KrJS81 (OP)
Newbie
Offline
Activity: 8
Merit: 3
|
Hi All.
I hope you can help me in this quite critical situation. Today this morning I logged in to my Ledger Live (using Ledger Nano S) to see how my Bitcoins and Ethereum had developed since I was logged in last time on 29th of October. Unfortunately my funds are gone - both currency balances are 0 and I can see in the transaction history that all my funds were sent away from my wallet on the 29th of October(!) with 7 minutes between the transactions. Probably within 30 minutes after I logged into the wallet.
I'm wondering how on earth this can happen since I have kept my recovery phrase safe?
I have obviously reported this as a crime to the Police here in Denmark as well as reached out to Ledger's Support through their standard formular. Awaiting their feedback.
In the meantime any advice and help would be much appreciated.
Regards
|
|
|
|
mocacinno
Legendary
Offline
Activity: 3570
Merit: 5233
https://merel.mobi => buy facemasks with BTC/LTC
|
|
November 24, 2020, 10:57:24 AM |
|
Hi All.
I hope you can help me in this quite critical situation. Today this morning I logged in to my Ledger Live (using Ledger Nano S) to see how my Bitcoins and Ethereum had developed since I was logged in last time on 29th of October. Unfortunately my funds are gone - both currency balances are 0 and I can see in the transaction history that all my funds were sent away from my wallet on the 29th of October(!) with 7 minutes between the transactions. Probably within 30 minutes after I logged into the wallet.
I'm wondering how on earth this can happen since I have kept my recovery phrase safe?
I have obviously reported this as a crime to the Police here in Denmark as well as reached out to Ledger's Support through their standard formular. Awaiting their feedback.
In the meantime any advice and help would be much appreciated.
Regards
Could you elaborate on how you kept your recovery phrase safe? Most of the times a HW wallet gets robbed it's either: - because somebody got their hands on your recovery phrase (most common)
- because somebody had physical access to your HW wallet (very rare)
The first option (somebody getting their hands on your recovery phrase) is usually caused by: - a phising attack: for example an email telling you you were hacked, and urging you to visit a phising website where you're asked to enter your seed
- buying an initialised device instead of initialising it yourself
- the seed being stored online in some sort of cloud storage
- somebody having physical access to the paper (or other medium) containing your seed
- the seed being stored on any kind of online device that's fallen victim to a vulnerability or malware
As for getting your funds back: unless there's some kind of mistake (for example: you're looking at the wrong wallet, or you moved the funds yourself, or moving to a bech32 wallet, or splitting BTC-BCH) the odds of getting your funds back are slim to none... As soon as the tx created by the robber was confirmed, the only way of getting your funds back is if the robber sends it back (or if the police catch him and return your funds)
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
November 24, 2020, 10:59:41 AM |
|
Hej
What did you do last time you logged in? Did you send a transaction out from your wallet or something?
Where did you source the ledger from? Did it come from the official site or a reseller? Some report say resellers often don't check wallets are of original quality before being returned (eg they might have a mnemonic someone else noted down).
Also how long have you had the ledger.
|
|
|
|
KrJS81 (OP)
Newbie
Offline
Activity: 8
Merit: 3
|
|
November 24, 2020, 11:15:25 AM |
|
Hi All.
I hope you can help me in this quite critical situation. Today this morning I logged in to my Ledger Live (using Ledger Nano S) to see how my Bitcoins and Ethereum had developed since I was logged in last time on 29th of October. Unfortunately my funds are gone - both currency balances are 0 and I can see in the transaction history that all my funds were sent away from my wallet on the 29th of October(!) with 7 minutes between the transactions. Probably within 30 minutes after I logged into the wallet.
I'm wondering how on earth this can happen since I have kept my recovery phrase safe?
I have obviously reported this as a crime to the Police here in Denmark as well as reached out to Ledger's Support through their standard formular. Awaiting their feedback.
In the meantime any advice and help would be much appreciated.
