AND IT HAPPENED! Hardware Wallet Hacked!
Just 3 days ago I made a post regarding why I do not like hardware wallets. AND on the same day apparently on reddit someone had their funds stolen that were "secured" in a hardware wallet!
While this user may have purchased his hardware wallet from ebay, so we can not verify it to be an authentic Ledger, this still proves what I raised as a huge concern just last week in my post "Why I do not like hardware wallets! [Spectre and Meltdown ring a bell?]"!
I have not used my Ledger in a week, today I decide to check the value of my XRP, Litecoin and Dash only to discover that all of them showed up as zero and had been transferred somewhere else yesterday all around the same time at 7:30pm. I am not sure how this is possible as I have not access my Ledger in a week. I do not know what do to as the total value is over £25000, has by currency been stolen or is it something else? I am at a lost here and right now feel so physical sick. Some please help.
It seems that the hardware wallet wasn't hacked, the user was manipulated to use an existing seed.
OP states on reddit:
Looks like a scam method from resellers of ledgers to put a "recovery sheet" with that product, so they have access to the wallet.
It's like phishing. It's way easier to engineer the user to drop every security measure instead of actually hacking something.
Very similar to my proposal for attack in my original argument. The "recovery" method being the back door:
Yes I’ve also read about the hardware hack .... it’s pretty scary ... thanks for your post ... I am quite sceptical about hardware wallets now
I use cd-r and paper wallets that are generated on air gaped computers to ensure my funds are secure. Over 4 years and 100s of coins I have held and not a single loss ever!
Thanks for the great advice ... cheers
over 1k upvotes but only 115 views. how do you do it?
Multiple platforms, steemit only counts views from steemit.com but there are many ways to access and interface with steem content.
can i ask what platforms. this seems interesting enough. I am kinda confused actually. Also thanks for replying.
Haawww! £25000 .. that's insan! you knew that hardware wallet is not safe then why did you use it. Sorry for your lose @bigdeej but i got alert to safe my asset.
He is talking about somebody else who lost 25000 pounds from using a hardware wallet
oh thanks bud. I was shocked why would he do that while he hardware wallet is not safe Ha Ha Ha thanks again @aphael .
Yeah poor guy! Just was so ironic that almost the exact time I was making that post someone actually did loose funds because of what appears to be a hidden backdoor on a hardware wallet purchased from a 3rd party (ebay). If you use hardware wallets ALWAYS use multisig and keep an offline key. This ensures even if a backdoor were put on your hardware wallet it only would function as 1 of many keys needed to unlock your funds. As I said in my original post, unless you really understand the reasons they CAN be useful, relying on them solely is putting a HUGE amount of trust into the hands of a few.
Yeah exactly ! The party can harm you when you trust it blindly. That idea is best that keep a copy of the key so that no body can abuse you funds. @bigdeej thank you so much and so kind of you that you explained it very well. My ears are up now i mean won't do that mistake ever. #God bless you Dear..!
always buy directly from the company too. anyone going through 3rd parties like ebay or amazon are just asking to be hacked. there needs to be more awareness on this stuff.
Agreed, problem is especially for the new people they are scared into believing they NEED a hardware wallet, then they can't get them since they are usually sold out, so they go to 3rd parties... My original post outlined even just a hardware or software bug, not even malicious intent, could result in the loss of funds.
I know that sick feeling, I really do feel for this guy. That will stick with him for the rest of his life so messed up. I hope they get the person who did this.
hi friend pls follow me :)