Stolen ETH from my Ledger

[Cezarysw]

Hello
386.5 ETH was stolen from my Ledger Nano S
8 days ago(Dec-08-2020 01:16:28 PM +UTC) During the transaction of sending 0.17 ETH to the Bitbay exchange account via Ledger Live, it soon turned out that instead of the declared value, the entire cryptocurrency disappeared from my account and was sent to the hacker account 0x453E0c72664AcE9531b995a23b956873D7C777f8.
Today, a few hours ago(Dec-17-2020 02:57:27 AM +UTC) all my cryptocurrency has been transferred to another hacking account again - 0xdA84772B737939Df44367e57D40069801CA5b7F8
I lost all cryptocurrency from my account even though all transaction procedures were shown in the Ledger Live app and hardware wallet display as correct. I have no idea how it could have happened and I lost all hope of recovering the stolen cryptocurrency. I wanted to warn all Ledger owners about the possibility of losing their cryptocurrencies.

https://etherscan.io/tx/0x28ec6619ee4a030520cb2c2f5fe56a9b1caddfb93698c54af9fb5873f50bd017

https://etherscan.io/address/0xda84772b737939df44367e57d40069801ca5b7f8

sorry for my english

[1714937637]

1714937637

[1714937637]

1714937637

[1714937637]

1714937637

[Metroid]

Do you have any idea how you lost?

[Cezarysw]

I have traded with Ledger many times and always carefully. It was probably some hacking attack on my PC, unknown to me. I thought Ledger was safe ...

[sxemini]

I think you write down your ledger passphrase on your pc and some one claimed your passphrase.

[Metroid]

I have traded with Ledger many times and always carefully. It was probably some hacking attack on my PC, unknown to me. I thought Ledger was safe ...

The computer you use for ledger must not in any way be your personal computer with tons of programs and things. Also never put your eggs in just one basket. Maybe it was not even your fault, malware, virus and phishing attacks are very advanced, sorry for your loss, it was a lot of money.

[Cezarysw]

I never store any passphrases for Ledger on my PC.

[Metroid]

The way things are, I advise not to use even the same network as your personal computer if you need to use a cold hardware wallet for transactions. In few years to protect yourself you will need to have at least 5 different networks, right now 2 is okay, 1 is dangerous.

With crypto rising in price, this is a totally new area of cyber attacks.

[NeuroticFish]

Wow, big amount. Really sorry for your loss...

Now some lessons:

1. The funds were not stolen from your Ledger since they've never were there. Ledger basically only signs transactions, the funds are "on the network".

2. In order to have your funds stolen, some conditions have to be met. Either the thief had access to the seed, which I think that's not the case, either he has found a way to trick you and your Ledger. So you should think about this:
2.1. Did you install the ETH app into Ledger from the correct Ledger Live app or you have a malicious clone?
2.2. Did you make your transaction from from the correct Ledger Live app or you have a malicious clone?
2.3. Is your computer malware free?
2.4. Did you try to cash in coins from a forked coin (I don't know if it's the case for ETH, still...)
2.5. Was the wallet created by you newly, from scratch, when you got your Ledger?

The idea is that probably you gave somebody the chance to steal from you, in a way or another 

3. For the future keep in mind to keep on the hardware wallet only funds for near future spending and the HODL funds should stay on addresses based a different seed you can generate with the Hardware wallet, but written down and kept as paper wallet (while the hardware wallet is reset for a new seed).

[miner29]

Im going to ask....

Did you recently do a ledger update?

If yes (last 6 weeks) Was this from within ledger Live software or did you get notification elsewere to update it?

There have been attacks where they send you email or sms or dm and inform you about a new version.  This is actually malware attack.   Only ever update Ledger from within the Ledger Live software itself. 

[Cezarysw]

I did all the updates of Ledger Nano S only with the Ledger Live application. I don't even read or use any SMS, e-mails or links offering updates for any computer's hardware&software.

[mocacinno]

That's really sad to hear... Whatever the reason was, you're a victim of this situation. transactions are irreversible, so the chances of getting your funds back are small. The best you can do is go to the police and file a police report.
Have you contacted ledger support? They're usually pretty helpfull.

This being said, the instances where people lost money due to a bug or vulnerability in their hardware wallet are very, very low. Especially if the enduser is paying attention.

Sure, bugs happen... They're usually not the kind of bugs that put your funds in jeopardy.
Sure, vulnerability's happen.... But the exploitation of these vulnerability's is usually so complex (and usually requires physical access to the device) that i've never met a victim of such an exploit. Also, vulnerability's are usually fixed pretty fast.

The thing is: ledger is using a secure chip. Private keys never touch your online machine (they stay on your hardware wallet). You should be able to use a ledger on an infected PC, as long as you review your transaction on your ledger's screen before signing it, your funds should be safe.
However, either ledger or trezor did have a vulnerability that allowed an attacker to trick a user into signing a "wrong" transaction. The victim would think he was signing a tx transfering 1 LTC, while in reality he was signing a tx transfering 1 BTC. Needless to say, this vulnerability has been fixed.
Did you create other transactions around the time you were robbed?

Now, I don't know what happened in your case, but based on my experience, in case somebody loses his/her funds stored on a decent hardware wallet, it's usually because:

• the victim exposed their seed. Seeds get stored on cloud storage, seeds get stored in emails, seeds get stored on pictures on your phone, seeds get entered due to phishing attacks, pre-initialised wallets get sold by thieves, family members or friends or collegues steal seeds from the paper they're written on
• the victim exposed their xprv (or derived private keys). Usually be exporting xprv or prv and importing it into an other wallet
• there was physical access to their hardware wallet: for example, amazon is notorious for taking back used wallets and putting them back in stock, which allows people to install fake firmware or pre-initialise the device. Also, there are vulnerability's that allow the extraction of date from a trezor if you have physical access to the device
• bad opsec: not installing patches, not paying attention as to where you download software from, not paying attention when signing transactions,...

Once again: i'm not victim blaming. It IS possible you fell victim to an unknown or unpatched vulnerability, and there was no way you could have avoided getting robbed... I'm just saying that if we look at the odds, then we must say the odds are small (but not nonexistant).

So, my advice would still be: open a police report, contact ledger, move your other assets from your ledger to a different secure wallet.

[adaseb]

Basically Ledger they had their email database hacked a few months back. From time to time they are sending phishing emails asking people to go to their website and update their software. The scam is clever because it uses your real first and last name. If you bought an authentic ledger then they stored your email, first name and last name.