Regards
Could you elaborate on how you kept your recovery phrase safe? Most of the times a HW wallet gets robbed it's either: - because somebody got their hands on your recovery phrase (most common)
- because somebody had physical access to your HW wallet (very rare)
The first option (somebody getting their hands on your recovery phrase) is usually caused by: - a phising attack: for example an email telling you you were hacked, and urging you to visit a phising website where you're asked to enter your seed
- buying an initialised device instead of initialising it yourself
- the seed being stored online in some sort of cloud storage
- somebody having physical access to the paper (or other medium) containing your seed
- the seed being stored on any kind of online device that's fallen victim to a vulnerability or malware
As for getting your funds back: unless there's some kind of mistake (for example: you're looking at the wrong wallet, or you moved the funds yourself, or moving to a bech32 wallet, or splitting BTC-BCH) the odds of getting your funds back are slim to none... As soon as the tx created by the robber was confirmed, the only way of getting your funds back is if the robber sends it back (or if the police catch him and return your funds) Thanks for your quick input. By nature I'm very skeptical and would never fall for a phishing email or something similar. I always check links etc. before I potentially click or do whatever action sender would like me to do. I'm having my recovery phrase - the paper file - stored in my home office in a folder between random documents where only family have access. My intention was to move it to a bank box safe though. I haven't taken/uploaded a picture of the phrases. I simply don't get how this can happen and the interesting thing here is, that it happened just within short time after I was logged into Ledger Live (which was the first time in 4-5 months time). Very odd and frustrating. :-(
|
|
|
|
HedgeFx
|
|
November 24, 2020, 11:17:43 AM |
|
Sorry to heard your histoy, but just for undestrand: thieves have stolen a small or large amount from your ledger?
Why this answer is easy to understand:
1) If amount was small, it was probably a pissing attack and affected more people. Consider that some time ago I got some sms with Ledger as sender inviting me to do an update, which were a pissing attacks (I happened to receive two sms on my phone).
2) if amount was high, it may have happened that some single person has spied on you, followed you in as far as knowledge of your wealth, until he could make the shot. In this latter case, perhaps you also have some hope of finding out who hit you.
|
|
|
|
KrJS81 (OP)
Newbie
Offline
Activity: 8
Merit: 3
|
|
November 24, 2020, 11:26:22 AM |
|
Sorry to heard your histoy, but just for undestrand: thieves have stolen a small or large amount from your ledger?
Why this answer is easy to understand:
1) If amount was small, it was probably a pissing attack and affected more people. Consider that some time ago I got some sms with Ledger as sender inviting me to do an update, which were a pissing attacks (I happened to receive two sms on my phone).
2) if amount was high, it may have happened that some single person has spied on you, followed you in as far as knowledge of your wealth, until he could make the shot. In this latter case, perhaps you also have some hope of finding out who hit you.
Thanks for your input. 2) To me the amount is high - 2.9 Bitcoins and some few Ethereums 10.0. What do you mean by spying? What are the options really - is it possible to steal the coins from Nano S without having access to the recovery phrase and/or the USB device?
|
|
|
|
mocacinno
Legendary
Offline
Activity: 3570
Merit: 5233
https://merel.mobi => buy facemasks with BTC/LTC
|
|
November 24, 2020, 11:30:39 AM |
|
--snip-- What do you mean by spying? What are the options really - is it possible to steal the coins from Nano S without having access to the recovery phrase and/or the USB device?
At this moment in time, i don't think there are any vulnerability's described like this... I was searching for a list of current vulnerability's, and ended up on sites like this one: https://wallet.fail/wallets/nanos/IIRC, there used to be a vulnerability with app isolation earlyer this year, so you could be fooled to think you were signing (for example) an LTC tx, while in reality you were signing a BTC tx, but IIRC, even this vulnerability was very hard to exploit and if i'm not mistaken it was fixed. However, ledger did suffer a big data breach, and it's users are constantly getting phishing mails, text messages,... Also, recently it seems like somebody succeeded in contaminating amazon's stock with pre-initialised device(s). I'm not saying this is the case here... New vulnerability's get found all the time (well, not for hw wallets per sé, but in general) so in theory it is possible you fell victim to a new vulnerability. This being said: odds are bigger someone got their hands on your seed or your physical device... EDIT: by the way, i'm not victim-blaming here... I'm relatively strict when it comes to opsec (not as strict as some other members, but still, i think i do OK), but a while ago i almost fell for an obvious scam myself: my grandmother passed away (she was 92 years old at the time, so i guess she had a full life) and while being numb after here passing i didn't pay as close attention as i usually do, and i almost fell for a trap... What i'm trying to say: everybody has his weak moments... Never say it's impossible that you fell for a phishing attack or an evil maid attack, or an inventory attack.. It only takes one moment without your full attention to fall victim.
