Ledger Nano XRP And More Theft Thugluvdoc

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Revision as of 20:02, 10 June 2023 by Azoundria (talk | contribs) (Created page with "{{Imported Case Study 2|source=https://www.quadrigainitiative.com/casestudy/ledgernanoxrpandmoretheftthugluvdoc.php}} {{Unattributed Sources}} thumb|Ledger WalletReddit user Thugluvdoc purchased a new Ledger device from a "Ledger Official" store on Amazon, which included malware prompting him to enter the seed phrase on his computer, where it could be sent to the hacker. He didn't realize the proper process of setting up a Ledger wallet. All of his f...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Ledger Wallet

Reddit user Thugluvdoc purchased a new Ledger device from a "Ledger Official" store on Amazon, which included malware prompting him to enter the seed phrase on his computer, where it could be sent to the hacker. He didn't realize the proper process of setting up a Ledger wallet. All of his funds disappeared from his Ledger wallet except for some staked coins. It appears he was able to recover the staked coins by paying a developer to build a bot to transfer them faster than the attacker.

This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8][9][10][11][12][13][14]

About Ledger

"I bought the Ledger from the “Ledger official” store on Amazon. It has a link to the ledger website so I thought it was legit. I guess I made that mistake by going thru the Amazon ledger store."

"All coins unstaked are gone. Only the staked coins (cosmos and avalanche) are left. Cosmos has been undelegated by the hacker, and I have a few weeks before I can pull them. Hopefully faster than them. Avalanche auto unstakes at the end of February. Seeing if there is any way to secure my ledger or get a script to move coins out beforehand"

"I don't know how, but I believe I was hacked. Is there any way to retrieve XRP that was sent to an unknown wallet? I have a transaction from last Wednesday, and I never sent my ripple ANYWHERE. I have the wallet address it was sent to below. If anyone can help, please let me know.

This is the wallet where my stolen XRP was sent to: rPca9fVC5747DB3r8hDB6r8nkRxA3PsMYr

Cosmos is unable to do anything about the unstaking and transfer. So I have to race against the thief to hope I transfer it off somewhere quickly

I am still hoping for better luck with avalanche"

"it’s stored in the box in my suitcase. This ledger I bought must’ve been compromised."

"It’s been in my box in my suitcase since I bought this. I upgraded from my old ledger I held my coins on for 5 years, and this new one I was drained of my cosmos, tron, ripple, and monero"

"None, nobody. My cleaning lady I guess. I don't want to underestimate anyone, but that is doubtful"

"I did not go to any website. I restored it on my actual laptop. I check all of my wallets religiously every 3-4 days. I just checked today, and all of my XRP, TRON, and Monero was removed. My atom is being undelegated and i assume they want to move that off. Can I stop this in any way? Reset my keys? Or something?

"I did type it in to restore my old wallet" "How did I transfer my coins from my old to new ledger then? Not sure" "No part of the restore process requires you to type your seed into the computer"

I did reach out to xrp ledger for help since atom wasn't staking rewards. I am so crushed rn"

"I don't know how my ledger could've been hacked. I got a new one a few months back because I have more coins than I did 4 years ago. Now everything is drained (XRP, TRON, MONERO) but they are undelegating my Cosmos as we speak."

"Seeming like a malware. No clue how they could’ve accessed my monero wallet on my laptop"

"That’s the wallet they deposited my 6900 xrp"

"Also if anyone knows how I can make sure my AVAX is sent to another wallet immediately upon the staking period ending, I’d really appreciate the help and you will receive payment in crypto as a thank you once it is done."

"paid someone to write me a bot. Costed me $7500 but well worth it. Recovered my cosmos I’ll never recover the XRP, tron, or monero. Hoping I still hold my Avax which unstakes soon"

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Ledger Nano XRP And More Theft Thugluvdoc
Date Event Description
January 12th, 2022 12:34:22 PM MST XRP Stolen The XRP is stolen from his wallet.
January 17th, 2022 8:48:42 AM MST Reddit Post The issue is posted on Reddit.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost has been estimated at $6,000 USD.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

There do not appear to have been any funds recovered in this case.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

General Prevention Policies

It is absolutely critical to use official sources when purchasing hardware wallets. Seed phrases should never be entered on a computer when using a hardware wallet. When transferring to a new wallet, risk can be reduced by first setting up a new wallet with a smaller balance instead of transferring all funds at once.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. My XRP was transferred off my nano ledger somehow : Ripple (Oct 3, 2022)
  2. My XRP was transferred off my nano ledger somehow : Ripple (May 29, 2023)
  3. Thugluvdoc comments on My XRP was transferred off my nano ledger somehow (May 29, 2023)
  4. I had a large sum of money in cryptocurrency cyber-robbed from me. Is this tax deductible? : tax (Jun 1, 2023)
  5. Ledger hacked, avalanche is staked. How can I stop them from draining my avalanche once staking period is finished? : Avax (Jun 1, 2023)
  6. XRP Ledger Explorer - XRPSCAN (Jun 1, 2023)
  7. Phantom wallet not showing my coins. Did I get hacked? : solana (Jun 1, 2023)
  8. HACKED and actively draining coins. HOW CAN I STOP THIS : ledgerwallet (Jun 1, 2023)
  9. Thugluvdoc comments on HACKED and actively draining coins. HOW CAN I STOP THIS (Jun 1, 2023)
  10. Nano ledger hacked, everything drained. Now they’re undelegating my Cosmos and I need to stop them from stealing it after that’s done undelegating. Help please : CryptoCurrency (Jun 1, 2023)
  11. Thugluvdoc comments on Ledger hacked, COSMOS is being undelegated. How can I stop this? (Jun 1, 2023)
  12. XRP Ledger Explorer - XRPSCAN (Jun 1, 2023)
  13. XRP Ledger Explorer - XRPSCAN (Jun 1, 2023)
  14. XRP price today, XRP live marketcap, chart, and info | CoinMarketCap (Aug 7, 2021)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Ledger_Nano_XRP_And_More_Theft_Thugluvdoc&oldid=4559"