The hackers are targetting people and making you click on a link which looks like the real ledger website and they trick you by entering your seed. Most likely this is what the OP is talking about.

Because I can't think of any other way he could of gotten his ETH stolen, even if his PC was full of malware. The ledger email phishing attack should be more in the news to make people aware. But if you got a busy life, don't keep up with crypto news, you might fall prey to this very easily.

[miner29]

Hope he didnt fall for the Uniswap airdrop scam (2nd / 3rd air drop) ive seen numberous times on Discord and other places.  Takes you to a page to enter your eth wallet seed.....

So ya know they can confirm you balance and send you your airdrop....er.....i mean so they can empty your eth wallet......

[DigitalFarns]

Gosh, this is scary.  I'm new to all this, and now I'm second guessing things I've ready concerning securely storing coins. 

I presently don't have any kind of a hardware wallet, I do have the coinbase wallet app on my phone, but nothing in there just yet.  My trivial amounts of crypto are just still in the coinbase account, which as I think I understand it, is NOT a wallet controlled by me, as they don't give you any seeds.  I have had that account for over 3 years, but very little crypto in there.  I am planning to start mining in January, and my plan is to mine and hodl for long term.  I've had a few different recommendations on how I should store these earnings, there are different opinions.  But maybe the way to ask the question is, for a guy getting started, and wanting to work and hodl long term, what is the very best, most secure way to store these coins?  Should I invest in a hardware wallet?  I don't quite understand how you connect to one, if it's meant to be offline, not on your network, etc...  "Cold Wallet" is what I'm reading about. 

If I buy one, how can I ensure that it isn't a return with somebody else's seeds on it?  Is there a way to do a hard reset as soon as you get it to make sure it's safe? 

[miner29]

Gosh, this is scary.  I'm new to all this, and now I'm second guessing things I've ready concerning securely storing coins. 

I presently don't have any kind of a hardware wallet, I do have the coinbase wallet app on my phone, but nothing in there just yet.  My trivial amounts of crypto are just still in the coinbase account, which as I think I understand it, is NOT a wallet controlled by me, as they don't give you any seeds.  I have had that account for over 3 years, but very little crypto in there.  I am planning to start mining in January, and my plan is to mine and hodl for long term.  I've had a few different recommendations on how I should store these earnings, there are different opinions.  But maybe the way to ask the question is, for a guy getting started, and wanting to work and hodl long term, what is the very best, most secure way to store these coins?  Should I invest in a hardware wallet?  I don't quite understand how you connect to one, if it's meant to be offline, not on your network, etc...  "Cold Wallet" is what I'm reading about. 

If I buy one, how can I ensure that it isn't a return with somebody else's seeds on it?  Is there a way to do a hard reset as soon as you get it to make sure it's safe? 

Buy it from the maker....

[mocacinno]

Gosh, this is scary.  I'm new to all this, and now I'm second guessing things I've ready concerning securely storing coins.  

I presently don't have any kind of a hardware wallet, I do have the coinbase wallet app on my phone, but nothing in there just yet.  My trivial amounts of crypto are just still in the coinbase account, which as I think I understand it, is NOT a wallet controlled by me, as they don't give you any seeds.  I have had that account for over 3 years, but very little crypto in there.  I am planning to start mining in January, and my plan is to mine and hodl for long term.  I've had a few different recommendations on how I should store these earnings, there are different opinions.  But maybe the way to ask the question is, for a guy getting started, and wanting to work and hodl long term, what is the very best, most secure way to store these coins?  Should I invest in a hardware wallet?  I don't quite understand how you connect to one, if it's meant to be offline, not on your network, etc...  "Cold Wallet" is what I'm reading about.  

If I buy one, how can I ensure that it isn't a return with somebody else's seeds on it?  Is there a way to do a hard reset as soon as you get it to make sure it's safe?  

Not your keys = not your coins.
I definitely wouldn't use a web wallet like you're doing right now.

A truly cold wallet means a wallet on an airgapped device. Most hardware wallets are connected to your device to receive unsigned transactions, and for sending signed transactions, thus they are not 100% cold. They are still safe tough, since they're created in a way so your keys can never leave the hw wallet.

Basically, if you want secure storage, go for a ledger, a Trezor, an airgapped setup or a properly generated paper wallet .

I buy my hw wallets straight from the ledger or Trezor (never from resellers), check the package for tampering and make sure they're not preinitialized

[Metroid]

....

We don't know how he got his funds stolen, to make sure you dont fall for the same thing, follow simple steps.

1st: never use ledger in your personal computer, the computer you will use ledger must have never been used for another thing other than ledger itself and the OS needs to be installed with the original image from the website itself. There are OS's that are modified, beware of that.
2nd: Make sure nothing in the network is running while ledger is plugged in your ledger specific computer or you can use a second network connection, much safer.
3rd: keep you seedphrase in a fireproof case, this might be very expensive because most are not up for the job. Well, it has many other ways to keep it safe.

[mocacinno]

--snip--
1st: never use ledger in your personal computer, the computer you will use ledger must have never been used for another thing other than ledger itself and the OS needs to be installed with the original image from the website itself. There are OS's that are modified, beware of that.
2nd: Make sure nothing in the network is running while ledger is plugged in your ledger specific computer or you can use a second network connection, much safer.
3rd: keep you seedphrase in a fireproof case, this might be very expensive because most are not up for the job. Well, it has many other ways to keep it safe.

hm... These 3 rules sound a bit paranoid to me... Defenatly NOT bad OPSEC, as a matter of fact, it's good OPSEC. However, if you're going to be THIS paranoid, you're better off with an airgapped setup.