|
|
|
|
ranochigo
Legendary
Offline
Activity: 3038
Merit: 4420
Crypto Swap Exchange
|
|
November 24, 2020, 11:30:54 AM |
|
is it possible to steal the coins from Nano S without having access to the recovery phrase and/or the USB device?
Zero-day exploits are not uncommon but I'm almost certain that whatever is stored on your computer cannot be used to steal your Bitcoins. The whole point of HW wallets is to block the attack vector from your computer. Connecting your Ledger to a computer should not compromise your seeds or your keys and it would not make a transaction for you unless you approve it on your Ledger. Did you approve anything on the Ledger when you're using the Ledger Live?
|
|
|
|
HedgeFx
|
|
November 24, 2020, 11:32:40 AM |
|
It a quite big amount (actually near 50k euro) . It is possible Someone who knows you knew that you had these crypro-currencies? But try to remeber: are you sure that you haven't received any sms from LEDGER? This sms arrived me abount 1 mounth ago... So the period coincides Sorry to heard your histoy, but just for undestrand: thieves have stolen a small or large amount from your ledger?
Why this answer is easy to understand:
1) If amount was small, it was probably a pissing attack and affected more people. Consider that some time ago I got some sms with Ledger as sender inviting me to do an update, which were a pissing attacks (I happened to receive two sms on my phone).
2) if amount was high, it may have happened that some single person has spied on you, followed you in as far as knowledge of your wealth, until he could make the shot. In this latter case, perhaps you also have some hope of finding out who hit you.
Thanks for your input. 2) To me the amount is high - 2.9 Bitcoins and some few Ethereums 10.0. What do you mean by spying? What are the options really - is it possible to steal the coins from Nano S without having access to the recovery phrase and/or the USB device?
|
|
|
|
HedgeFx
|
|
November 24, 2020, 11:33:19 AM |
|
A troian in his pc? --snip-- What do you mean by spying? What are the options really - is it possible to steal the coins from Nano S without having access to the recovery phrase and/or the USB device?
At this moment in time, i don't think there are any vulnerability's described like this... I was searching for a list of current vulnerability's, and ended up on sites like this one: https://wallet.fail/wallets/nanos/
|
|
|
|
KrJS81 (OP)
Newbie
Offline
Activity: 8
Merit: 3
|
|
November 24, 2020, 12:08:09 PM |
|
It a quite big amount (actually near 50k euro) . It is possible Someone who knows you knew that you had these crypro-currencies? But try to remeber: are you sure that you haven't received any sms from LEDGER? This sms arrived me abount 1 mounth ago... So the period coincides Sorry to heard your histoy, but just for undestrand: thieves have stolen a small or large amount from your ledger?
Why this answer is easy to understand:
1) If amount was small, it was probably a pissing attack and affected more people. Consider that some time ago I got some sms with Ledger as sender inviting me to do an update, which were a pissing attacks (I happened to receive two sms on my phone).
2) if amount was high, it may have happened that some single person has spied on you, followed you in as far as knowledge of your wealth, until he could make the shot. In this latter case, perhaps you also have some hope of finding out who hit you.
