to convince you, sorry.
chaoscoinz
Sr. Member
****
Offline Offline

Activity: 1150
Merit: 260

☆Gaget-Pack☆


View Profile
October 25, 2019, 09:18:23 PM
 #2

Thanks, it seems like more and more scam emails make their way into my inbox sneaking past my spam filter. I think I recieve crypto related emails due to being naive and siging up for crypro related newsletters.
  I try to unsubscribe but I have a sneaking suspicion by unsubscribing by clicking on the link, I may open myself to further exploiting through phishing.
  That's usually how social engineering goes,  they entice with money or women. .Sad

Pearls Before Swine
Sr. Member
****
Offline Offline

Activity: 1190
Merit: 306



View Profile
October 25, 2019, 09:50:53 PM
 #3

Thanks for the warning.  I'm just curious as to how these scammers got your e-mail in the first place.  I have a ledger nano s and as far as I can recall I've never given them my e-mail addy or any other identifying information, and that would be because they've never asked me for it.  If I got an e-mail like the one you posted I would know right away it was a phishing attempt, and if it wasn't obvious from that fact I certainly wouldn't expect a link from them to download some tool that sounds like it was developed by scammers. 

That explanation in the e-mail of what they say is wrong sounds like so much technical gobbledygook that I hope nobody falls for it.  There may be some basis for the entropy blah blah blah in how the ledger works, but it just sounds like a phisher trying way too hard to sound legit.

big_daddy (OP)
Hero Member
*****
Offline Offline

Activity: 1680
Merit: 583


xUSD - The PRIVATE stable coin - Haven Protocol


View Profile WWW
October 25, 2019, 10:10:14 PM
 #4

I donno where my mail came in their list, I am a Ledger user and also an affiliate, maybe it’s something wrong with their mailing lists
Anyway, fisrt I’ve checked their twitter, reddit, and saw no info regarding that, and so I decided to warn the whole community

If you don't believe it or don't get it, I don't have the time to try to convince you, sorry.
boltz
Legendary
*
Offline Offline

Activity: 3346
Merit: 1203



View Profile
October 25, 2019, 10:24:45 PM
 #5

It doesn't look like an official mail coming from the Nano ledger team so don't open it. Also you did the best job coming here and make a thread to make everyone aware of this and I hope this will get attention as soon as possible from most of the users. I use ledger too and I haven't receive it so I think your mail somehow got into a list of a database. Can you make a list of the last sign ups you've used with your mail ?  

Don't open it , I want to repeat myself on this. Seems that scammers got a pretty big data base of nano users.

███▄▀██▄▄
░░▄████▄▀████ ▄▄▄
░░████▄▄▄▄░░█▀▀
███ ██████▄▄▀█▌
░▄░░███▀████
░▐█░░███░██▄▄
░░▄▀░████▄▄▄▀█
░█░▄███▀████ ▐█
▀▄▄███▀▄██▄
░░▄██▌░░██▀
░▐█▀████ ▀██
░░█▌██████ ▀▀██▄
░░▀███
▄▄██▀▄███
▄▄▄████▀▄████▄░░
▀▀█░░▄▄▄▄████░░
▐█▀▄▄█████████
████▀███░░▄░
▄▄██░███░░█▌░
█▀▄▄▄████░▀▄░░
█▌████▀███▄░█░
▄██▄▀███▄▄▀
▀██░░▐██▄░░
██▀████▀█▌░
▄██▀▀██████▐█░░
███▀░░
LeGaulois
Copper Member
Legendary
*
Offline Offline

Activity: 2940
Merit: 4101


Top Crypto Casino


View Profile
October 25, 2019, 10:29:52 PM
 #6

It's spam for sure. The latest email you're supposed to receive from Ledger is about their latest hardware edition. (Get the Ledger Nano X Limited Edition before it’s gone…)

When spammer target people they don't care if you are a customer or not. They try their luck between millions of emails. It's like when you receive an email alert from a bank in which you never got an account...

ofc ignore it.