I mean, as soon as you're going to get a dedicated pc for your wallet, just do a clean install, remove the network card (or deinstall the drivers), install the latest version of bitcoin core or electrum by following an airgapped setup walktrough and you'll have a wallet that tops a hw wallet when it comes to security. Just make sure you do it right... There are several ways you can mess up an airgapped setup... Ah, and make sure you keep a backup of your seed or wallet.dat on a couple usb sticks which you only plugin in your offline airgapped machine (and use a strong password to encrypt them)

When it comes to safety, it's more or less (from safest to least safe)

• Properly generated airgapped setup
• Hardware wallet/Properly generated paper wallet (i've seen lots of debates as to which is the safest)
• Desktop wallet (on a legal, clean pc, with AV and firewall)
• Mobile wallet (on a clean mobile)
• Web wallet
• Brain wallet

When it comes to hardware wallets, i'd probably go for these rules:

• Go for a decent hw wallet... Stay with ledger or trezor... There are others, but these 2 brands are the most known
• Buy from trezor or ledger directly
• Make sure the box you receive hasn't been tampered with
• Make sure YOU initialise the device
• An an extra passphrase to your seed... Makes it THAT much harder to bruteforce
• Make sure you don't keep your seed on an online machine... It has to be WRITTEN down
• One or two laminated copies of the paper containing the seed won't hurt, but make sure they're kept in a safe place
• Make sure you always use the latest version of the firmware. Learn how to install firmware
• Make sure you always use the latest version of the wallet software
• Never ever enter your seed on any website... Seeds should ONLY be used for recovering your wallet, and should ONLY be entered on your HW wallet itself
• ALWAYS doublecheck any transaction on the screen of the HW wallet before signing it
• It's always a good idear to keep the device where you plug in your hardware wallet clean... I mean, nobody wants a nasty copy/paste virus that changes addresses by hacker's addresses or something... A virusscanner and firewall won't hurt, and installing random software you found online should be a big no-no... But these things are not specific for hardware wallets
• Make sure nobody has physical access to your hardware wallet...
• Don't brag about how much you hold
• Running your funds trough a mixer or a coinjoin session protects you from a $5 wrench attack... But some exchanges won't like you anymore if they cannot trace your funds...

[philipma1957]

386 eth = 250K

A) I am sorry for your loss
B) 5 trezors with 76 eth coins in each would have been a better choice.
C) I hope you are a very big whale and that this is not more then 10% of your holdings.
D) forget hacking think 5 dollar wrench attack having a 20 coin trezor and a 66 coin trezor in your home may convince them that is all there is.
E) in case of fire a second location is a good idea.  Like a safe deposit box
F]It would have been nice to read that you lost only 36 coins because you have trezors in a bank safety box.

[Metroid]

B) 5 trezors with 76 eth coins in each would have been a better choice.

Thanks for remembering the 4th thing to do.

1st: never use ledger in your personal computer, the computer you will use ledger must have never been used for another thing other than ledger itself and the OS needs to be installed with the original image from the website itself. There are OS's that are modified, beware of that.
2nd: Make sure nothing in the network is running while ledger is plugged in your ledger specific computer or you can use a second network connection, much safer.
3rd: Keep you seedphrase in a fireproof case, this might be very expensive because most are not up for the job. Well, it has many other ways to keep it safe.
4th: Don't put all your eggs in one basket.

This is not paranoic, to make things simpler, you can use the same pc but not the same hard disk, swap disks will work here, a new pc is not needed for this.

[philipma1957]

B) 5 trezors with 76 eth coins in each would have been a better choice.

Thanks for remembering the 4th thing to do.

1st: never use ledger in your personal computer, the computer you will use ledger must have never been used for another thing other than ledger itself and the OS needs to be installed with the original image from the website itself. There are OS's that are modified, beware of that.
2nd: Make sure nothing in the network is running while ledger is plugged in your ledger specific computer or you can use a second network connection, much safer.
3rd: Keep you seedphrase in a fireproof case, this might be very expensive because most are not up for the job. Well, it has many other ways to keep it safe.
4th: Don't put all your eggs in one basket.

This is not paranoic, to make things simpler, you can use the same pc but not the same hard disk, swap disks will work here, a new pc is not needed for this.

or own 2 of these

https://www.ebay.com/itm/Lenovo-M73-Tiny-Mini-Business-Desktop-Intel-Core-i3-i5-Win10-Pro-Customizer/164477569226?

16gb ram 1tb ssd i5 4570t for about 220 well worth the money to hold coins

I have lots of them.

[adaseb]

Whats ironic is that millions of dollars probably went into Ledger research and developement to make it as secure as possible. There was that little bug a few years back if you forgot your PIN someone could bypass it, however a firmware upgrade fixed that. So they didn't overlook anything except their weak point was their web server security.

Web server security would of probably been much much cheaper to make secure than what it cost to make the ledger secure. However a simple email leak with first and last name to cause this much loss even after the individual did their due diligence and bought a hardware wallet in the first place is just sad and not fair.

Losing a quarter of a million dollars which would of been 50% of a house in most places is just crazy.

[arielbit]

B) 5 trezors with 76 eth coins in each would have been a better choice.

Thanks for remembering the 4th thing to do.

1st: never use ledger in your personal computer, the computer you will use ledger must have never been used for another thing other than ledger itself and the OS needs to be installed with the original image from the website itself. There are OS's that are modified, beware of that.
2nd: Make sure nothing in the network is running while ledger is plugged in your ledger specific computer or you can use a second network connection, much safer.
3rd: Keep you seedphrase in a fireproof case, this might be very expensive because most are not up for the job. Well, it has many other ways to keep it safe.
4th: Don't put all your eggs in one basket.

This is not paranoic, to make things simpler, you can use the same pc but not the same hard disk, swap disks will work here, a new pc is not needed for this.

or own 2 of these

https://www.ebay.com/itm/Lenovo-M73-Tiny-Mini-Business-Desktop-Intel-Core-i3-i5-Win10-Pro-Customizer/164477569226?

16gb ram 1tb ssd i5 4570t for about 220 well worth the money to hold coins

I have lots of them.

Yeah use ssd and back up your wallet.

I have a 80gb hdd used in a mining rig...used by the first owner and used by me for 7 years mining...it fell and it died.

[The Crypto Collector]

Hardware wallets are not safe and are the first thing that are targeted since they are used solely for crypto. Instead use an airgapped computer that is NEVER connected to the internet. There is too much room for hardware wallets to be tampered with at the factory, post office, etc. Also Ledger could have done this themselves abut they only selectively scam people so they have a fresh crop of customers.

Luckily you didn't lose much money, only around 11 bitcoins worth of ethereum so you can learn from this and bounce back.

[Metroid]

Hardware wallets are not safe and are the first thing that are targeted since they are used solely for crypto. Instead use an airgapped computer that is NEVER connected to the internet. There is too much room for hardware wallets to be tampered with at the factory, post office, etc. Also Ledger could have done this themselves abut they only selectively scam people so they have a fresh crop of customers.

Luckily you didn't lose much money, only around 11 bitcoins worth of ethereum so you can learn from this and bounce back.

Any loss greater than $1k is significant in my book, just look at this section of the forum, people using celeron to mine in hopes to earn cents, not realizing their electricity spent is more than the cents they earn using the celerons, I know they are stupid but think about if one of those people lost $1k? they would rope themselves and be done with it and to tell you the truth, the op is too sane given he lost a lot lot of money.

