Ledger Fund Theft Guy_Parker

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search

Notice: This page is a freshly imported case study from the original repository. The original content was in a different format, and may not have relevant information for all sections. Please help restructure the content by moving information from the 'About' and 'General Prevention' sections to other sections, and add any missing information or sources you can find. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Notice: This page contains sources which are not attributed to any text. The unattributed sources follow the initial description. Please assist by visiting each source, reviewing the content, and placing that reference next to any text it can be used to support. Feel free to add any information that you come across which isn't present already. Sources which don't contain any relevant information can be removed. Broken links can be replaced with versions from the Internet Archive. See General Tutorial on Wikis, Anatomy of a Case Study, and/or Citing Your Sources Guide for additional information. Thanks for your help!

Ledger

The user Guy_Parker had significant cryptocurrency holdings stored on a Ledger hardware wallet. The exact amount is not disclosed though he mentions it is thousands of dollars. Funds were transferred from the Ledger to Russian bad actors. The exact nature of the exploit is not disclosed, however there are some possibilities.

Guy_Parker mentioned that it had been so long since he had last used the Ledger, that he had to update the software, and it was at this time that the funds went missing. There was a Ledger software update phishing attack occurring at this time, and he may have fallen victim to it. However, Guy_Parker insists that he never entered his seed phrase anywhere and specifically that he had never seen the phishing page when shown it.

It is also possible that Guy_Parker's computer was infected with malware and had a backup copy of the seed phrase somewhere which Guy_Parker has long forgotten about. Guy_Parker mentions that he set things up himself which would have used software available online. There are many software packages which contain "trojan horse" software to allow remote control of the computer, and some (especially OS-level) may even evade detection by common malware tools. Malware is distributed relatively commonly when using pirated versions of Windows, for example. The attacker may have become aware of the cryptocurrency only through Guy_Parker connecting up the Ledger and that was what prompted the search for the seed phrase. In multiple other instances, users have insisted they didn't have their seed phrase online anywhere, only to later discover that actually they did at one point.

Finally, if the backup seed was truly not available on the device, it is still possible to trick someone who is making multiple transactions by having malware alter the transaction which is sent to the Ledger device. However, this seems unlikely that Guy_Parker would have been tricked to sign several transactions in a row without noticing any funds going missing. There is no mention of any transactions being made in this case.

While seed generation exploits are possible, Guy_Parker purchased his Ledger wallet directly from Ledger themselves, and any exploit to the seed generation would likely not be limited to affect just a single user. Hardware wallets are also subject to an extreme level of scrutiny from security experts throughout the community.

The Russian actors attempted to cash out the funds through Binance. Guy_Parker was able to request Binance to freeze the funds and work with UK law enforcement to ensure their safe return. He was able to recover his funds except for the transaction fees involved in the process. Guy_Parker has wiped his computer clean which would remove any malware and is now using a new hardware wallet called CoolWallet.

This is a global/international case not involving a specific country.[1][2][3][4][5][6][7][8][9][10][11][12][13][14][15][16][17][18][19][20][21][22][23][24][25][26][27][28]

About Ledger

"Based in France, Ledger is the largest cryptocurrency hardware wallet company." "Ledger is a hardware cryptocurrency wallet that is used to store, manage, and sell cryptocurrency. The funds held in these wallets are secured using a 24-word recovery phrase and an optional secret passphrase that only the owner knows."

"Ledger offers two products, the Nano S and Nano X, that can store the digital keys used to secure crypto wallets. The devices can be used with a variety of cryptocurrencies, are compatible with numerous apps, and are supposed to offer a safe way to manage crypto without compromising too much on convenience. Ledger says on its website that it has sold 1.5 million products to customers in 165 countries to date."

"My [Ledger] device was new. My 24 words only [I] knew and only on paper. And my device was only used to receive funds and store" "in Manchester UK." "24 passwords, written on paper, stored in a safe at a different address, nano was only plugged in to receive crypto and hold." "24 words are on paper and stored in a safe. Ledger itself is stored safely." "24 words on paper and in a safe not at my house. Password is unique to me. Only [I] know." "[P]ut alot of time and effort into building this up." "Ledger was used to only store. Passwords are written on paper [and] stored in a safe."

"Did you purchase you ledger from the manufacturer?" "I[']ve not missed a beat. Purchase, setup ect has been on the ball." "I use a laptop, desktop and my mining rig. That [I've] built myself. I know exactly what's on them."

