Stolen ETH from my Ledger

[Cezarysw]

Hello
386.5 ETH was stolen from my Ledger Nano S
8 days ago(Dec-08-2020 01:16:28 PM +UTC) During the transaction of sending 0.17 ETH to the Bitbay exchange account via Ledger Live, it soon turned out that instead of the declared value, the entire cryptocurrency disappeared from my account and was sent to the hacker account 0x453E0c72664AcE9531b995a23b956873D7C777f8.
Today, a few hours ago(Dec-17-2020 02:57:27 AM +UTC) all my cryptocurrency has been transferred to another hacking account again - 0xdA84772B737939Df44367e57D40069801CA5b7F8
I lost all cryptocurrency from my account even though all transaction procedures were shown in the Ledger Live app and hardware wallet display as correct. I have no idea how it could have happened and I lost all hope of recovering the stolen cryptocurrency. I wanted to warn all Ledger owners about the possibility of losing their cryptocurrencies.

https://etherscan.io/tx/0x28ec6619ee4a030520cb2c2f5fe56a9b1caddfb93698c54af9fb5873f50bd017

https://etherscan.io/address/0xda84772b737939df44367e57d40069801ca5b7f8

sorry for my english

[Metroid]

Do you have any idea how you lost?

[Cezarysw]

I have traded with Ledger many times and always carefully. It was probably some hacking attack on my PC, unknown to me. I thought Ledger was safe ...

[sxemini]

I think you write down your ledger passphrase on your pc and some one claimed your passphrase.

[Metroid]

I have traded with Ledger many times and always carefully. It was probably some hacking attack on my PC, unknown to me. I thought Ledger was safe ...

The computer you use for ledger must not in any way be your personal computer with tons of programs and things. Also never put your eggs in just one basket. Maybe it was not even your fault, malware, virus and phishing attacks are very advanced, sorry for your loss, it was a lot of money.

[Cezarysw]

I never store any passphrases for Ledger on my PC.

[Metroid]

The way things are, I advise not to use even the same network as your personal computer if you need to use a cold hardware wallet for transactions. In few years to protect yourself you will need to have at least 5 different networks, right now 2 is okay, 1 is dangerous.

With crypto rising in price, this is a totally new area of cyber attacks.

[NeuroticFish]

Wow, big amount. Really sorry for your loss...

Now some lessons:

1. The funds were not stolen from your Ledger since they've never were there. Ledger basically only signs transactions, the funds are "on the network".

2. In order to have your funds stolen, some conditions have to be met. Either the thief had access to the seed, which I think that's not the case, either he has found a way to trick you and your Ledger. So you should think about this:
2.1. Did you install the ETH app into Ledger from the correct Ledger Live app or you have a malicious clone?
2.2. Did you make your transaction from from the correct Ledger Live app or you have a malicious clone?
2.3. Is your computer malware free?
2.4. Did you try to cash in coins from a forked coin (I don't know if it's the case for ETH, still...)
2.5. Was the wallet created by you newly, from scratch, when you got your Ledger?

The idea is that probably you gave somebody the chance to steal from you, in a way or another 

3. For the future keep in mind to keep on the hardware wallet only funds for near future spending and the HODL funds should stay on addresses based a different seed you can generate with the Hardware wallet, but written down and kept as paper wallet (while the hardware wallet is reset for a new seed).

[miner29]

Im going to ask....

Did you recently do a ledger update?

If yes (last 6 weeks) Was this from within ledger Live software or did you get notification elsewere to update it?

There have been attacks where they send you email or sms or dm and inform you about a new version.  This is actually malware attack.   Only ever update Ledger from within the Ledger Live software itself. 

[Cezarysw]

I did all the updates of Ledger Nano S only with the Ledger Live application. I don't even read or use any SMS, e-mails or links offering updates for any computer's hardware&software.