Also to me, any cold wallet is not something that you would use all the time for any transaction, actually, you should rarely use it, I advise the use of it to be, 2 to 5 times a year.

[adaseb]

Luckily you didn't lose much money, only around 11 bitcoins worth of ethereum so you can learn from this and bounce back.

I had to load the BTCUSD and see if BTC crashed down to $10 a coin because hearing someone say 11BTC is not alot of money would only make sense if BTC was double digits like in 2012. 11BTC is a significant amount of money. You would need to have a net worth of at least $5Million+ to consider quarter million to be pocket change.

I don't think he will earn it back. Most likely he mined these ETH back when ETH was like $10 a coin and hodl'd. Only spend money on electricity and GPUs. So very little initial investment. Kind of like how everyone who mined BTC back in 2010 is lucky if they held till today. If they lost it all due to a hack, do you think they could earn it back? Probably not.

[arielbit]

Hardware wallets are not safe and are the first thing that are targeted since they are used solely for crypto. Instead use an airgapped computer that is NEVER connected to the internet. There is too much room for hardware wallets to be tampered with at the factory, post office, etc. Also Ledger could have done this themselves abut they only selectively scam people so they have a fresh crop of customers.

Luckily you didn't lose much money, only around 11 bitcoins worth of ethereum so you can learn from this and bounce back.

Any loss greater than $1k is significant in my book, just look at this section of the forum, people using celeron to mine in hopes to earn cents, not realizing their electricity spent is more than the cents they earn using the celerons, I know they are stupid but think about if one of those people lost $1k? they would rope themselves and be done with it and to tell you the truth, the op is too sane given he lost a lot lot of money.

Also to me, any cold wallet is not something that you would use all the time for any transaction, actually, you should rarely use it, I advise the use of it to be, 2 to 5 times a year.

Even better you have hardware wallet you rarely use(bulk of your crypto) and another one you frequently use. If something bad happened to your frequently used hardware wallet(smaller amount of crypto), then you will know that you have something to fix so that your rarely used hardware wallet will be safe..

People just want something to rely on and use with a peace of mind..ledger is somewhat at fault too if people cannot use it with peace of mind.

Remember, always check the address before pressing the "send' button that is all you have to do.

[Metroid]

Even better you have hardware wallet you rarely use(bulk of your crypto) and another one you frequently use. If something bad happened to your frequently used hardware wallet(smaller amount of crypto), then you will know that you have something to fix so that your rarely used hardware wallet will be safe..

People just want something to rely on and use with a peace of mind..ledger is somewhat at fault too if people cannot use it with peace of mind.

Remember, always check the address before pressing the "send' button that is all you have to do.

Yeah, I forgot to mention that too, thanks hehe

[arielbit]

Even better you have hardware wallet you rarely use(bulk of your crypto) and another one you frequently use. If something bad happened to your frequently used hardware wallet(smaller amount of crypto), then you will know that you have something to fix so that your rarely used hardware wallet will be safe..

People just want something to rely on and use with a peace of mind..ledger is somewhat at fault too if people cannot use it with peace of mind.

Remember, always check the address before pressing the "send' button that is all you have to do.

Yeah, I forgot to mention that too, thanks hehe

I also forgot..laziness (which we all have) tends to look for one best solution..but the best solution is always approach security with "LAYERS" .. we may call it as "layered security".

speaking of "forgetting"...that's why "layers", example: you forgot your password, but you have it written somewhere safe

altcoins that don't have hardware wallet support use this (Neo’s SafeKeys - or something similar) as a layer of security. I have a computer that got malware'd but the thief wasn't able to steal because password was protected hehe.

trezor one can also be used to U2F-FIDO (hardware 2fa) your gmail, yahoo, facebook etc. etc. account.....another use of that hardware wallet--> now you have more reasons to get more trezor to spead your coins to different hardware wallets hehe

[DigitalFarns]

So I don't have a hardware wallet yet, only the coinbase wallet app on my phone, which nothing in it yet.  I wanted to move my pennies from coinbase website to the coinbase wallet app, and it costs a fee to do so.  Do you also pay somebody a fee if you move coins from your "frequent use" hardware wallet to your "rarely use" hardware wallet?  I'm wanting to draw up a best practices document for myself, and there's been a lot of detailed information in this thread which I appreciate.  Since my plan is to hodl very long term everything I possibly can, would I want to offload everything I plan to bank for years onto one (or more than one as has been suggested) hardware wallet and keep it locked in my safe?  Pull it out once every few months to dump from my active hardware wallet to the "vault" hardware wallet?  If I'm talking about having multiple hardware wallets over time, does it still make sense to keep the coins on separate wallets if they are all just in a stack in the safe together in one place?  Or if they are all in on place does it makes sense to just keep it all on one device? 

If my home burns down and the safe doesn't protect them, what recourse do I have? 

If I put them in a bank safe deposit box like Phil suggests, same question - if the bank burns down, or is robbed completely...  vault and everything...  what recourse do I have?  As I think I understand it, the hardware wallets are just paperweights without the seed list.  But if one is lost or destroyed, and i still have the seed list, can it be recovered in any way? 

As I am planning to invest and to mine, both as part of my retirement plan in 20 years, I really want to make sure I set myself up right from the beginning to do this as best as possible. 

I'm going to read up on "air gapped" computers today, that's a term I'm unfamiliar with.  I think have a sense of it's context, but I want to understand it better. 

[philipma1957]

So I don't have a hardware wallet yet, only the coinbase wallet app on my phone, which nothing in it yet.  I wanted to move my pennies from coinbase website to the coinbase wallet app, and it costs a fee to do so.  Do you also pay somebody a fee if you move coins from your "frequent use" hardware wallet to your "rarely use" hardware wallet?  I'm wanting to draw up a best practices document for myself, and there's been a lot of detailed information in this thread which I appreciate.  Since my plan is to hodl very long term everything I possibly can, would I want to offload everything I plan to bank for years onto one (or more than one as has been suggested) hardware wallet and keep it locked in my safe?  Pull it out once every few months to dump from my active hardware wallet to the "vault" hardware wallet?  If I'm talking about having multiple hardware wallets over time, does it still make sense to keep the coins on separate wallets if they are all just in a stack in the safe together in one place?  Or if they are all in on place does it makes sense to just keep it all on one device? 

