A user of the Ledger Nano S hardware wallet, going by the nickname Anchor Drops, reported the theft of at least 10 BTC and raised questions about the wallet manufacturer.
Hey @ledger tonight I lost 10 BTC and ~1.5m of NFTs stored on my ledger Nano S
— Anchor Drops (@anchor_drops) December 13, 2024
The ledger was purchased directly from you. The seed phrase was stored in a secure location, never entered anywhere online. I never signed any malicious transactions. Everything is in my physical…
According to the user, they also lost $1.5 million in NFTs.
“The wallet was purchased directly from you. The seed phrase was stored securely and never published online. I did not sign any malicious transactions. The device has always been in my physical possession, and I hadn’t used it in two months. Can you explain what happened?” wrote Anchor Drops.
A community member under the pseudonym KDean responded, identifying a suspicious Ethereum transaction, tagged as Fake_Phishing5443, approved by the user on February 22, 2022.
Sorry to hear man. Looks like the phish happened a few years ago and just woke up. pic.twitter.com/OjzyYXQFKf
— KDean (@kdean) December 13, 2024
“Sorry to hear that, man. It looks like a phishing attempt from years ago just came to fruition,” KDean commented.
This transaction explains the loss of NFTs, but it remains unclear how it contributed to the theft of bitcoins, noted Fuzzland’s Lead Security Researcher Tony Ke in a comment to Cointelegraph.
Senior Cyvers Fellow Hakan Unal speculated that the phishing attack might have granted the perpetrator access to all blockchains supported by the wallet.
The Ledger team shared a similar perspective:
“As far as we know, the user was a victim of a phishing attack targeting their Ethereum wallet. We assume that the same user error also occurred with Bitcoin.”
In response to Anchor Drops’ inquiries, Ledger developers recommended contacting law enforcement to trace and recover the stolen assets. They assured that their support team is ready to assist in the investigation.
Losing funds and NFTs is an incredibly distressing experience, let us share a few things that we hope can be of help.
— Ledger (@Ledger) December 13, 2024
First, it’s important to clarify that Ledger’s security model is designed to ensure that private keys are generated and stored securely within the Secure Element…
“Ledger wallets have never been hacked remotely (or physically). Such incidents often result from phishing attacks or previously authorized approvals,” the Ledger team stated.
Background
In December 2023, hackers compromised the Ledger Connect Kit library for decentralized applications, causing losses of approximately $600,000 to users.