Bitcoin Forum
September 22, 2018, 12:13:07 PM *
News: ♦♦ New info! Bitcoin Core users absolutely must upgrade to previously-announced 0.16.3 [Torrent]. All Bitcoin users should temporarily trust confirmations slightly less. More info.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: A cautionary tale about HW wallets from resellers  (Read 112 times)
gentlemand
Legendary
*
Offline Offline

Activity: 1764
Merit: 1256


Hello You


View Profile
January 07, 2018, 08:48:05 PM
 #1

https://www.reddit.com/r/ledgerwallet/comments/7oq0pu/mans_life_savings_stolen_from_hardware_wallet/

https://www.reddit.com/r/btc/comments/7ojvca/i_am_the_guy_that_lost_25000_due_to_ledger_scam/

https://www.reddit.com/r/ledgerwallet/comments/7oqsff/potential_compromisedsetup_wallets_still_out/

TL:DR - A guy bought a Ledger Nano S off a reseller on Ebay. It came with the seed preinstalled and written on an official looking scratch card. As he didn't know better he loaded it up only for it to be emptied shortly after.

The reseller didn't do it. The supplier to him did.

Generate a new seed on your devices, kids.

1537618387
Hero Member
*
Offline Offline

Posts: 1537618387

View Profile Personal Message (Offline)

Ignore
1537618387
Reply with quote  #2

1537618387
Report to moderator
1537618387
Hero Member
*
Offline Offline

Posts: 1537618387

View Profile Personal Message (Offline)

Ignore
1537618387
Reply with quote  #2

1537618387
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1537618387
Hero Member
*
Offline Offline

Posts: 1537618387

View Profile Personal Message (Offline)

Ignore
1537618387
Reply with quote  #2

1537618387
Report to moderator
OmegaStarScream
Staff
Legendary
*
Offline Offline

Activity: 1414
Merit: 1101


Hire BOUNTYPORTALS>Bounty management goo.gl/XKv9TK


View Profile
January 10, 2018, 08:59:46 AM
 #2

I still don't understand why people don't buy from the company directly. Even If your country is not supported, when it comes to large amounts of money, someone should invest in a reship company. If the hardware wallet is not in stock, choose another one (there was no time where both Trezor and Ledger nano S were unavailable at the same time).

Lucius
Legendary
*
Offline Offline

Activity: 1176
Merit: 1064


Fortis Fortuna Adiuvat


View Profile WWW
January 10, 2018, 11:10:30 AM
 #3

https://www.reddit.com/r/ledgerwallet/comments/7oq0pu/mans_life_savings_stolen_from_hardware_wallet/

https://www.reddit.com/r/btc/comments/7ojvca/i_am_the_guy_that_lost_25000_due_to_ledger_scam/

https://www.reddit.com/r/ledgerwallet/comments/7oqsff/potential_compromisedsetup_wallets_still_out/

TL:DR - A guy bought a Ledger Nano S off a reseller on Ebay. It came with the seed preinstalled and written on an official looking scratch card. As he didn't know better he loaded it up only for it to be emptied shortly after.

The reseller didn't do it. The supplier to him did.

Generate a new seed on your devices, kids.

It is easy for us who know how things work,we would never made such a mistake or two.Buying hardware wallet from anywhere except official site it's not safe and even if you for some reason buy such device which have generated seed/pin then just check is there maybe some coins in wallet(gift from seller) and reset it by entering wrong pin 3 times(in case of Ledger Nano S).

Stealing of cryptocurrency becoming more lucrative job these days,fake online/desktop wallets,HW wallets with generated seed and specially programmed crypto malware are a daily threat.Best way to fight this is to educate users how to use cryptocurrency on a safe way.

   ███                       
   █████                     
  ███████                     
 ██████████        █         
  █████████      ████         
  ████████      ██           
     ██████    ██             
       ██████████             
            ██████   ███████ 
         █████  ██████████████
       ███ ███  ████████████ 
       ██ █          █       
      █                       
     █                       
.
                          ██ 
                       █████ 
                      ███████
           █        ██████████
          ████      █████████
             ██      ████████
              ██    ██████   
              ██████████     
   ███████   ██████           
 ██████████████  █████       
   ████████████  ███ ██       
    ██████          █ ██     
                        █     
                         █   




███           
██████         
████████     
██████████     
████████████ 
██████████████
██████████████
████████████   
██████████     
████████       
██████         
███           
.

██████████
██████████
██████████
██████████
.