If my home burns down and the safe doesn't protect them, what recourse do I have? 

If I put them in a bank safe deposit box like Phil suggests, same question - if the bank burns down, or is robbed completely...  vault and everything...  what recourse do I have?  As I think I understand it, the hardware wallets are just paperweights without the seed list.  But if one is lost or destroyed, and i still have the seed list, can it be recovered in any way? 

As I am planning to invest and to mine, both as part of my retirement plan in 20 years, I really want to make sure I set myself up right from the beginning to do this as best as possible. 

I'm going to read up on "air gapped" computers today, that's a term I'm unfamiliar with.  I think have a sense of it's context, but I want to understand it better. 

there are hard metal seed savers.  let me find a link

[adaseb]

So I don't have a hardware wallet yet, only the coinbase wallet app on my phone, which nothing in it yet.  I wanted to move my pennies from coinbase website to the coinbase wallet app, and it costs a fee to do so.  Do you also pay somebody a fee if you move coins from your "frequent use" hardware wallet to your "rarely use" hardware wallet?  I'm wanting to draw up a best practices document for myself, and there's been a lot of detailed information in this thread which I appreciate.  Since my plan is to hodl very long term everything I possibly can, would I want to offload everything I plan to bank for years onto one (or more than one as has been suggested) hardware wallet and keep it locked in my safe?  Pull it out once every few months to dump from my active hardware wallet to the "vault" hardware wallet?  If I'm talking about having multiple hardware wallets over time, does it still make sense to keep the coins on separate wallets if they are all just in a stack in the safe together in one place?  Or if they are all in on place does it makes sense to just keep it all on one device? 

If my home burns down and the safe doesn't protect them, what recourse do I have? 

If I put them in a bank safe deposit box like Phil suggests, same question - if the bank burns down, or is robbed completely...  vault and everything...  what recourse do I have?  As I think I understand it, the hardware wallets are just paperweights without the seed list.  But if one is lost or destroyed, and i still have the seed list, can it be recovered in any way? 

As I am planning to invest and to mine, both as part of my retirement plan in 20 years, I really want to make sure I set myself up right from the beginning to do this as best as possible. 

I'm going to read up on "air gapped" computers today, that's a term I'm unfamiliar with.  I think have a sense of it's context, but I want to understand it better. 

Basically you pay a fee whenever the coins are moved from address to address even if you are sending them to yourself. Best time to move coins is when there is no pending transactions and you can get away with a 1 sat/byte fee.

If you want to hodl for years then use a paper wallet like this,
https://www.bitaddress.org/

Save on USB stick, run on offline computer, make a wallet and use BIP38 encryption, print out 2-3 copies, destroy that printer afterwards, and put that in 2-3 different places. Like your house, your car, your bank. If someone sees it, they won't be able to do anything since its encrypted with BIP38.

You don't need a hardware wallet, people were using paper wallet for years without any issues.

[DigitalFarns]

Destroy the printer??

Ok so this paper wallet site is apparently specific to bitcoin, is that correct? My current plan is to mine altcoins, most likely ETH, which I understand I have the option to convert to Bitcoin, but I haven't actually done anything yet.  Plan to get started early in the new year.  Would these same options exist for altcoins as well as bitcoin?

The metal seed savers look cool.  Like the president's nuke codes LOL. 

[Philipma1957cellphone]

Destroy the printer??

Ok so this paper wallet site is apparently specific to bitcoin, is that correct? My current plan is to mine altcoins, most likely ETH, which I understand I have the option to convert to Bitcoin, but I haven't actually done anything yet.  Plan to get started early in the new year.  Would these same options exist for altcoins as well as bitcoin?

The metal seed savers look cool.  Like the president's nuke codes LOL.  

THE  alt coins vary. Some do some don't .

If it is you home printer. Just print a long document it will flood the cache with new info

[adaseb]

Yes the extreme bitcoin maximalists insist on buying some cheap $20 inkjet printer and destroying it afterwards Office Space style to prevent any cache or any faint proceeding print jobs to reveal part of the private key.

If you want an ETH cold storage you can print a paper wallet with MEW. Not sure if its still possible but a few years back that it what I did. However with ETH, I don't know if there is BIP38 encryption so you will need to find a way to excrypt that private key for extra protection in case someone gets a hold of your paper wallet.

[Metroid]

Also your network should not be shared in anyway, many people lose their funds and dont know why, I guess most of those cases are in shared networks, my point is if the hacker or program gets hold of your network then it can change the direction that transaction is going, reason i said a second not used network by any other devices is important.

Also, going forward, cyber attacks will occur more and more as prices of cryptocoins increase, people who live in metropolitan places are the ones that will most suffer from cyber attacks.

[arielbit]

Also your network should not be shared in anyway, many people lose their funds and dont know why, I guess most of those cases are in shared networks, my point is if the hacker or program gets hold of your network then it can change the direction that transaction is going, reason i said a second not used network by any other devices is important.

Also, going forward, cyber attacks will occur more and more as prices of cryptocoins increase, people who live in metropolitan places are the ones that will most suffer from cyber attacks.

The problem with network topic is you can't discuss it with newbs hehe

There are also layers of security for networks, for example know your MACs and IPs and block the rest, firewalls are only as good as you configure them.

I think it is easier for newbs and pros to just look at offline computers and hardware wallet..yes, even pros can miss something hehe

[FP91G]

I sympathize with you.
I don't understand how you can steal cryptocurrency from a ledger.
If you have not interacted with your wallet with other smart contracts, then someone picked up or stole your passphrase.
A hacker attack will not help steal money from the ledger, because you confirm any operation by pressing buttons on the wallet.

[adaseb]

I wish the guy would reply so we can find out how his stuff got stolen. I reread and responses and he said that he never clicked on any links in emails and only did updates from the official ledger site.

So it would be nice to get more info and find out what exactly happened here. Maybe there is some security issue with the hardware wallet itself however I haven’t heard of anything really unless this case.

Other people got theirs stolen because they clicked the fake link and put in their seeds on a private website.

[chup]

Hello
386.5 ETH was stolen from my Ledger Nano S

Yeah, sure. Btctalk rookie with 386 ETH. Keep going...

[P00P135]

Hello
386.5 ETH was stolen from my Ledger Nano S

Yeah, sure. Btctalk rookie with 386 ETH. Keep going...

Why does that seem so far fetched?  You think its just ledger FUD to sell more Trezors? 

[adaseb]

There are reports of another ledger hack which has more personal details leaked. This time the name, phone number, email and address are leaked.

