$2 000 USD

AUGUST 2020

GLOBAL

LEDGER

DESCRIPTION OF EVENTS

"Based in France, Ledger is the largest cryptocurrency hardware wallet company." "Ledger is a hardware cryptocurrency wallet that is used to store, manage, and sell cryptocurrency. The funds held in these wallets are secured using a 24-word recovery phrase and an optional secret passphrase that only the owner knows."

 

"Ledger offers two products, the Nano S and Nano X, that can store the digital keys used to secure crypto wallets. The devices can be used with a variety of cryptocurrencies, are compatible with numerous apps, and are supposed to offer a safe way to manage crypto without compromising too much on convenience. Ledger says on its website that it has sold 1.5 million products to customers in 165 countries to date."

 

"I am get Ledger Live 2.10.0 and install. After login and see new firmware 1.6.1 make upgrade. Ledger is upgarded ok. After install new app in Ledger and see outbound transaction, but i am not make it transaction, sure!!!! I am not crazy!!!! You can help me? what happened?"

 

"I am open Ledger Live (without connect Ledger) and see that have new Ledger Live 2.10.0 update. Click upgrade. Install it."

 

"Open new Ledger Live 2.10.0, Manager mode and connect Ledger see message NEW Firrmware 1.6.1 click update Firmware. Ledger Live download firmware. Get message about 24 word, what you need to know 24 words. Confirm it. After get message with code ID message 1-4 on Live Ledger in on Ledger, check it and confirm." "I am not enter 24 words!!!"

 

"After start firmware upgrade Ledger, Boot and firmware."

 

"After reboot Ledger enter PIN. Ledger Live inform me about reinstall App on Ledger. Confirm it. App download and install."

 

"See Outboard transaction in ETH."

 

"I am not open App ETH on Ledger and not make confirm it. SURE!!!"

 

"[T]here are 4 transactions made to the address to the same adress, if you look at the other adresses all 4 have transactions from Ethermine (0xEA674fdDe714fd979de3EdF0F56AA9716B898ec8) in their previous transactions." "I do not think it is linked to the ledger device, but possibly to some malicious software you have installed is possibly the problem."

Details are limited, but it appears that a user was tricked during the Ledger upgrade process into doing an action which compromised their wallet.

 

While the user insists they did not enter their seed phrase, they may have been tricked into running a malicious transaction that gave the attacker access to the fund in their wallet.

HOW COULD THIS HAVE BEEN PREVENTED?

Always download updates from the official website of Ledger. Store the majority of your funds in a fully offline wallet, which you don't typically interact with.

 

Check Our Framework For Safe Secure Exchange Platforms

Sources And Further Reading

 For questions or enquiries, email info@quadrigainitiative.com.

Get Social

  • email
  • reddit
  • telegram
  • Twitter

© 2021 Quadriga Initiative. Your use of this site/service accepts the Terms of Use and Privacy Policy. This site is not associated with Ernst & Young, Miller Thompson, or the Official Committee of Affected Users. Hosted in Canada by HosterBox.