FransTheo (OP)
Newbie
Offline
Activity: 2
Merit: 0
|
|
March 11, 2021, 11:46:41 AM |
|
Hello, I bought my Ledger Nano S in December. The Backup words are safely stored on paper in the safe. Nobody else has a copy. On Feb. I transferred some BTC to my Ledger Nano S wallet. The next day all my BTC have been transferred from my wallet (stolen). My Ledger was not connected to my PC. How is this possible? I have no confidence in the Ledger Nano S. Hereby I want to warn other users.
Am I the only one who has dealt with this?
regards,
Frans
|
|
|
|
Mitchell
Staff
Legendary
Offline
Activity: 4102
Merit: 2315
Verified awesomeness ✔
|
|
March 11, 2021, 11:51:49 AM |
|
Did you buy the Ledger Nano S from Ledger themselves? Was the seal intact? Did you write down the seed yourself?
|
| | | . Duelbits | | | ▄████▄▄ ▄█████████▄ ▄█████████████▄ ▄██████████████████▄ ▄████▄▄▄█████████▄▄▄███▄ ▄████▐▀▄▄▀▌██▄█▄██▐▀▄▄▀▌███ ██████▀▀▀▀████▀███▀▀▀▀█████ ▐████████████■▄▄▄■██████████▀ ▐██████████████████████████▀ ██████████████████████████▀ ▀███████████████████████▀ ▀███████████████████▀ ▀███████████████▀ | | | | | . ▄ ▄▄▀▀▀▀▄▄ ▄▀▀▄ █ █ ▀▄ █ ▄█▄ ▀▄ █ ▄▀ ▀▄ ▀█▀ ▄▀ ▀█▄▄▄▀▀ ▀ ▄▀ ▄▀ ▄▀
Live Games | | ▄▄▀▀▀▀▀▀▀▄▄ ▄▀ ▄▄▀▀▀▀▀▄▄ ▀▄ ▄▀ █ ▄ █ ▄ █ ▀▄ █ █ ▀ ▀ █ █ ▄▄▄ █ ▀▀▀▀▀▀▀▀▀▀▀▀▀ █ █ █ █▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀█ █▄█ █ ▀▀█ ▀▀█ ▀▀█ █ █▄█
Slots | | . ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▄ █ ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ █ ▄▄ █ █ █ █ █ █ ▄▀▀▄▀▀▄ █ █ █ ▀▄ ▄▀ █ █
Blackjack | | | | █▀▀▀▀▀█▄▄▄ ▀████▄▄ ██████▄ ▄▄▄▄▄▄▄▄█▀ ▀▀█ ████████▄ █ █████████▄ █ ██████████▄ ▄██ █████████▀▀▀█▄▄████ ▀▀███▀▀ ████ █ ███ █ █▀ ▄█████▄▄▄ ▄▄▀▀ ███████▀▀▀ | | | | | | | | | | [ Đ ][ Ł ] AVAILABLE NOW | |
Advertisements are not endorsed by me.
|
|
|
Charles-Tim
Legendary
Offline
Activity: 1722
Merit: 5206
Leading Crypto Sports Betting & Casino Platform
|
|
March 11, 2021, 11:54:21 AM |
|
Not quit a reason you should think Ledger Nano is not safe.
Where did you buy the wallet? Hope it is new when you bought it?
Normally, Ledger Nano wallets is safe in this regarding, and you have no prove. Sorry for the loss, but there is a breach somewhere like someone knows your seed phrase, it may be the reseller you bought it from or someone close to you.