Thanks for your input. 2) To me the amount is high - 2.9 Bitcoins and some few Ethereums 10.0. What do you mean by spying? What are the options really - is it possible to steal the coins from Nano S without having access to the recovery phrase and/or the USB device? Yes, some knew about my crypto currencies. But what I don't understand is how it can happen, really? I was logged in on 29th of Oct. for the first time in 4-5 months and just shortly after the transactions took place apparently. So I guess it's likely that a Trojan horse was surveilling me rather than someone abused my recovery phrase (as if it was caused by leak of recovery phrase I guess the coins were stolen independent from my login?). Let's say it was a Trojan horse and everything which I did that day was captured by a thief. I guess the person still needs to confirm the transactions physically on the Nano device?
|
|
|
|
KrJS81 (OP)
Newbie
Offline
Activity: 8
Merit: 3
|
|
November 24, 2020, 12:15:01 PM |
|
is it possible to steal the coins from Nano S without having access to the recovery phrase and/or the USB device?
Zero-day exploits are not uncommon but I'm almost certain that whatever is stored on your computer cannot be used to steal your Bitcoins. The whole point of HW wallets is to block the attack vector from your computer. Connecting your Ledger to a computer should not compromise your seeds or your keys and it would not make a transaction for you unless you approve it on your Ledger. Did you approve anything on the Ledger when you're using the Ledger Live? Exactly - and that was the whole point getting a physical device for my crypto currencies - to approve things physically on the device. I did not approve anything that day - and actually I had problems entering/seeing my Ethereum balance that day due to a software bug I guess. I remember I seeked info in Ledgers Q&A but didn't manage to solve it quickly and therefore I pushed it for today where I did a Ledger Live update which apparently solved the Ethereum bug (as I can now see my balance and the fact the funds left on 29th (wondering how that could happen since I couldn't even access the Ethereums myself)).
|
|
|
|
KrJS81 (OP)
Newbie
Offline
Activity: 8
Merit: 3
|
|
November 24, 2020, 12:26:34 PM |
|
--snip-- What do you mean by spying? What are the options really - is it possible to steal the coins from Nano S without having access to the recovery phrase and/or the USB device?
At this moment in time, i don't think there are any vulnerability's described like this... I was searching for a list of current vulnerability's, and ended up on sites like this one: https://wallet.fail/wallets/nanos/IIRC, there used to be a vulnerability with app isolation earlyer this year, so you could be fooled to think you were signing (for example) an LTC tx, while in reality you were signing a BTC tx, but IIRC, even this vulnerability was very hard to exploit and if i'm not mistaken it was fixed. However, ledger did suffer a big data breach, and it's users are constantly getting phishing mails, text messages,... Also, recently it seems like somebody succeeded in contaminating amazon's stock with pre-initialised device(s). I'm not saying this is the case here... New vulnerability's get found all the time (well, not for hw wallets per sé, but in general) so in theory it is possible you fell victim to a new vulnerability. This being said: odds are bigger someone got their hands on your seed or your physical device... EDIT: by the way, i'm not victim-blaming here... I'm relatively strict when it comes to opsec (not as strict as some other members, but still, i think i do OK), but a while ago i almost fell for an obvious scam myself: my grandmother passed away (she was 92 years old at the time, so i guess she had a full life) and while being numb after here passing i didn't pay as close attention as i usually do, and i almost fell for a trap... What i'm trying to say: everybody has his weak moments... Never say it's impossible that you fell for a phishing attack or an evil maid attack, or an inventory attack.. It only takes one moment without your full attention to fall victim. I bought my device 2.5 years ago. I haven't got any phishing emails until this morning which reminded me about my crypto's. I logged into my account just to how my crypto's were going. I didn't click on links in that email or replied back. Furthermore I haven't received any text messages related to crypto. No idea how this can happen as it seems like someone was aware that in that exact moment for the first time in many months I logged in - shortly after the funds left my account - which I guess underlines that the recovery phrase wasn't in use?
|
|
|
|
mocacinno
Legendary
Offline
Activity: 3570
Merit: 5233
https://merel.mobi => buy facemasks with BTC/LTC
|
--snip-- I bought my device 2.5 years ago. I haven't got any phishing emails until this morning which reminded me about my crypto's. I logged into my account just to how my crypto's were going. I didn't click on links in that email or replied back. Furthermore I haven't received any text messages related to crypto.