I find it pretty crazy that they would store this stuff online to begin with. I suspect that since email, phone and addresses are leaked then most likely there is going to be lots of SMS sim swap hacks.

So if you are affected disable your SMS 2fa and use google Authenticator instead.

[Rmate]

Hello,
I would like to know what would be the best option to store either eth or btc.
I have read all you said and I understand that an Air Gapped computer would be best but then how do you transfer funds if you need to? My guess is that you only connect it to the internet when you need to, right?  But I think this way the hacker can interfere exactly when you connect it and steal everything .  Maybe 2 networks would solve this problem? I do have 2 networks but from time to time I am forced to use the other one  therefore I dont have a network that it is not used 100%
I have seen that there is an airgap wallet made for tezos, btc,  eth etc. that uses 2 phones . 1 phone for cold storage with no conections (no sim and airplane mode activated probably or even shut down) and the other phone which is your daily phone . I think this would be a better choice because when you do a transaction you can use network from SIM which I suppose that it is more secure. I am not an expert so thats why I want to ask for your opinion but in my mind this seems to be a better way than computers because I know that phone are harder to hack (unless you have an app installed) and also because of SIM network.
Hardware wallets still have to connect to a computer and as we can see in this post they are not really safe... even with an airgapped computer you still need a network to dowload ledger live , update software etc.

In conclusion , am I right about 2 phones being more secure or would it be better to have a hardware wallet (ledger) connected to an airgapped computer? (What I didn't take in consideration is that the app itself could be malicious maybe... I don t know , thats why I ask ) . Sorry if I sound dumb )
If airgapped computer with ledger is the answer can you please tell me what a proper airgap setup would mean and how should I do it?
Thanks in advance!
All the best

EDIT: I seen that moccacino said that with a dedicated pc you dont even need a ledger. "get a dedicated pc for your wallet, just do a clean install, remove the network card (or deinstall the drivers), install the latest version of bitcoin core or electrum by following an airgapped setup walktrough and you'll have a wallet that tops a hw wallet when it comes to security. Just make sure you do it right... There are several ways you can mess up an airgapped setup... Ah, and make sure you keep a backup of your seed or wallet.dat on a couple usb sticks which you only plugin in your offline airgapped machine (and use a strong password to encrypt them"
Just a couple of questions here
1. How to install bitcoin core/electrum without network? Even if you take the file on usb from another computer from what I know a trojan/virus can migrate to that usb and the moment you insert it in your airgap pc its done (I could be very wrong)
2. How to make transactions if there is no connection to internet? (another ISP or is there a way to see if the network is safe? )
3  What it means to have a backup of seed? If I am writing the seed on a paper isn't that enough or going this way you cant recover the wallet with the seed?
4. Where is the password needed ? Folder password for wallet.dat or no ?

[xxcsu]

I hope you never used any "hacked" miner program from this site ... or from somewhere else .
This guys usually offering no miner fee ... free version of claymores or phonix or whatever miner program.
In 2018 , there was  a lot of trash new members here , who freshly registered , and the offered hacked miner programs.
I downloaded some to see what those "free" programs can do , what they offered, just to analyze them , and warn this community, if i see something not oks  ..
I made a mistake , i had a wallet program , Exoudus running in the background ....
 ... and basically those free miner programs opened a door to my computer.
Front of my eyes , my ETH wallet become empty , lucky me , i did not have that much ETH in my wallet .
You can file a complain here :
https://www.ic3.gov/Home/FileComplaint  ,
...but to be honest with you , you probably never going to see those stolen ETH's

[philipma1957]

Hello
386.5 ETH was stolen from my Ledger Nano S

Yeah, sure. Btctalk rookie with 386 ETH. Keep going...

Why does that seem so far fetched?  You think its just ledger FUD to sell more Trezors? 

Well someone smart enough to acquire 386 eth.  Would most likely not store all of it on 1 wallet.

Also op has not posted again.

[Cezarysw]

Hello
386.5 ETH was stolen from my Ledger Nano S

Yeah, sure. Btctalk rookie with 386 ETH. Keep going...

Why does that seem so far fetched?  You think its just ledger FUD to sell more Trezors?  

Well someone smart enough to acquire 386 eth.  Would most likely not store all of it on 1 wallet.

Also op has not posted again.

Hello
386.5 ETH was stolen from my Ledger Nano S

Yeah, sure. Btctalk rookie with 386 ETH. Keep going...

https://mycrypto.com/sign-and-verify-message/sign

{
  "address": "0x4293b5Dc11B250078Da7359D7d57c15EECfcf70a",
  "msg": "it is I, Cezarysw, who am the owner of this account - 21-12-2020 bitcointalk.org",
  "sig": "0xf3d07e118f372e81b5e1b654478eae6cd30ea8c230c675acb1e1ee9de3f4cbaf2de1b07bd97ef 12f5c2b35c6f0edee0dbd2ad85d661c942bf66d2368fc7da7031c",
  "version": "2"
}

https://etherscan.io/tx/0xab9f07e986fecc0274790d81fce7cbbc70e1fab9ba354032c3d1b09bfc7b615e

https://etherscan.io/address/0x453e0c72664ace9531b995a23b956873d7c777f8

{
  "address": "0x4293b5Dc11B250078Da7359D7d57c15EECfcf70a",
  "msg": "\"it is I, Cezarysw, who am the owner of this account - 21-12-2020 09:32 bitcointalk.org",
  "sig": "0xbfbbc5473c45d7800e70dd7c223d2906393ecf2a37f4cbdadc621ae38233ff207be9412623f94 17e1e28c64fd02ab3bde710f2a8c61cc92330147e778a28a2c01c",
  "version": "2"
}

https://mycrypto.com/sign-and-verify-message/verify

[chup]

Hello
386.5 ETH was stolen from my Ledger Nano S

Yeah, sure. Btctalk rookie with 386 ETH. Keep going...

https://mycrypto.com/sign-and-verify-message/sign

{
  "address": "0x4293b5Dc11B250078Da7359D7d57c15EECfcf70a",
  "msg": "it is I, Cezarysw, who am the owner of this account - 21-12-2020 bitcointalk.org",
  "sig": "0xf3d07e118f372e81b5e1b654478eae6cd30ea8c230c675acb1e1ee9de3f4cbaf2de1b07bd97ef 12f5c2b35c6f0edee0dbd2ad85d661c942bf66d2368fc7da7031c",
  "version": "2"
}

https://etherscan.io/tx/0xab9f07e986fecc0274790d81fce7cbbc70e1fab9ba354032c3d1b09bfc7b615e

https://etherscan.io/address/0x453e0c72664ace9531b995a23b956873d7c777f8

Get lost...
Of course Cezarysw is nothing more than Cezarysw:

[Cezarysw]

{
  "address": "0x4293b5Dc11B250078Da7359D7d57c15EECfcf70a",
  "msg": "\"it is I, Cezarysw, who am the owner of this account - 21-12-2020 09:32 bitcointalk.org",
  "sig": "0xbfbbc5473c45d7800e70dd7c223d2906393ecf2a37f4cbdadc621ae38233ff207be9412623f94 17e1e28c64fd02ab3bde710f2a8c61cc92330147e778a28a2c01c",
  "version": "2"
}

https://mycrypto.com/sign-and-verify-message/verify

https://ibb.co/wRhZjzz

[arielbit]

Hello
386.5 ETH was stolen from my Ledger Nano S

Yeah, sure. Btctalk rookie with 386 ETH. Keep going...

Why does that seem so far fetched?  You think its just ledger FUD to sell more Trezors? 

Well someone smart enough to acquire 386 eth.  Would most likely not store all of it on 1 wallet.

Also op has not posted again.

LOL if only the people mining ETH in 2015 is able to see this quarell..you can mine it all in a day with a few 280x hehe

[adaseb]

LOL if only the people mining ETH in 2015 is able to see this quarell..you can mine it all in a day with a few 280x hehe

ETH was extremely profitable to mine (in terms of ETH not USD or actual profit) back in late 2015. It had a good launch and then I think those that bought the ICO ended up dumping everything and at the end of the year I think ETH traded at less than $1.

An R9 280X didn't have any DAG issues with a low epoch, it actually mined at 27-28MH/s however it ate 200 Watts of power. So with $0.10 power, you were mining at a loss but generated 1 ETH per day per 280X.

Imagine mining ETH with a single 280X back in late 2015, to sell at $1400 in Jan 2018? Basically what Satoshi felt pretty much. However most like me either didn't mine at a loss or they mined and sold when ETH hit $10 or $20.

To mine at $1 a coin and sell at $1000 is extremely rare.

[fabry1999]

I had the same problem on 21 January 2019 I receive a replacement for my Ledger Nano S due the firmware upgrade, after the initial setup I move 1.9678 BTC to my Ledger than I have stored the key on safe place, a few weeks later I connect my Ledger in order to move some coins and I discovered than my balance was 0.
I checked the transaction and I find that on 29 January 2019 that someone has move all my BTC to this address:

36bbmZdw73MCN93qWE69X4pcJ3AS6dH3Rj

this is the TX ID: 8629187cb30f4e1facf5ba03f7426b19f2270aa4a48e299e10ff3b851d7de7ea

I never been able to have back my BTC

[MajedPro]

it is possible to prevent a transaction before it gets confirmed using double spend (RBF) Replace-By-Fee method with higher network fee!

[Metroid]

I had the same problem on 21 January 2019 I receive a replacement for my Ledger Nano S due the firmware upgrade, after the initial setup I move 1.9678 BTC to my Ledger than I have stored the key on safe place, a few weeks later I connect my Ledger in order to move some coins and I discovered than my balance was 0.
I checked the transaction and I find that on 29 January 2019 that someone has move all my BTC to this address:

36bbmZdw73MCN93qWE69X4pcJ3AS6dH3Rj

this is the TX ID: 8629187cb30f4e1facf5ba03f7426b19f2270aa4a48e299e10ff3b851d7de7ea

I never been able to have back my BTC

Probably your ledger nano was not genuine, hackers and scammers have been selling a modified version, beware.

[P00P135]

https://cryptopotato.com/ledger-user-database-dumped-online-targeted-phishing-attacks-expected/

[fabry1999]

I had the same problem on 21 January 2019 I receive a replacement for my Ledger Nano S due the firmware upgrade, after the initial setup I move 1.9678 BTC to my Ledger than I have stored the key on safe place, a few weeks later I connect my Ledger in order to move some coins and I discovered than my balance was 0.
I checked the transaction and I find that on 29 January 2019 that someone has move all my BTC to this address:

36bbmZdw73MCN93qWE69X4pcJ3AS6dH3Rj

this is the TX ID: 8629187cb30f4e1facf5ba03f7426b19f2270aa4a48e299e10ff3b851d7de7ea

I never been able to have back my BTC

Probably your ledger nano was not genuine, hackers and scammers have been selling a modified version, beware.

I have receive the ledger directly from them

[Pepe Tycoon]

I suspect someone that is working where ledger stores and ships their wallets is swapping out ledgers with tampered ones.

LOL if only the people mining ETH in 2015 is able to see this quarell..you can mine it all in a day with a few 280x hehe

ETH was extremely profitable to mine (in terms of ETH not USD or actual profit) back in late 2015. It had a good launch and then I think those that bought the ICO ended up dumping everything and at the end of the year I think ETH traded at less than $1.

An R9 280X didn't have any DAG issues with a low epoch, it actually mined at 27-28MH/s however it ate 200 Watts of power. So with $0.10 power, you were mining at a loss but generated 1 ETH per day per 280X.

Imagine mining ETH with a single 280X back in late 2015, to sell at $1400 in Jan 2018? Basically what Satoshi felt pretty much. However most like me either didn't mine at a loss or they mined and sold when ETH hit $10 or $20.

To mine at $1 a coin and sell at $1000 is extremely rare.

Imagine being part of the ethereum "team" and getting the majority of premined ethereum with very little work. Many of those team members did next to nothing and got huge bags of ethereum for it.

[vapourminer]

You don't need a hardware wallet, people were using paper wallet for years without any issues.

well one time i had the paper wallet folded in such a way that eventually a crease mangled some letters in a private key. it wasnt a trivial amount so i wasnt exactly happy that i had not thought about folds damaging letters when storing it.

took a while to sort it out. im more careful now.

[chup]

I had the same problem on 21 January 2019 I receive a replacement for my Ledger Nano S due the firmware upgrade, ...

Do You mind explaining "replacement due firmware upgrade"?

[deadsix]

Imagine mining ETH with a single 280X back in late 2015, to sell at $1400 in Jan 2018? Basically what Satoshi felt pretty much. However most like me either didn't mine at a loss or they mined and sold when ETH hit $10 or $20.

To mine at $1 a coin and sell at $1000 is extremely rare.