"[I]'ve been over the process send/receive and for all of it you need to plug the thing in. [I'm] lost. [I've] not had it in for a while. [F]irst time today and it needed an update. [T]hat's how long its been off for." "I've used the thing flawlessly for a long time [with] no issues."

"I was externally hacked at the end of [A]pril." "At 20:58 my @Ledger S was hacked last night." "[B]y far been the toughest day in crypto space for me, let's hope tomorrow bring some positive news." "[S]pent all day chasing shadows." "I was cleaned out for 1000s mate. Its broken me! Was sold as the most secure investment [I] could make in this space. And then [I] was hacked. Thought [I] was the only one."

Regarding the possiblity of malware that locally replaces the Ledger Live desktop application. "This didnt happen to me but [I] knew of it. I was just offline and then gone!" "[H]ave never given away my details." "I didn't know about that till after [I] started sharing my story. I would never give away any information without someone showing me a badge!"

"[A]ll funds sent to 2 @binance wallets." "I literally opened my manager the morning after it happened! It was purely coincidental [I] found out so quick!" "I can see everything, apparently btc and Eth have ended up on @binance." "Took them 9 mins to clean me out." "Police said the hack originated from the Russia area of the world." "[T]he Cyber police unit concluded the origin of my recent hack and the loss of all my assets to my Ledger Nano S was Russian based."

"The movement of my funds was not authorised by me. So, theft. How it was done [I] dont know. Only constant was the ledger manager on my laptop." "The loss hurt. The potential for what could be was worse to deal with."

"Yes I will" "Contact binance with the wallet address. They will freeze those accounts. Contact police and report the theft. Binance will not deal with you only police from that point on."

"Was advised to report to action fraud, but was working to a 72 hour window. So went to the police station and spoke to the officer at the desk. He had no idea what i was talking about but did make a few calls. I received a call within a couple of hours from cyber team."

"Crypto and cyber crime is huge in the uk. They have a designated force who deal with all this. Think its also part of the fraud teams." "I have contacted the police/Fraud team as req[uired] and reported this to binance, [I'm] waiting on a reply from them to see what to do next." "All information has been passed to cyber crime specialist at the police. They have a direct contact at all these exchanges." "[I] wait......."

"Binance have frozen the wallets for 72hrs." "As it stands. Binance have frozen the suspect accounts. Binance support have not responded since 1am UK time." "As it stands atm, binance still have the account frozen that my crypto was sent to. They will not share any info [because] they are not my accounts."

"@ledger, we're seeing more and more cases of this theft. Can you please take a look into this and instill confidence in your product. Maybe make the 25th word mandatory when setting up a new device." "I'm done with playing nice. Product has security floors. It's that simple and evident!"

"@Ledger support none assistant." "Ledger dismissed the idea that the nano can be hacked. And the passwords are my responsibility. Thats fair but passwords are on paper in a safe and hack was [r]ussian. I'm in the uk!"

"As underlined in article 8 of our Terms and Conditions we would like to remind you that users of Ledger products are solely responsible for the way they use their devices and protect their data and information. Users must take all necessary steps to ensure that their PIN code and their 24-words recovery phrase remain confidential and are stored in a secure location, away from prying eyes."

"We have answered and [are] waiting for more information. The date of the hack coincides with the social engineering malware report we got (asking to enter the 24 words on the computer), so that's a potential answer."

"So when are you going to post a picture of the funds leaving your ledger live. If not you are lying." "Sharing an experience with a so called community on Twitter has its pro and cons. This has become apparent in the last few days. I'm not here to make waves just tell a story and share. [I'm] just [an] average Jo! Trying to get back what's mine and what [I've] worked for!"

"All in the hands of the police. Meeting them in the morning. Will have more details in 24 hrs." "Still waiting for confirmation of my funds.. but, Ukrainian bank accounts and russia ips and some dodgy bitcoin exchange.. fair play to the police.. [I've] learnt a lot in the last few hours." "Ip addresses from [R]ussia, dark web bitcoin sites and Ukrainian banks accounts."

"Absolutely over the moon! Outstanding work by DC CG at the cyber crime unit. He has been brilliant! Tracked, traced and returned almost every penny of my stolen crypto. Difficult few weeks but big thanks to @MerPolChiefCon for the work his team does. Can't thank you enough!" "Been tough, but got it sorted in the end." "My xrp was sent to an exchange. Police dealt direct with them throughout the investigation." "All my xrp back in the bag!!"