No idea how this can happen as it seems like someone was aware that in that exact moment for the first time in many months I logged in - shortly after the funds left my account - which I guess underlines that the recovery phrase wasn't in use?
As a summary, it it correct to assume the following: - you bought the nano S about 2,5 years ago
- you funded your addresses a long time ago
- this morning, you received an email
- after receiving the email, you checked your hw wallet, and shortly after this, you got robbed
Some follow-up questions: this morning, when you received said mail, just before you were robbed: - did you click any link in said mail? It doesn't even matter if you closed the browser window afterwards, but did you click the link?
- just before you got robbed, did you physically touch the piece of paper used to write down your seed phrase? If so: what was the reason?
- did you install any program on your pc recently?
- just before you got robbed, did you create a tx for any altcoin(s) using your ledger?
- just before you got robbed, did you spend any BTC from your ledger? (i'm thinking about copy/paste virusses here)
- are you running the latest version of ledger live and an updated version of ledger's firmware?
Let's say it was a Trojan horse and everything which I did that day was captured by a thief. I guess the person still needs to confirm the transactions physically on the Nano device?
Well, he either got you to confirm the transaction (potentially by abusing the vulnerability i talked about in my previous post... You could have been thinking you were signing a tx to send 3 DOGE, but sent 3 BTC instead due to the vulnerability) OR the thief got your seed phrase... IF he had your seed phrase, you wouldn't have to confirm anything... The seed phrase is used to calculate the xprv, the private keys get derived from this xprv. Anybody who has your seed can restore it into any wallet he wants, and spend your funds without you having to confirm anything. Once again: i'm not victim blaming... For what it's worth, you could have had the worst opsec in human history, that still didn't give the thief any entitlement to your funds. You were robbed, you are the victim here... Anything I ask is because i've been around for a while, and believe it or not: i do have some experience in this field... And from my experience, the odds somebody phished you, or had access to your physical device, or found your seed phrase an other way, or installed a copy/paste virus on your device are far greater than the odds of a firmware vulnerability. This does not mean a firmware vulnerability is impossible: i'm just relying on my experience and telling you what the biggest odds are... I mean: i've seen loads of people with good opsec getting phished... I've seen people that suddenly remember they saved a picture of their seed on their dropbox ages ago... I've seen people that suddenly remember they sent funds while they were drunk... I've seen people that got confused with change addresses... I've seen people getting confused when splitting their coins into BTC and BCH... I've seen people falling victim to copy/paste virusses by signing tx's without verifying which addres they were going to fund... But I haven't seen that many people that fell victim to a HW wallet vulnerability that couldn't been avoided by good opsec... Maybe once or twice: i can't remember a single one i've personally met, but i have a bad memory...
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
November 24, 2020, 12:41:44 PM |
|
As a summary, it it correct to assume the following: - you bought the nano S about 2,5 years ago
- you funded your addresses a long time ago
- this morning, you received an email
- after receiving the email, you checked your hw wallet, and shortly after this, you got robbed
Not exactly. OP logged in today after receiving an email. But his funds were stolen 1 month ago (29th October), roughly 30 minutes (a guess from OP) after logging in. That's at least the information according to the OP: Today this morning I logged in to my Ledger Live (using Ledger Nano S) [...] since I was logged in last time on 29th of October. [...] all my funds were sent away from my wallet on the 29th of October(!) with 7 minutes between the transactions. Probably within 30 minutes after I logged into the wallet.
OP, in addition to the questions of mocacinno, could you please also answer these: - Does anyone have access to your hardware wallet ?
- Is your PIN truly random and no one could guess it ?
- Does your Nano look like it has been tampered with (case being opened) ?
|
|
|
|
Lucius
Legendary
Offline
Activity: 3416
Merit: 6149
Crypto Swap Exchange🈺
|
|
November 24, 2020, 01:55:47 PM |
|
I'm having my recovery phrase - the paper file - stored in my home office in a folder between random documents where only family have access.
