I came across a news saying that someone opened up his Ledger wallet after one week not touching it, to check the value of his holdings including XRP, Litecoin and Dash only to find out all of them showed zero in balance. Total value reported was over £25000. A huge amount of money indeed.
This is definitely shocking and I was wondering how could this happen? I own a Trezor and Ledger and nothing bad has happened to me yet. Digging down the story which you can view at the original Reddit post here, not to my surprise everything was due to scam and human error.
How could this happen?
- The scam part
The victim bought a Ledger wallet from eBay seller that comes with a fake Recovery Sheet which has the 24-word phrases already written on it. It then guided the victim to activate the wallet by using this recovery seed.
The fake recovery seed looks like:
Image from https://imgur.com/DsICkge
Obviously the scammer also holds another copy of the same seed while the victim thought he was the only one who holds it. When the victim restores the wallet using that seed, same balance of coin was showing up in the device of both the scammer and victim. Next thing, scammer moved all the coins to his another wallet, of course.
- The human error part
Lack of knowledge, the victim did not know what he was doing at all. I’m not sure how much he did to educate himself. But in this case, he clearly does not know how does a hardware wallet works. If he is well informed, all the traps that the scammer set up in the compromised Ledger package would not work at all at the first sight.
And if he refers to the official or reliable source of information while setting up the wallet. He would know that he can actually generate a new seed but not using the shady one on the sheet.
What’s the lesson?
Always buy hardware wallet like Trezor or Ledger from official site if you want to be 100% safe.
Educate yourself. If you wouldn’t, no one else would.
In the crypto world, you are your own bank. You take full responsibility for your assets.
Know what you are doing or don’t do it at all!
简要:
有位网友在第三方买了 Ledger 的硬件钱包结果钱全被盗了。追根究底,原来他买的钱包被人改过了包装,里头教他使用一张写好回复密码的 24 字种子来设置钱包。而事实是诈骗者也拥有同样的种子,所以双方都可以进入同一个钱包。当受害人把钱币都存进去的时候,诈骗者就立马把钱都转走了。
我们可以从中得到什么教训呢?
- 只从官方渠道购买钱包
这样就只会买到原装正品,可以大大降低被盗的风险。
- 自己要有足够的相关知识
这是最重要的。在加密货币的世界你就是你自己的银行,如果你也不知道自己在干什么,那么就等于玩火,出事了都不知哪里出的问题。
以这个事件为例,要是受害人知道钱包是如何运作的,一开始他就不会掉入这陷阱。退一步而言,要是他根据官方的指南设定钱包,他也会知道恢复种子是什么。而不会去用那假种子而导致损失。
币圈里安全是第一位的,弄丢了就找不回来了。谨记谨记!
This page is synchronized from the post: ‘Cryptocurrency stolen from a Ledger wallet 钱包被黑’