"Laptop is in the process of a full format. And the ledger device will be left in a box and not used." "Just need a safe cold wallet now. Currently sitting an exchange."

"All my #xrp is now living on my new @coolwallet. Simple set up, everything written on paper again and now stored in a safe again! Just me in the house so no prying eyes..... again."

This is a global/international case not involving a specific country.

The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.

Include:

  • Known history of when and how the service was started.
  • What problems does the company or service claim to solve?
  • What marketing materials were used by the firm or business?
  • Audits performed, and excerpts that may have been included.
  • Business registration documents shown (fake or legitimate).
  • How were people recruited to participate?
  • Public warnings and announcements prior to the event.

Don't Include:

  • Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
  • Anything that wasn't reasonably knowable at the time of the event.

There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.

The Reality

This sections is included if a case involved deception or information that was unknown at the time. Examples include:

  • When the service was actually started (if different than the "official story").
  • Who actually ran a service and their own personal history.
  • How the service was structured behind the scenes. (For example, there was no "trading bot".)
  • Details of what audits reported and how vulnerabilities were missed during auditing.

What Happened

The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.

Key Event Timeline - Ledger Fund Theft Guy_Parker
Date Event Description
April 28th, 2019 2:58:00 PM MDT Main Event Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.

Technical Details

This section includes specific detailed technical analysis of any security breaches which happened. What specific software vulnerabilities contributed to the problem and how were they exploited?

Total Amount Lost

The total amount lost is unknown.

How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?

Immediate Reactions

How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?

Ultimate Outcome

What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?

Total Amount Recovered

The total amount recovered is unknown.

What funds were recovered? What funds were reimbursed for those affected users?

Ongoing Developments

What parts of this case are still remaining to be concluded?

General Prevention Policies

It is absolutely imperative to store seed phrases only offline. It is recommended to use a separate wallet for typical transactions, and keep most funds in an offline and never used wallet for safe keeping. Seed phrases can be broken into smaller chunks for additional safety. Advanced users can set up a multi-signature setup to prevent the seed phrase from being breached.

Individual Prevention Policies

No specific policies for individual prevention have yet been identified in this case.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

Policies for platforms to take to prevent this situation have not yet been selected in this case.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

No specific regulatory policies have yet been identified in this case.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Ledger Live : Most trusted & secure crypto wallet | Ledger (Feb 13, 2022)
  2. Ledger Refuses Refunds, Tells Clients “Bank Vault Is More Secure” | Financegates (Mar 19, 2022)
  3. Physical Addresses of 270K Ledger Owners Leaked On Hacker Forum - Slashdot (Mar 19, 2022)
  4. Scammers Are Using Fake Devices to Steal Cryptocurrency Wallets | PCMag (Mar 6, 2022)
  5. @jpeezy555 Twitter (Mar 26, 2022)
  6. @Guy_Parker Twitter (Jun 12, 2022)
  7. @Guy_Parker Twitter (Jun 12, 2022)
  8. @Guy_Parker Twitter (Jun 12, 2022)
  9. @Guy_Parker Twitter (Jun 12, 2022)
  10. @Guy_Parker Twitter (Jun 12, 2022)
  11. @Guy_Parker Twitter (Jun 12, 2022)
  12. @Guy_Parker Twitter (Jun 12, 2022)
  13. @Guy_Parker Twitter (Jun 12, 2022)
  14. @StevodX Twitter (Jun 12, 2022)
  15. @Ledger Twitter (Jun 12, 2022)
  16. @Guy_Parker Twitter (Jun 12, 2022)
  17. @Guy_Parker Twitter (Jun 12, 2022)
  18. @Guy_Parker Twitter (Jun 12, 2022)
  19. @Guy_Parker Twitter (Jun 12, 2022)
  20. @Guy_Parker Twitter (Jun 12, 2022)
  21. @Guy_Parker Twitter (Jun 12, 2022)
  22. @Guy_Parker Twitter (Jun 12, 2022)
  23. @Guy_Parker Twitter (Jun 12, 2022)
  24. @Guy_Parker Twitter (Jun 12, 2022)
  25. @rippleitinNZ Twitter (Jun 12, 2022)
  26. @Guy_Parker Twitter (Jun 12, 2022)
  27. @Guy_Parker Twitter (Jun 12, 2022)
  28. @Guy_Parker Twitter (Jun 12, 2022)
Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Ledger_Fund_Theft_Guy_Parker&oldid=3656"