|
..Stake.com.. | | | ▄████████████████████████████████████▄ ██ ▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄ ██ ▄████▄ ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██ ██████ ██ ██████████ ██ ██ ██████████ ██ ▀██▀ ██ ██ ██ ██████ ██ ██ ██ ██ ██ ██ ██████ ██ █████ ███ ██████ ██ ████▄ ██ ██ █████ ███ ████ ████ █████ ███ ████████ ██ ████ ████ ██████████ ████ ████ ████▀ ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██ ██ ▀▀▀▀▀▀▀▀▀▀ ██ ▀█████████▀ ▄████████████▄ ▀█████████▀ ▄▄▄▄▄▄▄▄▄▄▄▄███ ██ ██ ███▄▄▄▄▄▄▄▄▄▄▄▄ ██████████████████████████████████████████ | | | | | | ▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄ █ ▄▀▄ █▀▀█▀▄▄ █ █▀█ █ ▐ ▐▌ █ ▄██▄ █ ▌ █ █ ▄██████▄ █ ▌ ▐▌ █ ██████████ █ ▐ █ █ ▐██████████▌ █ ▐ ▐▌ █ ▀▀██████▀▀ █ ▌ █ █ ▄▄▄██▄▄▄ █ ▌▐▌ █ █▐ █ █ █▐▐▌ █ █▐█ ▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█ | | | | | | ▄▄█████████▄▄ ▄██▀▀▀▀█████▀▀▀▀██▄ ▄█▀ ▐█▌ ▀█▄ ██ ▐█▌ ██ ████▄ ▄█████▄ ▄████ ████████▄███████████▄████████ ███▀ █████████████ ▀███ ██ ███████████ ██ ▀█▄ █████████ ▄█▀ ▀█▄ ▄██▀▀▀▀▀▀▀██▄ ▄▄▄█▀ ▀███████ ███████▀ ▀█████▄ ▄█████▀ ▀▀▀███▄▄▄███▀▀▀ | | | ..PLAY NOW.. |
|
|
|
dkbit98
Legendary
Offline
Activity: 2408
Merit: 7561
|
|
March 11, 2021, 11:55:12 AM |
|
Here we go again... Don't blame it all on ledger right away because it is probably your own mistake or you have been a victim of some Hardware Wallets Attack vectors, maybe you purchased wallet from bad source or you entered seed words on some phishing website from some link you clicked. Why you wrote the same question in Nederlands (Dutch) section and locked the topic?
|
|
|
|
sheenshane
Legendary
Offline
Activity: 2506
Merit: 1232
|
|
March 11, 2021, 03:58:56 PM |
|
Ledger wallets are a well-known safe hardware wallet for Bitcoin and other cryptocurrencies, so before accusing them, let us know first where did you buy that Ledger Nano s wallet. If you have bought your Ledger nano s device on these authorized distributor/reseller networks, you're probably safe and not the device fault losing your Bitcoin, but if not, you might have used a not genuine device and probably a preconfigured or tampered one which they can access your device. To avoid a headache, always purchase on the official site. It might be helpful if you read this article and you might find the answer to your problem but unfortunately, not to recover your Bitcoin's loss. and sorry for your loss, learn this mistake don't let it will happen again.
|
|
|
|
The Sceptical Chymist
Legendary
Offline
Activity: 3514
Merit: 6986
Top Crypto Casino
|
|
March 11, 2021, 04:05:35 PM |
|
Here we go again...
I'm surprised you're almost sticking up for Ledger here, as you usually are quite critical of them if I'm not mistaken--but you're right. I don't think I've ever read about something like what OP is describing happening with a Ledger. If there were even one or two cases of that, I'm pretty sure Ledger's reputation wouldn't be as sterling as it is (though it's been tarnished as of late). I have the same questions for OP as others have asked, and hopefully he doesn't abandon this thread without answering them. I'd be very interested to know where he bought the Ledger, and that info might help the community if it was from a 3rd party.
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3850
Merit: 6585
Looking for campaign manager? Contact icopress!
|
|
March 11, 2021, 04:14:27 PM |
|
My Ledger was not connected to my PC. How is this possible?
The coins were never on Ledger. The coins are never "in the wallet". The coins are "on the network", the wallet is only a tool to spend the money. Now, think what you could have done in a way that have allowed others get your seed: * did you initialize/properly reset Ledger yourself? * did you write the seed somewhere else (a website, or a notepad to print it out)? * how did you transfer money "to Ledger", did you provide only an address or something more? I have a Ledger for a year now and no funds were stolen from me. You'll have to give us much more info, but until now I tend to believe that you either got a tampered device, either done something that allowed somebody else steal your money.
|
|
|
|
LeGaulois
Copper Member
Legendary
Offline
Activity: 2940
Merit: 4101
Top Crypto Casino
|
|
March 11, 2021, 09:20:37 PM |
|
Did you buy the Ledger Nano S from Ledger themselves? Was the seal intact? Did you write down the seed yourself?
The boxes are not sealed anymore, probably since 2019 IIRC. Since it can easily be reproduced, it becomes a useless security but until now I tend to believe that you either got a tampered device, either done something that allowed somebody else steals your money.