[mocacinno]

That's really sad to hear... Whatever the reason was, you're a victim of this situation. transactions are irreversible, so the chances of getting your funds back are small. The best you can do is go to the police and file a police report.
Have you contacted ledger support? They're usually pretty helpfull.

This being said, the instances where people lost money due to a bug or vulnerability in their hardware wallet are very, very low. Especially if the enduser is paying attention.

Sure, bugs happen... They're usually not the kind of bugs that put your funds in jeopardy.
Sure, vulnerability's happen.... But the exploitation of these vulnerability's is usually so complex (and usually requires physical access to the device) that i've never met a victim of such an exploit. Also, vulnerability's are usually fixed pretty fast.

The thing is: ledger is using a secure chip. Private keys never touch your online machine (they stay on your hardware wallet). You should be able to use a ledger on an infected PC, as long as you review your transaction on your ledger's screen before signing it, your funds should be safe.
However, either ledger or trezor did have a vulnerability that allowed an attacker to trick a user into signing a "wrong" transaction. The victim would think he was signing a tx transfering 1 LTC, while in reality he was signing a tx transfering 1 BTC. Needless to say, this vulnerability has been fixed.
Did you create other transactions around the time you were robbed?

Now, I don't know what happened in your case, but based on my experience, in case somebody loses his/her funds stored on a decent hardware wallet, it's usually because:

• the victim exposed their seed. Seeds get stored on cloud storage, seeds get stored in emails, seeds get stored on pictures on your phone, seeds get entered due to phishing attacks, pre-initialised wallets get sold by thieves, family members or friends or collegues steal seeds from the paper they're written on
• the victim exposed their xprv (or derived private keys). Usually be exporting xprv or prv and importing it into an other wallet
• there was physical access to their hardware wallet: for example, amazon is notorious for taking back used wallets and putting them back in stock, which allows people to install fake firmware or pre-initialise the device. Also, there are vulnerability's that allow the extraction of date from a trezor if you have physical access to the device
• bad opsec: not installing patches, not paying attention as to where you download software from, not paying attention when signing transactions,...

Once again: i'm not victim blaming. It IS possible you fell victim to an unknown or unpatched vulnerability, and there was no way you could have avoided getting robbed... I'm just saying that if we look at the odds, then we must say the odds are small (but not nonexistant).

So, my advice would still be: open a police report, contact ledger, move your other assets from your ledger to a different secure wallet.

[adaseb]

Basically Ledger they had their email database hacked a few months back. From time to time they are sending phishing emails asking people to go to their website and update their software. The scam is clever because it uses your real first and last name. If you bought an authentic ledger then they stored your email, first name and last name.

The hackers are targetting people and making you click on a link which looks like the real ledger website and they trick you by entering your seed. Most likely this is what the OP is talking about.

Because I can't think of any other way he could of gotten his ETH stolen, even if his PC was full of malware. The ledger email phishing attack should be more in the news to make people aware. But if you got a busy life, don't keep up with crypto news, you might fall prey to this very easily.

[miner29]

Hope he didnt fall for the Uniswap airdrop scam (2nd / 3rd air drop) ive seen numberous times on Discord and other places.  Takes you to a page to enter your eth wallet seed.....

So ya know they can confirm you balance and send you your airdrop....er.....i mean so they can empty your eth wallet......

[DigitalFarns]

Gosh, this is scary.  I'm new to all this, and now I'm second guessing things I've ready concerning securely storing coins. 

I presently don't have any kind of a hardware wallet, I do have the coinbase wallet app on my phone, but nothing in there just yet.  My trivial amounts of crypto are just still in the coinbase account, which as I think I understand it, is NOT a wallet controlled by me, as they don't give you any seeds.  I have had that account for over 3 years, but very little crypto in there.  I am planning to start mining in January, and my plan is to mine and hodl for long term.  I've had a few different recommendations on how I should store these earnings, there are different opinions.  But maybe the way to ask the question is, for a guy getting started, and wanting to work and hodl long term, what is the very best, most secure way to store these coins?  Should I invest in a hardware wallet?  I don't quite understand how you connect to one, if it's meant to be offline, not on your network, etc...  "Cold Wallet" is what I'm reading about. 