█████████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████
█████████████████████████
.
BC.GAME
▄▄░░░▄▀▀▄████████
▄▄▄
██████████████
█████░░▄▄▄▄████████
▄▄▄▄▄▄▄▄▄██▄██████▄▄▄▄████
▄███▄█▄▄██████████▄████▄████
███████████████████████████▀███
▀████▄██▄██▄░░░░▄████████████
▀▀▀█████▄▄▄███████████▀██
███████████████████▀██
███████████████████▄██
▄███████████████████▄██
█████████████████████▀██
██████████████████████▄
.
..CASINO....SPORTS....RACING..
█░░░░░░█░░░░░░█
▀███▀░░▀███▀░░▀███▀
▀░▀░░░░▀░▀░░░░▀░▀
░░░░░░░░░░░░
▀██████████
░░░░░███░░░░
░░█░░░███▄█░░░
░░██▌░░███░▀░░██▌
░█░██░░███░░░█░██
░█▀▀▀█▌░███░░█▀▀▀█▌
▄█▄░░░██▄███▄█▄░░▄██▄
▄███▄
░░░░▀██▄▀


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
Ailmand
Hero Member
*****
Offline Offline

Activity: 1274
Merit: 519


Coindragon.com 30% Cash Back


View Profile
October 25, 2019, 11:09:57 PM
 #7

It seems that there had been a lot of scam e-mails lately. Good thing that I don't give too much attention on spam e-mails or even any announcements via e-mail, not download any updates or click links sent via e-mail. Be cautious guys, scammers are finding different ways to earn easy money.

franky1
Legendary
*
Offline Offline

Activity: 4396
Merit: 4755



View Profile
October 26, 2019, 12:11:08 AM
 #8

this topic should be named scam warning spoofing ledger emails
that said.
an actual security vulnerability is the fact when you plug in a ledger and you use a webbrowser interface, the interface may not be from ledger but a phishing site with a pretend 'problem with ledger, please re-type in your seed to reset'. whereby your seed then goes to scammers

so be careful if ever asked to type in your seed

I DO NOT TRADE OR ACT AS ESCROW ON THIS FORUM EVER.
Please do your own research & respect what is written here as both opinion & information gleaned from experience. many people replying with insults but no on-topic content substance, automatically are 'facepalmed' and yawned at
pakhitheboss
Hero Member
*****
Offline Offline

Activity: 2296
Merit: 833


Top Crypto Casino


View Profile WWW
October 26, 2019, 12:52:38 AM
 #9

Now you will be receiving more of such spam and scam email as your email address has been now compromised. It is better to always check the senders email address before taking any actions whenever you recieve such emails. Most of the time the senders email will have Yahoo or gmail address. If they send it using the same domain name then it will be spelt incorrectly. Such minute checks can help us.

███████████████████████
████▐██▄█████████████████
████▐██████▄▄▄███████████
████▐████▄█████▄▄████████
████▐█████▀▀▀▀▀███▄██████
████▐███▀████████████████
████▐█████████▄█████▌████
████▐██▌█████▀██████▌████
████▐██████████▀████▌████
█████▀███▄█████▄███▀█████
███████▀█████████▀███████
██████████▀███▀██████████

███████████████████████
.
BC.GAME
▄▄▀▀▀▀▀▀▀▄▄
▄▀▀░▄██▀░▀██▄░▀▀▄
▄▀░▐▀▄░▀░░▀░░▀░▄▀▌░▀▄
▄▀▄█▐░▀▄▀▀▀▀▀▄▀░▌█▄▀▄
▄▀░▀░░█░▄███████▄░█░░▀░▀▄
█░█░▀░█████████████░▀░█░█
█░██░▀█▀▀█▄▄█▀▀█▀░██░█
█░█▀██░█▀▀██▀▀█░██▀█░█
▀▄▀██░░░▀▀▄▌▐▄▀▀░░░██▀▄▀
▀▄▀██░░▄░▀▄█▄▀░▄░░██▀▄▀
▀▄░▀█░▄▄▄░▀░▄▄▄░█▀░▄▀
▀▄▄▀▀███▄███▀▀▄▄▀
██████▄▄▄▄▄▄▄██████
.
..CASINO....SPORTS....RACING..


