APRIL 2018




"Based in France, Ledger is the largest cryptocurrency hardware wallet company." "Ledger is a hardware cryptocurrency wallet that is used to store, manage, and sell cryptocurrency. The funds held in these wallets are secured using a 24-word recovery phrase and an optional secret passphrase that only the owner knows."


"Ledger offers two products, the Nano S and Nano X, that can store the digital keys used to secure crypto wallets. The devices can be used with a variety of cryptocurrencies, are compatible with numerous apps, and are supposed to offer a safe way to manage crypto without compromising too much on convenience. Ledger says on its website that it has sold 1.5 million products to customers in 165 countries to date."


"Hi, Sorry for sending as a pm but reddit is always rate limiting pulic messages every other 9 minutes so I had to wait 9 minutes but didn't have time for this."


"You can certainly watch the wallet balance without your ledger plugged in but for this you would need your recovery wordsin order to extract the extended public key."


"You can do this using Ian Colamenan's BIP39 tool like this: (1) Visit the BIP39 tool. (2) Enter your recovery words in the BIP39 Mnemonic box. All words on a single line and a single space between them. (3) Scroll down to Derivation Path. (4) Find the "extended public key". Using that extended public key you'll be able to see the total balance. You can use it on a website like blockchain.info or PC wallet that supports extended public keys."


"The link doesn't go to [iancoleman.io] (which is, ostensibly, legit). It goes to [iancolemann.io]."


"That page sends private keys [to] bip39/verify.php."


"I have half a mind to write a three-line python script to send millions of requests there so he has to verify every single one to see if it's a valid wallet. Not super hard to do automatically, but it would mean more work."


"This guy has already been "active" in this sub and we have collected information about him. He's now banned and we'll see how to proceed further from there."

A malicious individual was targeting Ledger hardware wallet users on the Ledger subreddit. Allegedly, they were trying to help users, but this help recommended that the users visit a website for BIP39 generation and enter their private key. The service apparently is legitimate, while the link that the scammers sent was to a copy of the site which sent them the private key information. It is unclear if they were successful with any of their attempts.


The seed phrase should never be entered anywhere except the Ledger hardware wallet.


Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.