Ledger hacked, 30 BTC stolen on 04/02/2023

[jiwoo]

I'm using Ledger Nano S.
I saved its seeds on txt file in my PC like a fool.
Then my PC got hacked and 30 BTC are stolen.
What should I do?
Could you please give me some advices.

The hacker's Bitcoin Address : 36Kvbsc24vAcwXYNSoeYVbaHetpNFZdFGK
        TxID: 605b9c3f0bc87293782c52b82633ef98131abad4abfa11f45480e4517118c127
        TxID: 1009640f392024e7f302e9e1ce2f3ce00f2ec486875a531b5e44598b36dd0e6d
        TxID: 61975ca7747b294ad8eb5da4c831c64057fc8135a44b15d926abe246f212ce0f
        TxID: f1ae53e7d1a819fb332ab8cb4f2e7346ab8b10beea81101de532f8d92dfdf3b4
        TxID: 72fc7448e61d336cec2ff0fcaa505918984b1c532396899ff0f4a0b660a16efc
        TxID: c2820794849a5d4bb6a1a6ea952704906050f37c58477a1bab1844132a31bbd9

The hacker's IP : 185.238.90.50

[Charles-Tim]

Sorry for this.

You got a hardware wallet, using it like an online wallet. You supposed to backup the seed phrase offline on paper or on steel/stainless sheet instead, not as text file on your device.

Sorry, nothing can be done. But try to trace the coin if it can be traced to an exchange. Maybe Chainanlytic company can also be helpful.

[Bitcoin_Arena]

You rendered your hardware wallet useless as soon as you stored the seeds on a text file on a PC which is probably infected.

30 BTC is really huge and devastating to lose. I don't know if I would be in the right mental state for some days, maybe weeks, if this kind of thing happened to me. The hacker will most likely move the Bitcoins through a bitcoin mixer before cashing out, so maybe you could try to make use of blockchain analytic companies as suggested, but it will be at a fee.

If the Bitcoins ended up in an exchange address that is traceable, again you are going to have to get a lawyer, involve law enforcement and the court to try and get information from an exchange about the owner of the account

But just know, chances are super slim that you could get back even a satoshi.

[digaran]

How do you know the ip address and do you know how your system was infected?

[LoyceV]

I saved its seeds on txt file in my PC like a fool.

Please change the title: your Ledger wasn't hacked, your PC was hacked. Or someone got physical access.

What should I do?

There isn't much you can do. If there's a chance it was someone local, you should go to the police.

The hacker's Bitcoin Address : 36Kvbsc24vAcwXYNSoeYVbaHetpNFZdFGK

There's another address: bc1q7mpd3ue4dry2v0v85v6jmn8hv32nq6zwdn0g83. The first one receives 70%, the other gets 30%. I've seen that before: it looks like 2 guys are sharing the stolen money.

The hacker's IP : ~

How did you get this? Chances are it's a dead end anyway.

[paid2]

Wow 30 BTC stolen, I am sincerely sorry for your loss OP.

As the others said, the Ledger was not hacked but only your pc, or your seed was stolen more simple way to tell it...

There is not much you can do, but considering the amount of money involved, you should still try this:

- File a complaint with your local authorities
- Report the BTC address of the thieves to any CEX you can: Binance, Coinbase, Kraken etc.
- Provide a copy of the complaint to the CEX, so that they take your message seriously and are a little more proactive in flagging the thieves' addresses
- You can always try to contact Chainanalysis for the same purpose

If ever thieves make the mistake of cashing out on one of these CEX, the said CEX will fill in their SAR file as usual, and when it is communicated to the authorities, if they are competent, they may have a way to find your thieves.

However, the probability that thieves will make the mistake of not going through P2P but through a CEX KYC regulated is extremely low, and above all, this idea is only valid if you have a proof of purchase of your 30 BTC.

Good luck to you OP

[Stedsm]

You may try to get the location of that person traced through the IP address, but I believe that nobody is that fool to leave footprints for you to reach them out. Let me ask you this:
Did you let anyone know that you are holding Bitcoins with you? If yes, to how many people is this known? You must go to police and give their names as suspects and they should be interrogated on the basis of doubt. Who knows whether you're trying to find a thief outside but one is already known to you?

--snip--
However, the probability that thieves will make the mistake of not going through P2P but through a CEX KYC regulated is extremely low, and above all, this idea is only valid if you have a proof of purchase of your 30 BTC.

Good luck to you OP

You forgot that they may go through mixers to save their back. If they're smart enough to go through P2P, they'll first use mixing services to reduce the possibility of tracing the coins.