If I buy one, how can I ensure that it isn't a return with somebody else's seeds on it?  Is there a way to do a hard reset as soon as you get it to make sure it's safe? 

[miner29]

Gosh, this is scary.  I'm new to all this, and now I'm second guessing things I've ready concerning securely storing coins. 

I presently don't have any kind of a hardware wallet, I do have the coinbase wallet app on my phone, but nothing in there just yet.  My trivial amounts of crypto are just still in the coinbase account, which as I think I understand it, is NOT a wallet controlled by me, as they don't give you any seeds.  I have had that account for over 3 years, but very little crypto in there.  I am planning to start mining in January, and my plan is to mine and hodl for long term.  I've had a few different recommendations on how I should store these earnings, there are different opinions.  But maybe the way to ask the question is, for a guy getting started, and wanting to work and hodl long term, what is the very best, most secure way to store these coins?  Should I invest in a hardware wallet?  I don't quite understand how you connect to one, if it's meant to be offline, not on your network, etc...  "Cold Wallet" is what I'm reading about. 

If I buy one, how can I ensure that it isn't a return with somebody else's seeds on it?  Is there a way to do a hard reset as soon as you get it to make sure it's safe? 

Buy it from the maker....

[mocacinno]

Gosh, this is scary.  I'm new to all this, and now I'm second guessing things I've ready concerning securely storing coins.  

I presently don't have any kind of a hardware wallet, I do have the coinbase wallet app on my phone, but nothing in there just yet.  My trivial amounts of crypto are just still in the coinbase account, which as I think I understand it, is NOT a wallet controlled by me, as they don't give you any seeds.  I have had that account for over 3 years, but very little crypto in there.  I am planning to start mining in January, and my plan is to mine and hodl for long term.  I've had a few different recommendations on how I should store these earnings, there are different opinions.  But maybe the way to ask the question is, for a guy getting started, and wanting to work and hodl long term, what is the very best, most secure way to store these coins?  Should I invest in a hardware wallet?  I don't quite understand how you connect to one, if it's meant to be offline, not on your network, etc...  "Cold Wallet" is what I'm reading about.  

If I buy one, how can I ensure that it isn't a return with somebody else's seeds on it?  Is there a way to do a hard reset as soon as you get it to make sure it's safe?  

Not your keys = not your coins.
I definitely wouldn't use a web wallet like you're doing right now.

A truly cold wallet means a wallet on an airgapped device. Most hardware wallets are connected to your device to receive unsigned transactions, and for sending signed transactions, thus they are not 100% cold. They are still safe tough, since they're created in a way so your keys can never leave the hw wallet.

Basically, if you want secure storage, go for a ledger, a Trezor, an airgapped setup or a properly generated paper wallet .

I buy my hw wallets straight from the ledger or Trezor (never from resellers), check the package for tampering and make sure they're not preinitialized

[Metroid]

....

We don't know how he got his funds stolen, to make sure you dont fall for the same thing, follow simple steps.

1st: never use ledger in your personal computer, the computer you will use ledger must have never been used for another thing other than ledger itself and the OS needs to be installed with the original image from the website itself. There are OS's that are modified, beware of that.
2nd: Make sure nothing in the network is running while ledger is plugged in your ledger specific computer or you can use a second network connection, much safer.
3rd: keep you seedphrase in a fireproof case, this might be very expensive because most are not up for the job. Well, it has many other ways to keep it safe.

