WARNING! Ledger detected a malware

[The Cryptovator]

Just now noticed from Ledger Nano Twitter,

Whoever using Ledger, they should be aware about this attack.

[1714973566]

1714973566

[1714973566]

1714973566

[1714973566]

1714973566

[1714973566]

1714973566

[1714973566]

1714973566

[AB de Royse777]

~snip~


Whoever using Ledger Nano, they should be aware about this attack.

Whatever you do, you do not need to enter your 24 words phrase in any other device (laptop, computer) except on the Neno device.

Hardware devices are comparatively less riskier than desktop wallets. Just always ensure that your word phrases are applicable in the wallet device itself.

[mindrust]

Paper wallets aren't affected.

HW wallets is a dumb concept anyway. If you are going to actively spend your crypto all you need is an iphone which is secure enough unless you don't keep no more than $500 (make it $1k if you are a risk taker) there which is enough for your daily purchases usually.

For any higher amounts, just use an offline wallet, cold wallet whatever you call it. You don't even need a computer. Write your priv keys, seed down that keep it safe.

[LeGaulois]

I wouldn't call it a dump concept. The very principle of cold storage is to keep your bitcoins offline. It may not be suitable for daily/regular use (and this point can be discussed). This is a different thing but the concept is far from being dump. And not everyone uses their HW for regular uses. The only security risks are the result of the user himself

[vit05]

Paper wallets aren't affected.

HW wallets is a dumb concept anyway. If you are going to actively spend your crypto all you need is an iphone which is secure enough unless you don't keep no more than $500 (make it $1k if you are a risk taker) there which is enough for your daily purchases usually.

For any higher amounts, just use an offline wallet, cold wallet whatever you call it. You don't even need a computer. Write your priv keys, seed down that keep it safe.

Hardware Wallets are much more practical than using an Iphone. You need to think about several updates that an Iphone needs, is much bigger, has the issue of always keep it with enough battery so it is not possible to leave it in a safe and use it instantly.

Hardware Wallets are designed with a single purpose and this makes them a better product.

I use a smartphone exclusively as a wallet. I do not have an HW, but I'm thinking of buying because I do not feel safe with paper wallet, nor totally safe with smatphone.

And this malware is the fault of some irresponsibility people using the same OS for everything.

[joniboini]

HW wallets is a dumb concept anyway. If you are going to actively spend your crypto all you need is an iphone which is secure enough unless you don't keep no more than $500 (make it $1k if you are a risk taker) there which is enough for your daily purchases usually.

If you're going to actively use your crypto then you should not use hardware wallet imo. What you describe is a hot wallet.
I don't know why Iphone is your choice here but I'd probably go with Android, at least it's more affordable for the average joe like me.

Paper wallets aren't affected.

Literally, almost all wallet other than Ledger Nano won't be affected, as this is a malware that attacks Ledger user.

[mindrust]

HW wallets is a dumb concept anyway. If you are going to actively spend your crypto all you need is an iphone which is secure enough unless you don't keep no more than $500 (make it $1k if you are a risk taker) there which is enough for your daily purchases usually.

If you're going to actively use your crypto then you should not use hardware wallet imo. What you describe is a hot wallet.
I don't know why Iphone is your choice here but I'd probably go with Android, at least it's more affordable for the average joe like me.

Paper wallets aren't affected.

Literally, almost all wallet other than Ledger Nano won't be affected, as this is a malware that attacks Ledger user.

You are just confirming what I said.

If you aren't going to actively spend crypto why pay for a HW wallet? Get a paper wallet for free and hide it away. Buy more coins with the HW wallet money.

IOS > Android.

It was always like that. Android is big chunk of malware I wouldn't even trust my $100 on it. That's more like a personal choice but that's how I see it.

[bob123]

If you aren't going to actively spend crypto why pay for a HW wallet? Get a paper wallet for free and hide it away. Buy more coins with the HW wallet money.

Because you might still want to access your coins and move them around / use them instead of hoarding them for 10 years ?!
Maybe because you want to take BTC with your for a bigger purchase without risking losing them all ?

Who cares about 60$, if all of your coins are secured for that money?!


This 'malware' is the dumbest form of a malware.
I mean.. i could also create a malware which says:

"Your paper wallet has been updated, please enter your private key, or directly send your coins to 12ScammerAddress to not lose them".

It is the same as with the current malware.
HW seeds and paper wallet private keys do not belong on the computer. And people who don't know this, didn't use their brain at all when setting up their wallet.

IOS > Android.

It was always like that. Android is big chunk of malware I wouldn't even trust my $100 on it. That's more like a personal choice but that's how I see it.

Ios > android is bullshit.
Android a big chunk of malware.. is bullshit.

It is your personal opinion, and thats fine. But it is wrong.


You are saying that an closed source operating system whose 'encryption' and screen lock can be circumvented by federal agencies and apple itself is better than an open source mobile OS based on linux with proper screen lock and proper encryption ?
WTF, dude. Less smoking, more thinking.

I mean.. i don't care what your personal opinion is.. but stop spreading misinformation.

[Pmalek]

Thanks for the warning!
Anyone who is using a Ledger device should know that nowhere during the setup process do you need to input your seed into Leger Live. They are only shown to you on the screen of your Ledger device. Keeping that in mind even if you get infected by this malware it should be clear that something is not right here.