[Lucius]

Your case just shows how wrong those who think that buying a hardware wallet will solve all their problems when it comes to the security of their digital assets are wrong. Unfortunately, sooner or later they all pay the price of their ignorance and finance various hackers who live a luxurious life with their money.

For 30 BTC, I would certainly make an effort to report everything to the police, so that I can at least hope that the hackers will be found one day. Even if they used a VPN, it does not mean that they are completely protected, their real IP address could be found out through a court order. Furthermore, if it is about inexperienced hackers, there is always the possibility that they will make a mistake, but in order for there to be a chance that someone will discover it, the first thing is to report it to the police and have a forensic examination of the hacked computer.

[HedgeFx]

I'm using Ledger Nano S.
I saved its seeds on txt file in my PC like a fool.
Then my PC got hacked and 30 BTC are stolen.
What should I do?
Could you please give me some advices.

The hacker's Bitcoin Address : 36Kvbsc24vAcwXYNSoeYVbaHetpNFZdFGK
        TxID: 605b9c3f0bc87293782c52b82633ef98131abad4abfa11f45480e4517118c127
        TxID: 1009640f392024e7f302e9e1ce2f3ce00f2ec486875a531b5e44598b36dd0e6d
        TxID: 61975ca7747b294ad8eb5da4c831c64057fc8135a44b15d926abe246f212ce0f
        TxID: f1ae53e7d1a819fb332ab8cb4f2e7346ab8b10beea81101de532f8d92dfdf3b4
        TxID: 72fc7448e61d336cec2ff0fcaa505918984b1c532396899ff0f4a0b660a16efc
        TxID: c2820794849a5d4bb6a1a6ea952704906050f37c58477a1bab1844132a31bbd9

The hacker's IP : 185.238.90.50

I'm so sorry about what happened.
As LoyceV has already written, first of all your PC was hacked.
But did you manage to figure out how they hacked your PC? This would be important to understand how much your wrong habit led you to make this mistake!
Maybe you opened an email? Or did you go to some malicious site? Have you installed one of the fake ledger updates?

[BlackHatCoiner]

Could you please give me some advices.

For your case, you should address the police, and perhaps even some exchanges if they happen to receive some of those funds. Lots of scammers are reckless and send their stolen coins to some exchange they've completed KYC.

For the future, take precautions. Don't use an affected environment. I haven't yet understood how they stole them from you, but I presume it was some sort of clipboard malware? (i.e., keylogger)

[DaveF]

Could you please give me some advices.

For your case, you should address the police, and perhaps even some exchanges if they happen to receive some of those funds. Lots of scammers are reckless and send their stolen coins to some exchange they've completed KYC.

For the future, take precautions. Don't use an affected environment. I haven't yet understood how they stole them from you, but I presume it was some sort of clipboard malware? (i.e., keylogger)

The OP had the recovery phrase saved as a text file. So anyone with access to the PC, be it a hacker, evil maid, friend or family member, *anyone* could have taken the funds.
Since there are so many things we do not know such as the environment or the OS or if it was password protected or not, the location of the PC and so on, there is no way to even guess what happened.

It's a good lesson for all of us to keep in mind while helping others. You can tell people to get a hardware wallet, you can explain to them how to do things, now here is another thing you can point to when telling them to keep their seed safe.

-Dave

[Lucius]

~snip~
It's a good lesson for all of us to keep in mind while helping others. You can tell people to get a hardware wallet, you can explain to them how to do things, now here is another thing you can point to when telling them to keep their seed safe.

If someone had told the OP not to keep the seed the way he did, maybe he would have kept it on paper and at some point he would have lost that paper, or one of his friends or people he lives with would have found it. Some people never understand, no matter how much someone explains to them, they think that Bitcoin is like some kind of bank that will compensate them for a loss if it happens.

I would even advise people to strengthen their backup with a passphrase, but for some it is an even bigger complication, especially if you tell them that the seed and passphrase should be kept separately. In any case, a properly stored backup is the most important thing, regardless of what kind of crypto wallet it is.

[Becassine]

I'm using Ledger Nano S.
I saved its seeds on txt file in my PC like a fool.
Then my PC got hacked and 30 BTC are stolen.
What should I do?
Could you please give me some advices.