He bought the device in December and in February spent some BTC on the wallet. Considering it was not his first transaction, why the wallet wasn't hijacked before February? Personally, I think it's a human error.
|
|
|
|
Darker45
Legendary
Offline
Activity: 2758
Merit: 1927
|
|
March 12, 2021, 03:17:51 AM |
|
I'm a bit troubled by this. I wonder how the actual stealing took place. Hopefully, it doesn't have anything to do with the hardware itself. But I really am very curious how everything transpired. On a side note, I understand that a hardware wallet if fully air-gapped is secured, but I'm now wondering, does plugging your hardware wallet to your online PC or laptop necessarily pose a risk of whatever degree to your funds? That is, even if you are only operating on your Ledger Live, for example, for the entire duration? Did you buy the Ledger Nano S from Ledger themselves? Was the seal intact? Did you write down the seed yourself?
The boxes are not sealed anymore, probably since 2019 IIRC. Since it can easily be reproduced, it becomes a useless security How was this information obtained? I mean that the boxes are not sealed anymore.
|
|
|
|
posi
|
|
March 12, 2021, 04:22:49 AM |
|
The reason why the OP lost his Bitcoin is simple, is either he exposed his wallet or the wallet was not buy from the ledger's official distributors or retailers because when the wallet company was attacked by hackers in late June in Paris none of the wallet user experience any loss of fund despite some private information that was stolen by the hackers.
Do you get the wallet from an untrusted source online? How many people have access to the safe where you kept the wallet backup words?
|
|
|
|
NeuroticFish
Legendary
Offline
Activity: 3850
Merit: 6585
Looking for campaign manager? Contact icopress!
|
|
March 12, 2021, 07:21:48 AM |
|
but until now I tend to believe that you either got a tampered device, either done something that allowed somebody else steals your money.
He bought the device in December and in February spent some BTC on the wallet. Considering it was not his first transaction, why the wallet wasn't hijacked before February? Personally, I think it's a human error. He wrote that in February he has received money, not sent. I'd say that at that time he opened the wallet to get an address. And this can mean that until that point nobody stole anything simply because there was nothing to steal.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18746
|
|
March 12, 2021, 09:04:39 AM |
|
I'm surprised you're almost sticking up for Ledger here, as you usually are quite critical of them if I'm not mistaken--but you're right. It's a reasonable position (and indeed, the correct position) to be critical of a company when they have obviously failed (such as in Ledger's database breach), but not jump to conclusions without evidence regarding other issues (such as in this case). Literally every time I have seen someone complain that their hardware wallet was hacked, it has turned out to be user error, not following the set up guide, insecurely backing up their seed phrase, entering their seed phrase on a website, etc., and no fault of the hardware wallet or its manufacturer. He bought the device in December and in February spent some BTC on the wallet. Considering it was not his first transaction, why the wallet wasn't hijacked before February? Personally, I think it's a human error. How do we know it wasn't his first transaction? Regardless, lots of people with hardware wallets make a small "test" transaction first, and many more use it to slowly build up their funds over time. If the attacker knew the seed phrase from the outset (as they would in the case of a pre-initialized device), then it may well be in their best interests not to clear out the wallet immediately, but to wait a few months for a larger amount of coins to be deposited. Or perhaps the attacker only just discovered the seed phrase because OP had entered it on a website, uploaded a screenshot to a cloud backup, or something similar. On a side note, I understand that a hardware wallet if fully air-gapped is secured, but I'm now wondering, does plugging your hardware wallet to your online PC or laptop necessarily pose a risk of whatever degree to your funds? That is, even if you are only operating on your Ledger Live, for example, for the entire duration? By plugging your hardware wallet in to a computer with an internet connection which is filled with malware, the worst thing that can happen is that some malware creates a transaction and pushes it to your hardware wallet to be signed. Without you physically approving the transaction on the hardware wallet itself, then the transaction can never be signed and therefore never be broadcast, and your coins can not be stolen. The only way coins can be stolen in this manner is if you are completely careless and approve a transaction on your hardware device that you didn't create and without checking it. How was this information obtained? I mean that the boxes are not sealed anymore. From Ledger themselves: Ledger deliberately chooses not to use anti tamper seals on its packaging. These seals are easy to counterfeit and can therefore be misleading. Rather, genuine Ledger devices contain a secure chip that prevents physical tampering: this provides stronger security than any sticker possibly could.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7550
Playgram - The Telegram Casino
|
|
March 12, 2021, 09:40:10 AM |
|
Walk us through the entire process of you purchasing, configuring, and receiving Bitcoin on your Ledger device. There are already a bunch of questions for you to answer, so I wont be repeating those. Check your browsing history and copy/paste the site where the wallet was purchased from. Where did you send those coins from and was the transaction ever confirmed on the blockchain? Or did you just see a balance update in Ledger Live? How does the device look? Does it look like it has been opened? Check the hardware integrity article from Ledger and compare it with the wallet you have ( https://support.ledger.com/hc/en-us/articles/115005321449-Check-hardware-integrity). Have you received any phishing mails recently that looked like they came from official Ledger support that asked you to download an updated software because your funds might be in jeopardy?