[mocacinno]

--snip--
1st: never use ledger in your personal computer, the computer you will use ledger must have never been used for another thing other than ledger itself and the OS needs to be installed with the original image from the website itself. There are OS's that are modified, beware of that.
2nd: Make sure nothing in the network is running while ledger is plugged in your ledger specific computer or you can use a second network connection, much safer.
3rd: keep you seedphrase in a fireproof case, this might be very expensive because most are not up for the job. Well, it has many other ways to keep it safe.

hm... These 3 rules sound a bit paranoid to me... Defenatly NOT bad OPSEC, as a matter of fact, it's good OPSEC. However, if you're going to be THIS paranoid, you're better off with an airgapped setup.

I mean, as soon as you're going to get a dedicated pc for your wallet, just do a clean install, remove the network card (or deinstall the drivers), install the latest version of bitcoin core or electrum by following an airgapped setup walktrough and you'll have a wallet that tops a hw wallet when it comes to security. Just make sure you do it right... There are several ways you can mess up an airgapped setup... Ah, and make sure you keep a backup of your seed or wallet.dat on a couple usb sticks which you only plugin in your offline airgapped machine (and use a strong password to encrypt them)

When it comes to safety, it's more or less (from safest to least safe)

• Properly generated airgapped setup
• Hardware wallet/Properly generated paper wallet (i've seen lots of debates as to which is the safest)
• Desktop wallet (on a legal, clean pc, with AV and firewall)
• Mobile wallet (on a clean mobile)
• Web wallet
• Brain wallet

When it comes to hardware wallets, i'd probably go for these rules:

• Go for a decent hw wallet... Stay with ledger or trezor... There are others, but these 2 brands are the most known
• Buy from trezor or ledger directly
• Make sure the box you receive hasn't been tampered with
• Make sure YOU initialise the device
• An an extra passphrase to your seed... Makes it THAT much harder to bruteforce
• Make sure you don't keep your seed on an online machine... It has to be WRITTEN down
• One or two laminated copies of the paper containing the seed won't hurt, but make sure they're kept in a safe place
• Make sure you always use the latest version of the firmware. Learn how to install firmware
• Make sure you always use the latest version of the wallet software
• Never ever enter your seed on any website... Seeds should ONLY be used for recovering your wallet, and should ONLY be entered on your HW wallet itself
• ALWAYS doublecheck any transaction on the screen of the HW wallet before signing it
• It's always a good idear to keep the device where you plug in your hardware wallet clean... I mean, nobody wants a nasty copy/paste virus that changes addresses by hacker's addresses or something... A virusscanner and firewall won't hurt, and installing random software you found online should be a big no-no... But these things are not specific for hardware wallets
• Make sure nobody has physical access to your hardware wallet...
• Don't brag about how much you hold
• Running your funds trough a mixer or a coinjoin session protects you from a $5 wrench attack... But some exchanges won't like you anymore if they cannot trace your funds...

[philipma1957]

386 eth = 250K

A) I am sorry for your loss
B) 5 trezors with 76 eth coins in each would have been a better choice.
C) I hope you are a very big whale and that this is not more then 10% of your holdings.
D) forget hacking think 5 dollar wrench attack having a 20 coin trezor and a 66 coin trezor in your home may convince them that is all there is.
E) in case of fire a second location is a good idea.  Like a safe deposit box
F]It would have been nice to read that you lost only 36 coins because you have trezors in a bank safety box.

[Metroid]

B) 5 trezors with 76 eth coins in each would have been a better choice.

Thanks for remembering the 4th thing to do.

1st: never use ledger in your personal computer, the computer you will use ledger must have never been used for another thing other than ledger itself and the OS needs to be installed with the original image from the website itself. There are OS's that are modified, beware of that.
2nd: Make sure nothing in the network is running while ledger is plugged in your ledger specific computer or you can use a second network connection, much safer.
3rd: Keep you seedphrase in a fireproof case, this might be very expensive because most are not up for the job. Well, it has many other ways to keep it safe.
4th: Don't put all your eggs in one basket.

This is not paranoic, to make things simpler, you can use the same pc but not the same hard disk, swap disks will work here, a new pc is not needed for this.