Is that a personal attack or something ...

[arielbit]

LOL if only the people mining ETH in 2015 is able to see this quarell..you can mine it all in a day with a few 280x hehe

ETH was extremely profitable to mine (in terms of ETH not USD or actual profit) back in late 2015. It had a good launch and then I think those that bought the ICO ended up dumping everything and at the end of the year I think ETH traded at less than $1.

An R9 280X didn't have any DAG issues with a low epoch, it actually mined at 27-28MH/s however it ate 200 Watts of power. So with $0.10 power, you were mining at a loss but generated 1 ETH per day per 280X.

Imagine mining ETH with a single 280X back in late 2015, to sell at $1400 in Jan 2018? Basically what Satoshi felt pretty much. However most like me either didn't mine at a loss or they mined and sold when ETH hit $10 or $20.

To mine at $1 a coin and sell at $1000 is extremely rare.

i don't know and i forgot the numbers but i said this in 2015 heheh

Thanks for the info! I'm mining right now around 13 Mh/s. It's severely non-profitable. Which has me wondering why? Even more so, why are so many people hashing away and perfectly fine with losing money? Faith?

That depends on your power price and hardware.

lol youd be better off mining a coin with a lower diff with that hashrate....

Lower diff usually means lower price. Not that there aren't more profitable X11 coins to mine than DASH, currently. IMO, it's stupid to mine DASH in this case, even if you want DASH - instead, mine something else, sell it, buy DASH, and you end up with more DASH than you would have had, had you mined it directly.

Wolf0 is right mine other coin.......no more coins, better buy..it is all about buying the coins produced by the POS masternodes. POW is still there to make dash look more legit.

try ethereum it is more profitable, the coins move so fast dash's instantx is not that great anymore  

anyway.. I think some people, start instamining and mining early and storing their stash for "cold storage" because of the success of BTC, a lot of people did it with many altcoins, the only problem is their "cold storage" became as cold as dead LOL, I think some got lucky with ETH  

[fabry1999]

I had the same problem on 21 January 2019 I receive a replacement for my Ledger Nano S due the firmware upgrade, ...

Do You mind explaining "replacement due firmware upgrade"?

Because the old hardware version of Nano S should be replace in order to upgrade the firmware

[miner29]

I had the same problem on 21 January 2019 I receive a replacement for my Ledger Nano S due the firmware upgrade, ...

Do You mind explaining "replacement due firmware upgrade"?

Because the old hardware version of Nano S should be replace in order to upgrade the firmware

Um that has not been my experience.  Mine is an original Nano S still working just fine.  All firmware upgrades have been done through the ledger app and only through the official app.
I think you found your issue.

[melpheos]

Usually when crypto are stolen they are quickly moved from the wallet to a cryto exchange to be converted to cash.
In the present case, the ETH are still present on the destination wallet so I'm not convinced this is the actions of a hacker

[Coin_trader]

Usually when crypto are stolen they are quickly moved from the wallet to a cryto exchange to be converted to cash.
In the present case, the ETH are still present on the destination wallet so I'm not convinced this is the actions of a hacker

Are the hacker that you are describing are those self proclaimed hacker under there mom's basement? Hacker usually send the funds to a mixer before they send it to exchange. There is no hacker in the right mind that will send hacked funds directly to an exchange which might lead to reveal there identity. All transaction that sends to exchange can be tracked and most of the exchange requires KYC nowadays.

[melpheos]

Usually when crypto are stolen they are quickly moved from the wallet to a cryto exchange to be converted to cash.
In the present case, the ETH are still present on the destination wallet so I'm not convinced this is the actions of a hacker

Are the hacker that you are describing are those self proclaimed hacker under there mom's basement? Hacker usually send the funds to a mixer before they send it to exchange. There is no hacker in the right mind that will send hacked funds directly to an exchange which might lead to reveal there identity. All transaction that sends to exchange can be tracked and most of the exchange requires KYC nowadays.

Of course but what I obviously meant is that funds do not stay on an address for more than a day after the hack

[DrX]

https://www.ledger.com/message-ledgers-ceo-data-leak

[onegiantcock]

I'd send a message to https://twitter.com/vitalikbuterin about this.  Not that he'd fork ETH to get your coin back, but you never know.

[adaseb]

I'd send a message to https://twitter.com/vitalikbuterin about this.  Not that he'd fork ETH to get your coin back, but you never know.

I am pretty sure he wouldn’t do a chain rollback just to recover one theft. It would pretty much destroy the coin and this is what happened back in 2016 with the DAO hack.

Basically it almost destroyed the coin because it went from decentralized state to a centralized state. This is the reason why ETC exists today. Those stolen coins are still circulating on the ETC and the hacker sold off a small percentage of them. So tweeting him won’t get anything done but might spread awareness of the ledger phishing attacks to prevent more thefts.

[rdbase]

I have traded with Ledger many times and always carefully. It was probably some hacking attack on my PC, unknown to me. I thought Ledger was safe ...

The ledger isn't really safe from the recent articles surfacing about the company which had a major data breach back in July of this year. Yet they hadn't done much to secure their devices nor protect their customers.
Could these email addresses that had been published to a subsequent forum be used to get those ledger users to click on link so whenever they connect their ledger to their pc to upgrade or whatever they want to do with it, it copies an address which is the hackers deposit address instead?
Who knows but that's what it sounds like happened to your crypto located this ledger, a so called secure&safe wallet.

[adaseb]

I have traded with Ledger many times and always carefully. It was probably some hacking attack on my PC, unknown to me. I thought Ledger was safe ...

The ledger isn't really safe from the recent articles surfacing about the company which had a major data breach back in July of this year. Yet they hadn't done much to secure their devices nor protect their customers.
Could these email addresses that had been published to a subsequent forum be used to get those ledger users to click on link so whenever they connect their ledger to their pc to upgrade or whatever they want to do with it, it copies an address which is the hackers deposit address instead?
Who knows but that's what it sounds like happened to your crypto located this ledger, a so called secure&safe wallet.

The way that hardware wallets work is that they have a display and it shows the destination address, so if the computer gets infected with a virus which can change the destination address to the hackers, like the old clipboard attack, you will notice it on the screen on the hardware wallet. Most people check this before they proceed with the transaction.

But if you click a link, which modifies the firmware of your HW then its possible that it can display a fake link and send it to the hackers address instead. No idea how these people are getting all their coins stolen all of a sudden. Maybe some rogue employee patched fake firmware on certain HW from the factory, who knows.