The hacker's Bitcoin Address : 36Kvbsc24vAcwXYNSoeYVbaHetpNFZdFGK
        TxID: 605b9c3f0bc87293782c52b82633ef98131abad4abfa11f45480e4517118c127
        TxID: 1009640f392024e7f302e9e1ce2f3ce00f2ec486875a531b5e44598b36dd0e6d
        TxID: 61975ca7747b294ad8eb5da4c831c64057fc8135a44b15d926abe246f212ce0f
        TxID: f1ae53e7d1a819fb332ab8cb4f2e7346ab8b10beea81101de532f8d92dfdf3b4
        TxID: 72fc7448e61d336cec2ff0fcaa505918984b1c532396899ff0f4a0b660a16efc
        TxID: c2820794849a5d4bb6a1a6ea952704906050f37c58477a1bab1844132a31bbd9

The hacker's IP : 185.238.90.50

You can also report the hacker's bitcoin address on various sites such as :

https://www.bitcoinabuse.com/reports/36Kvbsc24vAcwXYNSoeYVbaHetpNFZdFGK

https://www.bitcoinwhoswho.com/scams

https://news.bitcoin.com/how-to-check-bitcoin-address-scam/

Some scammers, thinking they would never be prosecuted, were arrested, like Aurélien Michel who had sent the stolen funds to Binance and was thus identified.

[kopi72]

you can do nothing, the bitcoins will surely go through a mixer and it will be difficult to trace them, never store a large amount on a pc connected to the internet, especially not on a txt file. good luck finding your bitcoins.

[CryptoHFs]

1- announcement to all exchanges and mixers
2- police report
3- send the police report to all exchanges and mixers
done

however, you are late enough that the tokens has been mixed already

[larry_vw_1955]

I'm using Ledger Nano S.

so far so good.

I saved its seeds on txt file in my PC like a fool.

if you were doing that for a backup of your seedphrase then that's a really unfortunate thing since a hard drive can crash at any time and you can lose your data that way too. better to write it down on paper and put the paper somewhere safe.

Then my PC got hacked and 30 BTC are stolen.

the chances are that someone booted up your PC and took a look around. unless you're certain no one has access to it... in which case, you have malware on your PC. better get it cleaned ASAP. 

[hugeblack]

Sorry to lose your money but you won't get much information for free, if you are in a country with laws and you have extra money to spend tracking down the scammer you may get your money back.
Most scammers are lazy so your money will end up on centralized platforms and may not be mixed, try contacting cryptocurrency tracking services and by paying them a little you will get the tip of the string.

You can also report the hacker's bitcoin address on various sites such as :

How do the reporting mechanisms work here? In other words, how will you prove that this amount was scammed from you? Or in other words, how will the abuse of this service be prevented.
I used to think that such services are for hackers resulting from central platforms or entities, not individuals.

[philipma1957]

he never answered back.

if he is real oh well.

840k in one spot.  duh

[nc50lc]

if he is real oh well.

I have my doubts as well.
For example, the Transaction IDs provided seem to be "normal" transactions with change addresses which still have unspent significant amount of coins.
Not the typical "hack" transaction where everything is consolidated in one transaction.

Of course, it can also be the hacker trying to make those look like normal send.

I took the liberty to edit this Quote with links:

The hacker's Bitcoin Address : 36Kvbsc24vAcwXYNSoeYVbaHetpNFZdFGK
        TxID: 605b9c3f0bc87293782c52b82633ef98131abad4abfa11f45480e4517118c127
        TxID: 1009640f392024e7f302e9e1ce2f3ce00f2ec486875a531b5e44598b36dd0e6d
        TxID: 61975ca7747b294ad8eb5da4c831c64057fc8135a44b15d926abe246f212ce0f
        TxID: f1ae53e7d1a819fb332ab8cb4f2e7346ab8b10beea81101de532f8d92dfdf3b4
        TxID: 72fc7448e61d336cec2ff0fcaa505918984b1c532396899ff0f4a0b660a16efc
        TxID: c2820794849a5d4bb6a1a6ea952704906050f37c58477a1bab1844132a31bbd9

Anyways, let's just put a big note here that's it's not about Ledger device that got hacked.

[LoyceV]

if he is real oh well.

I have my doubts as well.

Someone named "Perfect-Ad" posted the same thing on Reddit, where it was removed by Mods.

For example, the Transaction IDs provided seem to be "normal" transactions with change addresses which still have unspent significant amount of coins.
Not the typical "hack" transaction where everything is consolidated in one transaction.

I addressed that:

There's another address: bc1q7mpd3ue4dry2v0v85v6jmn8hv32nq6zwdn0g83. The first one receives 70%, the other gets 30%. I've seen that before: it looks like 2 guys are sharing the stolen money.

Of course, it can also be the hacker trying to make those look like normal send.

Or, 2 hackers sharing the money. I also noticed this when checking wiped private keys: in some cases the funds are moved to more than one address.