Bitcoin Forum
November 03, 2024, 02:37:33 PM *
News: Latest Bitcoin Core release: 28.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1]
  Print  
Author Topic: !Be careful where you buy your Hardware Wallet from!  (Read 177 times)
denis-z12 (OP)
Full Member
***
Offline Offline

Activity: 294
Merit: 103



View Profile
March 13, 2018, 05:20:00 PM
Last edit: March 13, 2018, 05:34:08 PM by denis-z12
 #1

Source: https://www.edgeneo.com/blogs/news/ledgernanoshacked

Hardware wallets are regarded as the safest means of storing bitcoin and other cryptocurrencies. This is due to the fact that the wallet is offline and each device grants the holder possession of their private keys and adds a PIN code plus other tamper-proof technologies for enhanced security.

When purchased from an authorized retailer, it is theoretically impossible for the stored asset to get hacked and stolen. However, that can't be said the same when purchasing from a non-authorized retailer as a British man who lost his “life savings” after purchasing his nano s from eBay would tell you.

The device was compromised, not due to any design or technical flaws but thanks to a middleman hack in which the reseller replaced the recovery seed that was in the product box with their own.

The buyer then unknowingly began using the wallet, unaware that the default seed they were using had not been randomly assigned by the manufacturer.

"I have not used my Ledger in a week, today I decide to check the value of my XRP, Litecoin and Dash only to discover that all of them showed up as zero and had been transferred somewhere else yesterday all around the same time at 7:30pm. I am not sure how this is possible as I have not accessed my Ledger in a week."

The seed is meant to be generated by the device, but this purchase came with “scratch off” paper that revealed the seed. Had the victim reset the device and created a new seed he would have been fine. When presented with convincingly forged documentation, though, he naturally felt safe in sticking with the default seed.


The tale serves to highlight the dangers to anyone considering to purchase a hardware wallet from unaffiliated vendors who have no formal partnership with wallet manufacturers. Such actions should all be avoided.
mk4
Legendary
*
Offline Offline

Activity: 2912
Merit: 3881


📟 t3rminal.xyz


View Profile WWW
March 13, 2018, 05:28:35 PM
 #2

Copy pasted from: https://www.edgeneo.com/blogs/news/ledgernanoshacked

» t3rminal.xyz «
Telegram Alert Bots for Traders
denis-z12 (OP)
Full Member
***
Offline Offline

Activity: 294
Merit: 103



View Profile
March 13, 2018, 05:33:20 PM
 #3


Yes, I saw it on facebook but thats the link, I will put the link on the topic if its a problem posting it without it.
Pages: [1]
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!