Although it is not easy to suspect any of your family members, the way you kept your seed leaves enough doubt that any of them (or their acquaintances) came into possession of that information. Why the funds disappeared after you last logged in to Ledger Live remains a question, maybe it's just a coincidence or someone wanted you to think so.
I have obviously reported this as a crime to the Police here in Denmark as well as reached out to Ledger's Support through their standard formular. Awaiting their feedback.
In that case, the police should do their part and determine if anyone has touched the paper on which the seed is (check the prints), and if anyone other than family members has entered your office. Furthermore, your computer should be thoroughly checked by someone who knows what to look for. What's even more important is to follow the trail left by the hacker, which means to find out where the stolen coins ended up - so if you want to post both transactions it may help, of course be aware that this can always be a privacy issue.
|
|
|
|
KrJS81 (OP)
Newbie
Offline
Activity: 8
Merit: 3
|
|
November 24, 2020, 01:56:46 PM |
|
As a summary, it it correct to assume the following: - you bought the nano S about 2,5 years ago
- you funded your addresses a long time ago
- this morning, you received an email
- after receiving the email, you checked your hw wallet, and shortly after this, you got robbed
Not exactly. OP logged in today after receiving an email. But his funds were stolen 1 month ago (29th October), roughly 30 minutes (a guess from OP) after logging in. That's at least the information according to the OP: Today this morning I logged in to my Ledger Live (using Ledger Nano S) [...] since I was logged in last time on 29th of October. [...] all my funds were sent away from my wallet on the 29th of October(!) with 7 minutes between the transactions. Probably within 30 minutes after I logged into the wallet.
--snip-- I bought my device 2.5 years ago. I haven't got any phishing emails until this morning which reminded me about my crypto's. I logged into my account just to how my crypto's were going. I didn't click on links in that email or replied back. Furthermore I haven't received any text messages related to crypto.
No idea how this can happen as it seems like someone was aware that in that exact moment for the first time in many months I logged in - shortly after the funds left my account - which I guess underlines that the recovery phrase wasn't in use?
As a summary, it it correct to assume the following: - you bought the nano S about 2,5 years ago
- you funded your addresses a long time ago
- this morning, you received an email
- after receiving the email, you checked your hw wallet, and shortly after this, you got robbed
Some follow-up questions: this morning, when you received said mail, just before you were robbed: - did you click any link in said mail? It doesn't even matter if you closed the browser window afterwards, but did you click the link?
- just before you got robbed, did you physically touch the piece of paper used to write down your seed phrase? If so: what was the reason?
- did you install any program on your pc recently?
- just before you got robbed, did you create a tx for any altcoin(s) using your ledger?
- just before you got robbed, did you spend any BTC from your ledger? (i'm thinking about copy/paste virusses here)
- are you running the latest version of ledger live and an updated version of ledger's firmware?
Let's say it was a Trojan horse and everything which I did that day was captured by a thief. I guess the person still needs to confirm the transactions physically on the Nano device?
Well, he either got you to confirm the transaction (potentially by abusing the vulnerability i talked about in my previous post... You could have been thinking you were signing a tx to send 3 DOGE, but sent 3 BTC instead due to the vulnerability) OR the thief got your seed phrase... IF he had your seed phrase, you wouldn't have to confirm anything... The seed phrase is used to calculate the xprv, the private keys get derived from this xprv. Anybody who has your seed can restore it into any wallet he wants, and spend your funds without you having to confirm anything. Once again: i'm not victim blaming... For what it's worth, you could have had the worst opsec in human history, that still didn't give the thief any entitlement to your funds. You were robbed, you are the victim here... Anything I ask is because i've been around for a while, and believe it or not: i do have some experience in this field... And from my experience, the odds somebody phished you, or had access to your physical device, or found your seed phrase an other way, or installed a copy/paste virus on your device are far greater than the odds of a firmware vulnerability. This does not mean a firmware vulnerability is impossible: i'm just relying on my experience and telling you what the biggest odds are... I mean: i've seen loads of people with good opsec getting phished... I've seen people that suddenly remember they saved a picture of their seed on their dropbox ages ago... I've seen people that suddenly remember they sent funds while they were drunk... I've seen people that got confused with change addresses... I've seen people getting confused when splitting their coins into BTC and BCH... I've seen people falling victim to copy/paste virusses by signing tx's without verifying which addres they were going to fund... But I haven't seen that many people that fell victim to a HW wallet vulnerability that couldn't been avoided by good opsec... Maybe once or twice: i can't remember a single one i've personally met, but i have a bad memory... OP, in addition to the questions of mocacinno, could you please also answer these: - Does anyone have access to your hardware wallet ?
