Unauthorized BTC transaction from Ledger Nano x

[KEBKR]

Hi.

Looking for some help. Yesterday I received my Ledger nano x from Ledger.  I opened the box which didn't seem tapered with at all, setup the device and recovered the wallet to it so it's the same as my existing nano s.  I then sent a test transaction for $1.00 worth of BTC to my Coinomi wallet.  The transaction all looked legit and went through fine,  fees and all it was a little over $3.00 worth of BTC 0.0004 and change.  Ledger live shows the transaction fine in the history and my ledger live balance updated to show the balance minus the funds I sent. 

However when I check blockchain explorer the transaction ID shows and additional 0.057 BTC sent from my wallet address in the same TX to an unknown bitcoin address.  My balance on blockchain explorer shows a different amount than on ledger live even after ledger live has synchronized.  On blockchain explorer the extra 0.57 BTC has been deducted from my balance but in ledger live it has it been.    So in sending a $1.00 BTC transfer i lost over $450 from my wallet.  Again I didn't send the 0.057 BTC, I checked the transaction id fees etc on the ledger before authorizing and everything seemed legit.  Does any one have any idea what's happening?  Is my ledger possibly hacked?  I"m scared to move any remaining funds as I don't want to lose more.

[1715204983]

1715204983

[1715204983]

1715204983

[1715204983]

1715204983

[1715204983]

1715204983

[1715204983]

1715204983

[mocacinno]

Hi.

Looking for some help. Yesterday I received my Ledger nano x from Ledger.  I opened the box which didn't seem tapered with at all, setup the device and recovered the wallet to it so it's the same as my existing nano s.  I then sent a test transaction for $1.00 worth of BTC to my Coinomi wallet.  The transaction all looked legit and went through fine,  fees and all it was a little over $3.00 worth of BTC 0.0004 and change.  Ledger live shows the transaction fine in the history and my ledger live balance updated to show the balance minus the funds I sent.  

However when I check blockchain explorer the transaction ID shows and additional 0.057 BTC sent from my wallet address in the same TX to an unknown bitcoin address.  My balance on blockchain explorer shows a different amount than on ledger live even after ledger live has synchronized.  On blockchain explorer the extra 0.57 BTC has been deducted from my balance but in ledger live it has it been.    So in sending a $1.00 BTC transfer i lost over $450 from my wallet.  Again I didn't send the 0.057 BTC, I checked the transaction id fees etc on the ledger before authorizing and everything seemed legit.  Does any one have any idea what's happening?  Is my ledger possibly hacked?  I"m scared to move any remaining funds as I don't want to lose more.

My best guess, without knowing your transaction id or address you funded, would be that your ledger just created a change address. This is the way the protocol works.

You probably had a 0.0574 unspent output funding your address, you used this output as an input to create a new transaction. 0.0004 funded your coinomi wallet, 0.057 funded a change address generated by your hardware wallet.

You do know coinomi has had several vulnerability's in the past, right? (unrelated to this topic tough)

[KEBKR]

OK thanks for the reply.  Is there anyway to reverse that or recover the funds in that instance?

[DaveF]

There is no way to reverse the transaction.
There are no funds to "recover" you have them.
You just have to get to the address that the change was sent to. The ledger has it.

-Dave

[AB de Royse777]

~snip~

My best guess, without knowing your transaction id or address you funded, would be that your ledger just created a change address. This is the way the protocol works.
~snip~

It's indeed a change address.

This can be disabled using the Electrum. Once you connect your ledger using the Electrum then it's easy to change the setup like we normally do in Electrum but with the live and chrome extension I do not think it can be disabled.

OK thanks for the reply.  Is there anyway to reverse that or recover the funds in that instance?

When you open the ledger live then do you see the balance that you are expecting or you see the balance has 0.057BTC less than you expected total?

[KEBKR]

Ledger Live shows the balance I was expecting but I can't see the new address anywhere in Live.  How would i access the address it doesn't seem linked to my Live app or my BTC account directly.

[mocacinno]

Ledger Live shows the balance I was expecting but I can't see the new address anywhere in Live.  How would i access the address it doesn't seem linked to my Live app or my BTC account directly.

I don't have ledger live installed on my workpc, so i cannot give you a walktrough...

However, if you connect your ledger to electrum and enable the address-tab you should see all addresses (funded, previously funded and unfunded up to the gap limit).

This being said, as a normal user, there is hardly any usecase for this... There are only a very little amount of circumstances where you (as an enduser) would need to find out how to find the list of change addresses. As long as your balance is ok, and you don't see outgoing transactions you didn't make, everything should be fine

[KEBKR]

Ok thanks for all the help!

[HCP]

To the best of my knowledge... there isn't any way within Ledger Live itself to see a list of your receiving/change addresses.

You would need to export the "xpub" and generate the list of addresses in another app (like Electrum) or by using .

[o_e_l_e_o]

I don't have ledger live installed on my workpc, so i cannot give you a walktrough...

There is no way to see individual addresses and the balance contained on each address with Ledger Live. As you say, the best way to do this is to hook up your Ledger to Electrum. There are instructions on how to do this here: https://support.ledger.com/hc/en-us/articles/115005161925-Set-up-and-use-Electrum

Using Electrum also gives you the added functionality over Ledger Live of having UTXO management, which allows you to choose which addresses to spend your coins from, as well as having native SegWit support.

[Lucius]

To the best of my knowledge... there isn't any way within Ledger Live itself to see a list of your receiving/change addresses.

They seem to have learned something from a time of Google Apps and that option which is allow users to see all created addresses. Some users (including me) are just take some address from there and make some problems with transactions. Problem was also in fact that all created addresses are mixed, and not marked in any way as receiving or change address.

What is important here is fact that coins are in wallet, and change address can be seen on blockchain explorer.

[bob123]

1. If your ledger would be hacked, all funds would be gone already.

2. If the total amount of your coins inside of your wallet still is correct, it indeed is a change address of yours.


Bitcoin transactions work with inputs and outputs.

For example:
You (A) have 1 input (i.e. received 1 transaction) with 1 BTC.
You want to send 0.1 BTC to B.

The transaction looks like this (ignoring fees here):

Input:

• 1 BTC

Outputs:

• 0.1 BTC (to B)
• 0.9 BTC (to yourself)

Your wallet will show 0.1 BTC being transferred.
On a block explorer however, you will see that your whole BTC has moved (which is true, but 0.9 of them moved to a different address of yours).

[bob123]

How is this possible?

What do you mean ?

That's how bitcoin works.

BTC is following a UTXO (Unspent Transaction Outputs) model.
"Coins" do not exist. There are just outputs of previous transactions which havn't been spent yet.

You can imagine it like dollar bills. You cant just give someone half of a bill. You give the whole bill, and get change back. That's the same principle.