          ████
        ██████
      ████████
    ██████████
  ████████████
██████████████
██████████████
  ████████████
    ██████████
      ████████
        ██████
           ███
[
veleten
Legendary
*
Online Online

Activity: 1344
Merit: 1020



View Profile
January 12, 2018, 04:45:41 PM
 #4

I still don't understand why people don't buy from the company directly. Even If your country is not supported, when it comes to large amounts of money, someone should invest in a reship company. If the hardware wallet is not in stock, choose another one (there was no time where both Trezor and Ledger nano S were unavailable at the same time).

there are many countries that they do not ship to or it is too expensive and/or complicated
besides many are buying from ebay or online shops and in 99% of the cases it should be all good
if you are investing in  some company or ICO you read their white paper or TOS,if you are
buing a storage for your life savings you should check and recheck the content of the package,that there were no
signs of tampering and that everything is legit
this was a harsh lesson and I hope we don't hear more stories like that

.BITSLER.                 ▄███
               ▄████▀
             ▄████▀
           ▄████▀  ▄██▄
         ▄████▀    ▀████▄
       ▄████▀        ▀████▄
     ▄████▀            ▀████▄
   ▄████▀                ▀████▄
 ▄████▀ ▄████▄      ▄████▄ ▀████▄
█████   ██████      ██████   █████
 ▀████▄ ▀████▀      ▀████▀ ▄████▀
   ▀████▄                ▄████▀
     ▀████▄            ▄████▀
       ▀████▄        ▄████▀
         ▀████▄    ▄████▀
           ▀████▄▄████▀
             ▀██████▀
               ▀▀▀▀
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄             
▄▄▄▄▀▀▀▀    ▄▄█▄▄ ▀▀▄         
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄       
█  ▀▄▄  ▀█▀▀ ▄      ▀████   ▀▀▄   
█ █▄  ▀▄   ▀████       ▀▀ ▄██▄ ▀▀▄
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█  ▀▀       ▀▄▄ ▀████      ▄▄▄▀▀▀  █
█            ▄ ▀▄    ▄▄▄▀▀▀   ▄▄  █
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀
█ ▄▄   ███   ▀██  █           ▀▀  █ 
█ ███  ▀██       █        ▄▄      █ 
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀   
▀▄            █        ▀▀      █   
▀▀▄   ███▄  █   ▄▄          █   
▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀     
▀▀▄   █   ▀▀▄▄▄▀▀▀         
▄▄▄▄▄▄▄▄▄▄▄█▄▄▀▀▀▀               
              ▄▄▄██████▄▄▄
          ▄▄████████████████▄▄
        ▄██████▀▀▀▀▀▀▀▀▀▀██████▄
▄     ▄█████▀             ▀█████▄
██▄▄ █████▀                ▀█████
 ████████            ▄██      █████
  ████████▄         ███▀       ████▄
  █████████▀▀     ▄███▀        █████
   █▀▀▀          █████         █████
     ▄▄▄         ████          █████
   █████          ▀▀           ████▀
    █████                     █████
     █████▄                 ▄█████
      ▀█████▄             ▄█████▀
        ▀██████▄▄▄▄▄▄▄▄▄▄██████▀
          ▀▀████████████████▀▀
              ▀▀▀██████▀▀▀
            ▄▄▄███████▄▄▄
         ▄█▀▀▀ ▄▄▄▄▄▄▄ ▀▀▀█▄
       █▀▀ ▄█████████████▄ ▀▀█
     █▀▀ ███████████████████ ▀▀█
    █▀ ███████████████████████ ▀█
   █▀ ███████████████▀▀ ███████ ▀█
 ▄█▀ ██████████████▀      ▀█████ ▀█▄
███ ███████████▀▀            ▀▀██ ███
███ ███████▀▀                     ███
███ ▀▀▀▀                          ███
▀██▄                             ▄██▀
  ▀█▄                            ▀▀
    █▄       █▄▄▄▄▄▄▄▄▄█
     █▄      ▀█████████▀
      ▀█▄      ▀▀▀▀▀▀▀
        ▀▀█▄▄  ▄▄▄
            ▀▀█████
[]
LeGaulois
Copper Member
Hero Member
*****
Offline Offline

Activity: 826
Merit: 852

Bitcoin Ninja Unregulated Banker Unbanking Folks


View Profile
January 14, 2018, 11:08:37 AM
 #5

The first time you use it, you are supposed to read the website to know how it works with the tutorials. If I remember you can't do anything without reading the site. Doing it he could guess something is wrong. Never I will buy outside the official website without to generate a new seed.
Sad for this guy :/

Selmor
Member
**
Offline Offline

Activity: 107
Merit: 10

Highest ROI crypto infrastructure


View Profile
January 14, 2018, 11:12:48 AM
 #6

Okey that’s hard. I was also thinking about buying a hw wallet from ebay. Not thinking about such a scam. So the only possible way is to buy the wallet from a trusted supplier or reseller. Maybe this kind of scam will grow in the future.

HeRetiK
Hero Member
*****
Offline Offline

Activity: 868
Merit: 718


the forkings will continue until morale improves


View Profile
January 14, 2018, 02:24:44 PM
Merited by achow101 (3)
 #7

I guess it was only a matter of time until such a thing would happen, sad to see the day when it actually did.


[...]

besides many are buying from ebay or online shops and in 99% of the cases it should be all good

[...]

I still wouldn't want to take the risk of the other 1% though. Or at least generate a new seed as pointed out by gentlemand.