- Is your PIN truly random and no one could guess it ?
- Does your Nano look like it has been tampered with (case being opened) ?
I get your point. I'm trying to figure out how this can happen, recall my Ledger-session that day and whether I had my fingers on the recovery phrase. I don't think it's a matter of the recovery phrase since the fraud happened shortly after I was logged in (for the first time in many months). Coincidence? That day I did not make any tx's - I just checked my balances and tried to figure out, why I could not access my Ethereum balance. That said I did put my fingers on the recovery phrase and put it on my table for a while. And I did leave my desk - maybe with the Ledger device connected. But even if that is the case, how can it happen that the money left my account (as I didn't do anything related to a transaction or approving anything physically other than logging in a couple of times).
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18746
|
|
November 24, 2020, 02:01:10 PM |
|
The fact that you couldn't access your Ethereum accounts without an update a month ago is suspicious, especially since you were then robbed a few minutes later. Did you update Ledger Live or install any new software at this time?
When you first set up your hardware wallet, did you set it up as a new device with a brand new seed phrase, or did you import a seed phrase from another wallet? Since then, have you ever entered your seed phrase anywhere? (This includes in to Ledger Live, to restore it to another wallet, etc. Anywhere at all?)
Who else would have had access to your seed phrase while it was sitting on your desk? Who else would have had access to your unlocked device while it was connected?
|
|
|
|
mocacinno
Legendary
Offline
Activity: 3570
Merit: 5233
https://merel.mobi => buy facemasks with BTC/LTC
|
|
November 24, 2020, 02:05:07 PM |
|
--snip-- That said I did put my fingers on the recovery phrase and put it on my table for a while. And I did leave my desk - maybe with the Ledger device connected. But even if that is the case, how can it happen that the money left my account (as I didn't do anything related to a transaction or approving anything physically other than logging in a couple of times).
Can you recall why you had the recovery phrase on your table for a while? There must have been a reason for this... I never take my recovery phrase out... I'm not saying you fell victim to phishing, but a month ago there were loads of phising mails going around... They were professionally made, and they pointed to a professional looking site that prompted you to enter your seed phrase for verification purposes.
|
|
|
|
KrJS81 (OP)
Newbie
Offline
Activity: 8
Merit: 3
|
|
November 24, 2020, 02:05:45 PM |
|
I'm having my recovery phrase - the paper file - stored in my home office in a folder between random documents where only family have access.
Although it is not easy to suspect any of your family members, the way you kept your seed leaves enough doubt that any of them (or their acquaintances) came into possession of that information. Why the funds disappeared after you last logged in to Ledger Live remains a question, maybe it's just a coincidence or someone wanted you to think so.
I have obviously reported this as a crime to the Police here in Denmark as well as reached out to Ledger's Support through their standard formular. Awaiting their feedback.
In that case, the police should do their part and determine if anyone has touched the paper on which the seed is (check the prints), and if anyone other than family members has entered your office. Furthermore, your computer should be thoroughly checked by someone who knows what to look for. What's even more important is to follow the trail left by the hacker, which means to find out where the stolen coins ended up - so if you want to post both transactions it may help, of course be aware that this can always be a privacy issue. Thanks and I agree - I rely a lot on the police now and hope they manage to investigate this properly. Not sure whether I risk to blow up something if I share the transaction info?
|
|
|
|
|