Source: https://www.edgeneo.com/blogs/news/ledgernanoshackedHardware wallets are regarded as the safest means of storing bitcoin and other cryptocurrencies. This is due to the fact that the wallet is offline and each device grants the holder possession of their private keys and adds a PIN code plus other tamper-proof technologies for enhanced security.
When purchased from an authorized retailer, it is theoretically impossible for the stored asset to get hacked and stolen. However, that can't be said the same when purchasing from a non-authorized retailer as a British man who lost his “life savings” after purchasing his nano s from eBay would tell you.
The device was compromised, not due to any design or technical flaws but thanks to a middleman hack in which the reseller replaced the recovery seed that was in the product box with their own.
The buyer then unknowingly began using the wallet, unaware that the default seed they were using had not been randomly assigned by the manufacturer.
"I have not used my Ledger in a week, today I decide to check the value of my XRP, Litecoin and Dash only to discover that all of them showed up as zero and had been transferred somewhere else yesterday all around the same time at 7:30pm. I am not sure how this is possible as I have not accessed my Ledger in a week."
The seed is meant to be generated by the device, but this purchase came with “scratch off” paper that revealed the seed. Had the victim reset the device and created a new seed he would have been fine. When presented with convincingly forged documentation, though, he naturally felt safe in sticking with the default seed.
The tale serves to highlight the dangers to anyone considering to purchase a hardware wallet from unaffiliated vendors who have no formal partnership with wallet manufacturers. Such actions should all be avoided.