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
Darker45
Legendary
Offline
Activity: 2758
Merit: 1927
|
|
March 13, 2021, 01:49:23 AM |
|
On a side note, I understand that a hardware wallet if fully air-gapped is secured, but I'm now wondering, does plugging your hardware wallet to your online PC or laptop necessarily pose a risk of whatever degree to your funds? That is, even if you are only operating on your Ledger Live, for example, for the entire duration? By plugging your hardware wallet in to a computer with an internet connection which is filled with malware, the worst thing that can happen is that some malware creates a transaction and pushes it to your hardware wallet to be signed. Without you physically approving the transaction on the hardware wallet itself, then the transaction can never be signed and therefore never be broadcast, and your coins can not be stolen. The only way coins can be stolen in this manner is if you are completely careless and approve a transaction on your hardware device that you didn't create and without checking it. But could such malware enter Ledger Live, for example, and tamper a particular transaction you are about to confirm? I used to experience pasting an address but the one that would appear is different from the one I copied. I almost confirmed it before I noticed it looked different. That was a long time ago and it wasn't a Ledger transaction. Anyway, is it possible that the address that appears on Ledger Live as well as on the hardware itself are exactly the same address but one which did not come from you? Thanks for the response, by the way. Apologies, OP, for hijacking your thread. I'm out.
|
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18746
|
|
March 13, 2021, 07:41:37 AM |
|
But could such malware enter Ledger Live, for example, and tamper a particular transaction you are about to confirm? Sure. Ledger Live is just like any other piece of software. Malware could target it and change a transaction you are creating in the software. What it can't do, however, is change what shows up on the screen of your hardware wallet. So if malware altered a transaction you were making in Ledger Live, whatever alterations it made would show up in the screen of your Ledger Nano. Provided you are double checking what shows up in the screen of your Ledger Nano before you confirm it (and if you aren't, then why are you even using a hardware wallet in the first place?), then you will notice these alterations and therefore not sign the transaction. Anyway, is it possible that the address that appears on Ledger Live as well as on the hardware itself are exactly the same address but one which did not come from you? This is possible, yes. If malware changes the address in Ledger Live, then this changed address will be what shows up on your hardware wallet, which you will notice when you double check and therefore not sign. What it can't do is show the correct address on your hardware wallet while actually signing a transaction to a different address.
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7550
Playgram - The Telegram Casino
|
|
March 13, 2021, 09:02:17 AM |
|
Sure. Ledger Live is just like any other piece of software. Malware could target it and change a transaction you are creating in the software. What it can't do, however, is change what shows up on the screen of your hardware wallet. So if malware altered a transaction you were making in Ledger Live, whatever alterations it made would show up in the screen of your Ledger Nano.
What about when you create receiving addresses in Ledger Live? You suggested that if a malware changed the address in Ledger Live, that same address would be displayed on the screen of your Ledger hardware wallet as well. Is that correct? If that is true, how would the user know that he is about to confirm a transaction that will be sent to the wrong address? If malware changes the address in Ledger Live, then this changed address will be what shows up on your hardware wallet, which you will notice when you double check and therefore not sign. If the two addresses match, but a malware caused you to generate an address that doesn't belong to your wallet, how would the user know that? I always thought that it wasn't possible to pair your hardware wallet with a fake Ledger Live software. Upon connecting, the Ledger device should notice that it's communicating with a fake app. The biggest treat is inserting your recovery phrase in the fake software, which is how people lose money.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
o_e_l_e_o
In memoriam
Legendary
Offline
Activity: 2268
Merit: 18746
|
|
March 13, 2021, 12:09:27 PM |
|
-snip-
So, my reply above was in relation to creating a transaction on Ledger Live (or any piece of software) which is then pushed to the hardware wallet for signing. The hardware wallet will always display the address in the transaction it is signing, so even if some malware is altering the address you see on your computer screen, the real address will show up on your Ledger Nano and so you can double check it is correct and reject it if it isn't. In terms of receiving addresses, then you should always confirm the address using your Ledger Nano by following these instructions: https://support.ledger.com/hc/en-us/articles/360006444193-Receive-crypto-assets. Again, the Ledger Nano will only ever show the real address, and so if some malware is changing the address on your computer screen, you will see that they do not match.
|
|
|
|
LeGaulois
Copper Member
Legendary
Offline
Activity: 2940
Merit: 4101
Top Crypto Casino
|
|
March 15, 2021, 06:56:54 PM |
|
Did you buy the Ledger Nano S from Ledger themselves? Was the seal intact? Did you write down the seed yourself?
