Logging in on scam website with ledger nano

[gatz]

Hello,

Today I fell for a scam email that sent me to a copy of stellar website. There I logged in with my ledger nano s through usb. Then I realized that something is fishy, so I disconnected my ledger from laptop, created a new wallet on the same ledger and moved everything from the initial wallet to the 2nd one.
The scam website is similar with the original/ but had .mu at the end
I didn't gave away my secret words or anything inside the website. I just did the normal operations on the ledger (enter ledger pin, open stellar app)

1. I can consider my initial stellar wallet compromised?
2. I can consider my whole ledger nano compromised? if so I should reset the ledger and transfer all crypto assets to new accounts?

Thanks

[1715526833]

1715526833

[1715526833]

1715526833

[1715526833]

1715526833

[HCP]

I would say the answers to #1 and #2 are both: "Most likely not"... I suspect that fake website is designed to either steal Stellar "secret keys" by tricking users into connecting and opening the wallet using that key to connect and/or steal coins by simply getting users to send their coins to a fake "staking" service.

As you connected with the Nano S, the keys will not have been exposed as they are secured within the secure element in the device... and no wallet (or website) is able to extract them. This is the advantage of the hardware wallet... your keys cannot be compromised unless you explicitly type them into the website (or fake app) as they cannot be extract from the device.

[gatz]

Thanks a lot. I figured as much, but I panicked a bit and wanted to be sure.

[bob123]

1. I can consider my initial stellar wallet compromised?
2. I can consider my whole ledger nano compromised? if so I should reset the ledger and transfer all crypto assets to new accounts?

This is only the case if either:
1) you have entered the mnemonic code into the website or
2) there is an unknown vulnerability which allows to compromise the device by opening the application and communicating with it. This is extremely unlikely and shouldn't be considered. Especially because "wasting" such a worthy exploit for an attack like that would be... dumb.

So, in short: No, you are fine. Don't worry.

Don't enter your mnemonic code anywhere and don't confirm things on your nano without knowing what you are doing, and you are fine.

[aoluain]

Hello,

Today I fell for a scam email that sent me to a copy of stellar website. There I logged in with my ledger nano s through usb. Then I realized that something is fishy, so I disconnected my ledger from laptop, created a new wallet on the same ledger and moved everything from the initial wallet to the 2nd one.
The scam website is similar with the original/ but had .mu at the end
I didn't gave away my secret words or anything inside the website. I just did the normal operations on the ledger (enter ledger pin, open stellar app)

1. I can consider my initial stellar wallet compromised?
2. I can consider my whole ledger nano compromised? if so I should reset the ledger and transfer all crypto assets to new accounts?

Thanks

sorry to hear that, this is a reminder that in these very
positive times the scammers are still scamming!

I created this thread last year about a fake ledger
website I came across, I bet so many people get scammed
by these. Here is the link to the thread, I hope it helps
others become aware of the scam.

We have to remember to be vigilant, hopefully you noticed
the scam in time to protect your stellar and wallet.

https://bitcointalk.org/index.php?topic=5205126.msg53198360#msg53198360

good advice from bob123 !

[Pmalek]

That fake Stellar website reminds me of the incident that happened with EtherDelta back in 2017/2018. EtherDelta's DNS servers were compromised and users were redirected to a fake site. The way EtherDelta works is that you need to enter the private key of your Ethereum account on the site. Another way is to initiate a connection with the site through your hardware wallet.

A long story short, those who inserted their private keys, got their tokens stolen. The users who accessed the fake site with a hardware wallet remained safe. That's because there is no known attack vector that would allow a user to remotely steal your crypto from a hardware wallet unless you confirm the transactions physically or hand over your seed.