I guess it mostly breaks down to educating people about the risks of hardware wallet resellers and on how to alleviate it. It seems like crypto is one of the few areas where a healthy dose of paranoia absolutely pays off.



Okey that’s hard. I was also thinking about buying a hw wallet from ebay. Not thinking about such a scam. So the only possible way is to buy the wallet from a trusted supplier or reseller. Maybe this kind of scam will grow in the future.

That's the problem though. When it comes to hardware wallets the only trusted suppliers are the hardware wallet producers themselves. I'm sure whoever supplied the reseller was also "trusted" at one point.

cynical
Full Member
***
Offline Offline

Activity: 280
Merit: 117


View Profile
January 22, 2018, 09:54:12 AM
 #8

I heard about this recently all right.
Oh man the scammers seem always to be one step ahead.
Sorry for that guy but I suppose if you dont know, you dont know.
It once again reminds us to have security to the forefront of our minds when dealing with crypto,
and to be super paranoid.
jossiel
Hero Member
*****
Offline Offline

Activity: 924
Merit: 510



View Profile
January 22, 2018, 10:21:06 AM
 #9

It once again reminds us to have security to the forefront of our minds when dealing with crypto,
The guy is just careless and trusted the "reputable" seller with the nano ledger s he bought.

Who on Earth will use that nano ledger s and will deposit his life savings that you did not generated those seeds from the device. It might be his first time of purchasing a nano ledger s but before purchasing he should watched some tutorials on youtube on how to secure his device so he'll notice that there's something wrong on his bought nano.

The seller tricked him - look at the picture below, posted by the moodyrocket.
https://i.imgur.com/DsICkge.jpg

Edit: I removed [im g] [ /img] code. It appears too big for this thread.

.BitDice.               ▄▄███▄▄
           ▄▄██▀▀ ▄ ▀▀██▄▄
      ▄▄█ ▀▀  ▄▄█████▄▄  ▀▀ █▄▄
  ▄▄██▀▀     ▀▀ █████ ▀▀     ▀▀██▄▄
██▀▀ ▄▄██▀      ▀███▀      ▀██▄▄ ▀▀██
██  ████▄▄       ███       ▄▄████  ██
██  █▀▀████▄▄  ▄█████▄  ▄▄████▀▀█  ██
██  ▀     ▀▀▀███████████▀▀▀     ▀  ██
             ███████████
██  ▄     ▄▄▄███████████▄▄▄     ▄  ██
██  █▄▄████▀▀  ▀█████▀  ▀▀████▄▄█  ██
██  ████▀▀       ███       ▀▀████  ██
██▄▄ ▀▀██▄      ▄███▄      ▄██▀▀ ▄▄██
  ▀▀██▄▄     ▄▄ █████ ▄▄     ▄▄██▀▀
      ▀▀█ ▄▄  ▀▀█████▀▀  ▄▄ █▀▀
           ▀▀██▄▄ ▀ ▄▄██▀▀
               ▀▀███▀▀
        ▄▄███████▄▄
     ▄███████████████▄
    ████▀▀       ▀▀████
   ████▀           ▀████
   ████             ████
   ████ ▄▄▄▄▄▄▄▄▄▄▄ ████
▄█████████████████████████▄
██████████▀▀▀▀▀▀▀██████████
████                   ████
████                   ████
████                   ████
████                   ████
████                   ████
████▄                 ▄████
████████▄▄▄     ▄▄▄████████
  ▀▀▀█████████████████▀▀▀
        ▀▀▀█████▀▀▀
▄▄████████████████████████████████▄▄
██████████████████████████████████████
█████                            █████
█████                            █████
█████                            █████
█████                            █████
█████                     ▄▄▄▄▄▄▄▄▄▄
█████                   ▄█▀▀▀▀▀▀▀▀▀▀█▄
█████                   ██          ██
█████                   ██          ██
█████                   ██          ██
██████████████████▀▀███ ██          ██
 ████████████████▄  ▄██ ██          ██
   ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ ██          ██
             ██████████ ██          ██
           ▄███████████ ██████▀▀██████
          █████████████  ▀████▄▄████▀
[/]
Spendulus
Legendary
*
Offline Offline

Activity: 2002
Merit: 1047



View Profile
January 25, 2018, 03:31:33 AM
 #10

https://www.reddit.com/r/ledgerwallet/comments/7oq0pu/mans_life_savings_stolen_from_hardware_wallet/

https://www.reddit.com/r/btc/comments/7ojvca/i_am_the_guy_that_lost_25000_due_to_ledger_scam/

https://www.reddit.com/r/ledgerwallet/comments/7oqsff/potential_compromisedsetup_wallets_still_out/

TL:DR - A guy bought a Ledger Nano S off a reseller on Ebay. It came with the seed preinstalled and written on an official looking scratch card. As he didn't know better he loaded it up only for it to be emptied shortly after.

The reseller didn't do it. The supplier to him did.

Generate a new seed on your devices, kids.

That's one way to create the ability to wholesale the Ledger cheaper than anyone else!
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!