▄▄████▄▄
▄███▀▀███▄
██████████
▀███▄░▄██▀
▄▄████▄▄░▀█▀▄██▀▄▄████▄▄
▄███▀▀▀████▄▄██▀▄███▀▀███▄
███████▄▄▀▀████▄▄▀▀███████
▀███▄▄███▀░░░▀▀████▄▄▄███▀
▀▀████▀▀████████▀▀████▀▀
abel1337
Legendary
*
Offline Offline

Activity: 2492
Merit: 1145


Enterapp Pre-Sale Live - bit.ly/3UrMCWI


View Profile WWW
October 26, 2019, 01:41:57 AM
 #10

Ledger wont ask for your email in the first place, So its basically a spam email that tends user to open that and take advantage on them.

Basically don't open this kind of suspicious emails even it pretend to be a big name.

Hackers tend to do some new methods to make their penetration successful, Its good that OP post it before someone will get scammed from this forum.


█████████████████████
█████████████████████████
█████████▀▀▀▀▀▀▀█████████
██████▀███████████▀██████
█████▀███▄▄▄▄▄▄▄███▀█████
████████▀▀▀▀▀▀▀▀▀████████
█████████████████████████
█████▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄█████
█████████████████████████
██████▄███████████▄██████
█████████▄▄▄▄▄▄▄█████████
█████████████████████████
█████████████████████
 
    CRYPTO WEBNEOBANK    
▄▄███████▄▄
▄███████████████▄
▄██████░░░░░░░░░░███▄
▄████▄▄███████▄▄░░░██▄
▄█████████████████░░░██▄
████░░▄▄▄▄▄▄▄▄▄░░░░░░░░██
████░░██████████░░░░░░░██
████░░▀▀▀▀▀▀▀▀▀░░░░░░░░██
▀█████████████████░░░██▀
▀████▀▀███████▀▀░░░██▀
▀██████░░░░░░░░░░███▀
▀███████████████▀
▀▀███████▀▀
hello_good_sir
Hero Member
*****
Offline Offline

Activity: 1008
Merit: 531



View Profile
October 26, 2019, 02:09:23 AM
 #11

Thanks for the warning.  I'm just curious as to how these scammers got your e-mail in the first place.  I have a ledger nano s and as far as I can recall I've never given them my e-mail addy or any other identifying information, and that would be because they've never asked me for it.  If I got an e-mail like the one you posted I would know right away it was a phishing attempt, and if it wasn't obvious from that fact I certainly wouldn't expect a link from them to download some tool that sounds like it was developed by scammers. 

That explanation in the e-mail of what they say is wrong sounds like so much technical gobbledygook that I hope nobody falls for it.  There may be some basis for the entropy blah blah blah in how the ledger works, but it just sounds like a phisher trying way too hard to sound legit.
Have you seen the service threads out there that offer databases of crypto emails? There used to be bounties that collected email addresses, and they were open for anyone, very easily a bunch of them could have been compiled into a list.

They could have also gotten them from other database breaches, etc.

It just looks like a regular spam email that's actually made pretty well. Did the email hit your spam indox or was it in your primary inbox? What email address is it from? Usually, emails from spoofed addresses that have like a letter different get flagged by your service provider.

Lucius
Legendary
*
Offline Offline

Activity: 3416
Merit: 6143


Crypto Swap Exchange🈺


View Profile WWW
October 26, 2019, 09:11:03 AM
 #12

I donno where my mail came in their list, I am a Ledger user and also an affiliate, maybe it’s something wrong with their mailing lists

I am also Ledger user and affiliate, but I did not receive such an email for now, so I doubt there is some leakage of data from Ledger. Any activity that involved giving the email address to which you received this mail is very likely to blame for this.