[mindrust]

Because you might still want to access your coins and move them around / use them instead of hoarding them for 10 years ?!
Maybe because you want to take BTC with your for a bigger purchase without risking losing them all ?

Who cares about 60$, if all of your coins are secured for that money?!

Now this is your personal opinion. $60 can be a big amount if you see it as an unnecessary expense. It is a waste. You don't need to spend $60 secure your millions. You can do it for free. What if you need to move them? Just install a fresh linux. That's free too. If I am not going to spend that $60 on other crypto, I'd rather spend it on Beer but I still wouldn't buy a ledger. It is a waste. Completely.

Ios > android is bullshit.
Android a big chunk of malware.. is bullshit.

It is your personal opinion, and thats fine. But it is wrong.


You are saying that an closed source operating system whose 'encryption' and screen lock can be circumvented by federal agencies and apple itself is better than an open source mobile OS based on linux with proper screen lock and proper encryption ?
WTF, dude. Less smoking, more thinking.

I mean.. i don't care what your personal opinion is.. but stop spreading misinformation.

It is not bullshit and it is not wrong. Android comes with shitloads of bloatware which is a security risk. IOS is completely free of bloatware. You can make Android work with reinstalling clean versions but not many people bother to do so. Most people just buy their phone from the manufacturer and use it as is.

I have even seen Samsung sending random messages to its users via their phone. Bloatwares update itself randomly, Android is a fucking circus.

IOS is so clean and feels good. Again my personal opinion, you don't have to agree.

[bob123]

Now this is your personal opinion. $60 can be a big amount if you see it as an unnecessary expense. It is a waste. You don't need to spend $60 secure your millions. You can do it for free. What if you need to move them? Just install a fresh linux. That's free too.

Ye, i always have my encrypted paper wallet with me and my laptop with a fresh linux iso on my usb.
That's so handy.

Who needs a small device with a weight less than 100g, which secures your coins and can be always accessed everywhere without putting your BTC at risk, if he can just carry around a laptop + linux iso + paper wallet to access his BTC.  

You might decide that it is unnecessary for YOU. But calling hardware wallets a 'dumb concept' is simply retarded.


Name one way to securely carry BTCs with you together with the ability to spend them everywhere without much hassle..

It is not bullshit and it is not wrong. Android comes with shitloads of bloatware which is a security risk. IOS is completely free of bloatware.

IOs free of bloatware ?  

Ok, apple fanboy. Is this a fact because steve jobs appeard in your dreams and spoke to you ?
Or how do you come to that delusional conclusion ?


And sure, IOs does not have any vulnerabilities.
If the code is closed source, noone knows how to exploit them, correct ?  

Security by obscurity has always been a good idea..  

IOS is so clean and feels good. Again my personal opinion, you don't have to agree.

Must feel very good to pay 800$ for a mobile which has a worse (closed source) OS and much inferior hardware than a 400$ android device.

I guess you like bitten apples.

[Pmalek]

Android comes with shitloads of bloatware which is a security risk.

Depends where you buy your phone. Try the Nokia 8 or Nokia 8.1. Doesn't have any pre-installed apps besides the usual Google Drive/Chrome and Youtube. You might like Iphones better and that is your right to do so but you are wrong if you think your phone is safe cause it is an iOS and mine isn't because I use an Android.

[Lucius]

This is only phishing attack, so to get fake Ledger Live user first need to be pretty stupid to download Ledger Live from unofficial sources, and after that to enter seed in such fake software. Everyone should know that for each update they should use only the official site, and that Ledger will never ask that seed is typed anywhere else than on the hardware wallet. One who can not or does not want to understand these two basic things, is guilty of any possible loss.

What has not been revealed yet is source of this infected Ledger Live. One user is write this :

my friend lost 10btc ... he told me notification came from ledger live software so means your managment is involve in this crime.. this is v shocking & disappointing

https://twitter.com/Ledger/status/1121444956999168001

Other say he get fake Ledger Live last week :

Too late, I did this Ledger Live Desktop update last week and entered my 24 word recovery phase. Can I log on to my Nano S and change my 24 word recovery phrase

https://twitter.com/Ledger/status/1121439219086495745

[naska21]

snip

The only question is whether that malicious Ledger Live app has been installed by user himself or by malware that compromised his/her machine and  judging from tweet it was not ordinary fishing but a  gross  negligence  as to the  security policy relevant to unauthorized  activity inside computer. 

[mindrust]

Android comes with shitloads of bloatware which is a security risk.

Depends where you buy your phone. Try the Nokia 8 or Nokia 8.1. Doesn't have any pre-installed apps besides the usual Google Drive/Chrome and Youtube. You might like Iphones better and that is your right to do so but you are wrong if you think your phone is safe cause it is an iOS and mine isn't because I use an Android.

https://nokiamob.net/wp-content/uploads/2018/07/Nokia-8-Sirocco-apps.jpg

I must admit I forgot to mention those clean Android devices. There used to be google phones (pure android) If I remember right and they were like that Nokia phone too. Not many people aware of their existence and Nokia is a dead company walking.

When I say Android, I mean Samsung, LG, Huawei, HTC and crap like that.

I must admit, that Nokia looks good.

But I still wouldn't replace my Iphone with an Android. No way. You are fooling no one.

I guess you like bitten apples.

You got me.  

edit: I am a long time Sony Xperia user. I know android. I used it for years. Not coming back.