The boxes are not sealed anymore, probably since 2019 IIRC. Since it can easily be reproduced, it becomes a useless security How was this information obtained? I mean that the boxes are not sealed anymore. By buying devices myself ^^ You managed to throw doubt on me, but I checked the site and it says the same thing Anti tamper seals Ledger deliberately chooses not to use anti tamper seals on its packaging. These seals are easy to counterfeit and can therefore be misleading.I don't remember exactly when they stopped but it's a bit old now He wrote that in February he has received money, not sent. I'd say that at that time he opened the wallet to get an address. And this can mean that until that point nobody stole anything simply because there was nothing to steal. I assumed the person already used the device between December and February
|
|
|
|
Pmalek
Legendary
Offline
Activity: 2940
Merit: 7550
Playgram - The Telegram Casino
|
|
March 16, 2021, 05:16:03 PM |
|
The hardware wallet will always display the address in the transaction it is signing, so even if some malware is altering the address you see on your computer screen, the real address will show up on your Ledger Nano and so you can double check it is correct and reject it if it isn't. That is exactly what I thought Ledger hardware wallets do until you confused me with the below part of your previous post which I will quote . If malware changes the address in Ledger Live, then this changed address will be what shows up on your hardware wallet, which you will notice when you double check and therefore not sign. This part made it sound like the altered address would be displayed on the screen of the Ledger device instead of the real address generated by the user.
|
|
|
|
▄▄███████▄▄███████ ▄███████████████▄▄▄▄▄ ▄████████████████████▀░ ▄█████████████████████▄░ ▄█████████▀▀████████████▄ ██████████████▀▀█████████ █████████████████████████ ██████████████▄▄█████████ ▀█████████▄▄████████████▀ ▀█████████████████████▀░ ▀████████████████████▄░ ▀███████████████▀▀▀▀▀ ▀▀███████▀▀███████ | ▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄ Playgram.io ▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀ | ▄▄▄░░ ▀▄ █ █ █ █ █ █ █ ▄▀ ▀▀▀░░
| │ | ▄▄▄███████▄▄▄ ▄▄███████████████▄▄ ▄███████████████████▄ ▄██████████████▀▀█████▄ ▄██████████▀▀███▄██▐████▄ ██████▀▀████▄▄▀▀█████████ ████▄▄███▄██▀█████▐██████ ██████████▀██████████████ ▀███████▌▐██▄████▐██████▀ ▀███████▄▄███▄████████▀ ▀███████████████████▀ ▀▀███████████████▀▀ ▀▀▀███████▀▀▀ | | │ | ██████▄▄███████▄▄████████ ███▄███████████████▄░░▀█▀ ███████████░█████████░░█ ░█████▀██▄▄░▄▄██▀█████░█ █████▄░▄███▄███▄░▄██████ ████████████████████████ ████████████████████████ ██░▄▄▄░██░▄▄▄░██░▄▄▄░███ ██░░░█░██░░░█░██░░░█░████ ██░░█░░██░░█░░██░░█░░████ ██▄▄▄▄▄██▄▄▄▄▄██▄▄▄▄▄████ ███████████████████████ ███████████████████████ | | │ | ► | |
[/
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
March 16, 2021, 06:09:54 PM |
|
I always thought that it wasn't possible to pair your hardware wallet with a fake Ledger Live software. Upon connecting, the Ledger device should notice that it's communicating with a fake app. The biggest treat is inserting your recovery phrase in the fake software, which is how people lose money.
That's not practically feasible. If they were to implement such a change, this would automatically mean that you can not use your hardware wallet with the software wallet you want. You would be forced to use ledger live. And that would be ... a really dumb decision. There is no way for the hardware device to know whether it is talking to a malicious ledger live or to a 3rd party application (e.g. electrum, wasabi, ..). The real security mechanisms is that transactions on a genuine device can only be signed using the buttons and that the transaction to be signed is shown on the screen.
|
|
|
|
|