The only tool that is legitimate to use is Ledger Live software which is taken from the official site, so even though it must be admitted that hackers are very imaginative in this case, for those with some experience, these kinds of things are pretty harmless. What anyone who has received such mail can do is report it as spam, this way, such mail will go directly to the spam folder.

█▀▀▀











█▄▄▄
▀▀▀▀▀▀▀▀▀▀▀
e
▄▄▄▄▄▄▄▄▄▄▄
█████████████
████████████▄███
██▐███████▄█████▀
█████████▄████▀
███▐████▄███▀
████▐██████▀
█████▀█████
███████████▄
████████████▄
██▄█████▀█████▄
▄█████████▀█████▀
███████████▀██▀
████▀█████████
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
c.h.
▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
▀▀▀█











▄▄▄█
▄██████▄▄▄
█████████████▄▄
███████████████
███████████████
███████████████
███████████████
███░░█████████
███▌▐█████████
█████████████
███████████▀
██████████▀
████████▀
▀██▀▀
Pmalek
Legendary
*
Offline Offline

Activity: 2940
Merit: 7538


Playgram - The Telegram Casino


View Profile
October 26, 2019, 09:24:33 AM
 #13

@big_daddy
Is that email that you received it on public? Do you take part in bounties with that email and has it been used to signup for airdrops or does it appear in some google form posted by a bounty?

I am asking because Lucius is a Ledger user, I also have a Ledger device, but we didn't receive anything similar. Nowhere during the installation and setup process of a Ledger wallet are you required to enter an email address, unless you sign up to their newsletter, ambassador program etc. 
 

▄▄███████▄▄███████
▄███████████████▄▄▄▄▄
▄████████████████████▀░
▄█████████████████████▄░
▄█████████▀▀████████████▄
██████████████▀▀█████████
████████████████████████
██████████████▄▄█████████
▀█████████▄▄████████████▀
▀█████████████████████▀░
▀████████████████████▄░
▀███████████████▀▀▀▀▀
▀▀███████▀▀███████

▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄
 
Playgram.io
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀

▄▄▄░░
▀▄







▄▀
▀▀▀░░
▄▄▄███████▄▄▄
▄▄███████████████▄▄
▄███████████████████▄
▄██████████████▀▀█████▄
▄██████████▀▀█████▐████▄
██████▀▀████▄▄▀▀█████████
████▄▄███▄██▀█████▐██████
█████████▀██████████████
▀███████▌▐██████▐██████▀
▀███████▄▄███▄████████▀
▀███████████████████▀
▀▀███████████████▀▀
▀▀▀███████▀▀▀
██████▄▄███████▄▄████████
███▄███████████████▄░░▀█▀
███████████░█████████░░
░█████▀██▄▄░▄▄██▀█████░
█████▄░▄███▄███▄░▄█████
███████████████████████
███████████████████████
██░▄▄▄░██░▄▄▄░██░▄▄▄░██
██░░░░██░░░░██░░░░████
██░░░░██░░░░██░░░░████
██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████
███████████████████████
███████████████████████
 
PLAY NOW

on Telegram
[/
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18726


View Profile
October 26, 2019, 09:35:17 AM
 #14

I'm just curious as to how these scammers got your e-mail in the first place.
Because people generally use one email for everything, and give that email out freely without a second thought to their own security. This is particularly a problem in crypto, when users give out their email to exchanges, services, web wallets, slack, discord, telegram, ICOs, airdrops, faucets, bounties, and anyone else who asks for it. The vast majority of ICOs/airdrops/bounties and complete scams, and all of the services I've mentioned have been hacked, and these scammers/hackers have no issue with selling lists of email addresses to anyone who wants them, including other scammers. I own several Ledger devices and haven't received an email like this to any of my email addresses because I pay attention to my own security.

