QUADRIGA INITIATIVE
CRYPTO WATCHDOG & FRAUD RECOVERY PLATFORM
A COMMUNITY-BASED, NOT-FOR-PROFIT
$3 000 USD
MARCH 2021
UNKNOWN
LEDGER
DESCRIPTION OF EVENTS
"I bought a ledger (from ledgers website) on NOV 25th 2020 (they were on sale then too, it was 75$). I [didn't] get around to setting it up until a few days ago." "I also use Torguard VPN."
"I did not take a picture of it on my phone or anything, literally the only thing I can think of is I put it into my keepass on my computer." "The only time the passphrase was typed it is when [I] was storing it in my lastpass." "Thats the only time that phrase was ever typed out." "I only put 23 words on there, not the last one."
"I just found out I had 3258$ worth of BTC stolen from my ledger nano x on [M]arch 23rd at 2:28 am." "I had my ledger hacked. .059 BTC (about 3k at the time)"
"Im not super happy right now." "I hate throwing away gains[. I'm] embarrassed it happened, and it really [upsets me]."
"How did it happen? Not entirely sure yet. I put a key on a password manager so [I] would have to guess it was that...how a key logger or something of the like got on my computer is a different question. I formatted the drive and reloaded the [operating system], what a pain."
"If your computer has malware keylogger or your keepass is compromised you just gave your seed phrase to the attacker. I mean ledger is super explicit about this. NEVER not once not ever. NEVER EVER EVER enter your seed phrase anywhere but directly into the ledger itself."
The 24th word "contains an 8-bit checksum[. T]here are 3 bits that are not part of the checksum." "Having 23 words with 1 word left out is akin to leaving a key in the door lock, waiting for someone to turn it!"
"I suppose thats possible, but its weird that they never tried to get into any of my other crypto accounts (or stocks, bank accounts...etc)."
"Lesson: [Don't] put your keys anywhere on your computer/phone. [Y]ou write [it] down and put it in your safe."
A Reddit user reported that their bitcoin went missing from their Ledger wallet just 2 days after setting it up. After their setup, they had entered the first 23 words from the seed phrase in their password manager and nowhere else. They lost roughly $3k worth of bitcoin, and there is no indication that any of the coins were able to be recovered.
Malware often enters computers though trojan method - where the individual downloads a new program or mod that also executes malicious code. It's possible that a legitimate download source could also have been replaced with a malicious program. Once on the computer, such programs can continue to operate under remote control, and will typically include functionality to monitor keystrokes, steal passwords, and perform other actions remotely.
This created an environment which was not pristine, where the keystrokes were captured and sent to a malicious entity. Even though the last word was not entered, it is relatively trivial for the adversary to determine what it is by guessing all the possibilities. Once they have access to the wallet, they can easily drain all of the funds.
HOW COULD THIS HAVE BEEN PREVENTED?
The risk of malware download can be reduced by only installing executable code from trusted and official sources, and in general you want to minimize the amount of software or modifications installed. For greater security, it is likely good to run in an isolated environment with only the needed software.
A hardware wallet is such an idealized environment since it has only one function - storing the private key. However, all of this security is circumvented if the seed phrase is stored elsewhere in any digital form. Storage should be physical only - either paper or metal, and placed somewhere secure. Greater security can be obtained by splitting up the seed phrase or adding a "25th word".
Azzuro-x comments on Over $40k of CryptoCurrency Stolen (Aug 7)
Lameass_ comments on This of you who got hacked/scammed, what's your story, and how can others avoid the same mistakes? (Dec 21)
Lameass_ comments on Ledger got compromised...but how? (Dec 21)
Bitcoin / Transaction / bae1c87db984696ed5daa12d48a143b7b50d0b3c1d31e22f0be26fe01c7529cb — Blockchair (Dec 21)
Bitcoin Explorer - Blockstream.info (Dec 21)