Someone on reddit who received the email uploaded the .exe file to virustotal. Teeming with malware: https://www.virustotal.com/gui/file/ec61d516b476ea8ecd688364a25135a07b3fd5cf4536dc33ea58c1a5ecb8b1f8/detection

Even if the terrible English, poor grammar, and spelling mistakes weren't enough to tip you off, you should never be blindly downloading files or following links sent to you in an email. Period.
big_daddy (OP)
Hero Member
*****
Offline Offline

Activity: 1680
Merit: 583


xUSD - The PRIVATE stable coin - Haven Protocol


View Profile WWW
October 26, 2019, 12:39:53 PM
 #15

@big_daddy
Is that email that you received it on public? Do you take part in bounties with that email and has it been used to signup for airdrops or does it appear in some google form posted by a bounty?

I am asking because Lucius is a Ledger user, I also have a Ledger device, but we didn't receive anything similar. Nowhere during the installation and setup process of a Ledger wallet are you required to enter an email address, unless you sign up to their newsletter, ambassador program etc. 
 

Yeah, I was using this mail in some bounties and airdrops years ago, not a lot of them, but one wrong is enough, usually I use a telegram bot (TempMail) that is generating an unique email box for bounties and airdrops

It’s good to know that other Ledger users didn’t recieve this mail cause that can be a proof that nothing inside the Ledger system has been hacked or list leaked

Anyway, I am very suspicious to any mail I get on my private inbox, cause hackers are all around us, and I’m verifing every link before click on it

If you don't believe it or don't get it, I don't have the time to try to convince you, sorry.
jerry0
Full Member
***
Offline Offline

Activity: 1792
Merit: 186


View Profile
February 15, 2020, 09:32:50 PM
 #16

Wait, if you open the email, there is no issue right?  Its only if you download or click on something in the email right?  Im close to certain that is the case but why some ppl say don't open the email?


So basically you download this, you got malware/trojan/virus on your laptop right?  What if its an iphone?


But this can't hack your hardware wallet though righ?
o_e_l_e_o
In memoriam
Legendary
*
Offline Offline

Activity: 2268
Merit: 18726


View Profile
February 16, 2020, 09:13:28 AM
 #17

Wait, if you open the email, there is no issue right? Its only if you download or click on something in the email right?
Correct.

So basically you download this, you got malware/trojan/virus on your laptop right?
Correct.

What if its an iphone?
If I remember correctly, I'm pretty sure this particular piece of malware was for desktop only. That's not to say you couldn't infect your iPhone with malware attached to an email though, if you downloaded and ran it without thinking.

But this can't hack your hardware wallet though righ?
Also correct. The whole point of a hardware wallet is that it can be used with an infected device without compromising your keys or your coins. The most that malware could do would be to try to generate malicious transactions - as long as you are double checking what shows up on the screen of your hardware wallet, and only confirming transactions which you authorized with the correct address and amount, you are safe.

Having said that, that is based on current knowledge. It is entirely possible that some hardware wallets have a vulnerability which could leave them vulnerable to a malware attack like this that we simply don't know about.
bob123
Legendary
*
Offline Offline

Activity: 1624
Merit: 2481



View Profile WWW
February 19, 2020, 01:15:33 PM
 #18

Wait, if you open the email, there is no issue right? Its only if you download or click on something in the email right?
Correct.

This might be the case with this email, but is not always true.

There are ways to infect a device by simply opening an email. Of course this requires some conditions to be fulfilled, but nonetheless it is possible.
The very least you could do is to gather information about the target opening the email (e.g. IP address, browser used, OS, etc..). At least if you are not opening the email in plain text mode.

Oh, and btw.. A few years ago there was a bug in symantecs virus scanner.
It was enough to just receive a malicious email.
Usually the AV checks each incoming mail/attachement in a sandboxed environment. However, there was a bug which allowed an attacker to run code directly with root/administrator privileges on the victims computer.
You wouldn't even need to open the mail, simply receiving it was sufficient.


Usually, opening mails is fine to not get compromised. But it depends a lot on the mail client / browser / whatever you are using to open it.

Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!