Fonds STOLEN kurz nach der Verwendung der Seed Checker App – ist Ledger sicher?

[root_s2yse8vt]

Up

0

Down

::

Nur setzen diese da draußen, auch wenn meine Gelder sind jetzt für immer weg.

Am 15. April, kurz nachdem ich die App benutzt hatte, die überprüft, ob mein Seed korrekt ist, wurde mir mein gesamtes Geld aus meiner mit Ledger verbundenen Wallet gestohlen. Ich habe Anzeige bei der Polizei erstattet, und ein paar Redditoren konnten mir helfen. In der Wallet, an die das Geld geschickt wurde, befinden sich 4 Bitcoin. Ich habe 0,7 Bitcoin verloren.

Ist Ledger sicher? Ist es möglich, dass Ihr Seed, wenn Sie es in die App “Seed Recovery Check” eingeben, an einen privaten Server gesendet und böswillig verwendet wird?

Mein Ledger war per USB an meinen Laptop angeschlossen, der zu dem Zeitpunkt mit dem Internet verbunden war. Mir war nicht bewusst, dass man die App auch offline nutzen kann.

[thomgloams]

Up

0

Down

::

A moderator needs to clean this thread up. It’s going to confuse many people that aren’t familiar with every feature of a Ledger or how a Ledger works.

FACT: There IS a legit Ledger Live exclusive app called Recovery Check that can be installed ON TO YOUR LEDGER FROM LEDGER LIVE ONLY in the exact same way one would install the bitcoin app or Ethereum app. “App” refers to the apps approved by Ledger, only available from Live. THERE IS NO OTHER WAY TO INSTALL AN “APP” FROM SOMETHING LIKE GOOGLE PLAY STORE.

FACT: The ONLY way to install ANY LEDGER APPROVED APP is via Live Manager AND you must physically press both buttons when the device itself prompts you to allow Live to talk to the Ledger. This does NOT expose your private keys or recovery words to the internet or any other “hot” connection.

FACT: When you buy a legit Ledger no apps are preinstalled. PERIOD. It’s a blank slate. If there IS an app on it then the device was tampered with prior to you receiving it.

What this means is:
A) If the OP is CERTAIN that he set up the device with a fresh seed phrase that the device itself generated (not any seed words that came with the device or that were already loaded up before he received it) then we know OP at some point after installing the Bitcoin app installed the Recovery Check app.

B) If OP received a device that was already set up with apps and a 24 word seed and did not reset it right there, and only recalled the 24 words via the Recovery checker app or found a pre written card in the box then OP has been compromised since then.

C) Regardless of A or B , Ledger Live Desktop also has a fail-safe that checks if the connected device is genuine. We do not know if the OP was aware of that or saw the msg that appears EVERY TIME YOU CONNECT that device is genuine. If it weren’t, it would have screamed at him in red letters and been totally obvious. If somehow that itself was tampered with then it would be a brand new, never before seen, active exploit of Ledger out in the wild. This is highly unlikely.

D) Everything could have been exactly correct, working as expected, brand new seed on legit device in 2020 up until today. Just because he used recovery checker and lost funds some time after that, does NOT prove it was a bad app. It could just be coincidence and OP is creating a Link that isn’t there. And maybe his 24 words were exposed by a user mistake or some person any time between 2020 and now.

Conclusion:
OP got a used device from day 1
and never reset the recovery phrase and somehow there was a malicious app or whatever piggy backed on the device. Then Live would have had to miss this and say device was genuine (which it very well could have been) There are too many things we don’t know from OP to even speculate what could have been done.
This is full of holes

OP could be a troll. Because things don’t add up and it would be such a sophisticated attack, the first one, first time, first person for just 0.7 BTC? nope.

Likely outcome – OP compromised his recovery phrase by mistake like EVERY OTHER SUPPOSED HACK of a Ledger.
It’s Ochams Razor. It’s too far fetched that OP somehow got a bad Recovery Checker app on his device WHILE ALSO not being flagged by the Live device and firmware check that happens every time you connect. This would be catastrophic if it were true. It’s extremely unlikely.

This is a troll or basic user mishandling of recovery phrase.

[Knurlinger]

Up

0

Down

::

You did check/enter the seed on the device itself, right?

[ChillServative]

Up

0

Down

::

The “Recovery Check” app can be accessed in Ledger Live via the Manager tab. I know what you’re talking about. I used it without issue. You dont type anything into your computer…you just check it via your ledger buttons.

[btchip]

Up

0

Down

::

The Recovery Check application performs a local derivation on device so this is unrelated

[Gxl4]

Up

0

Down

::

i think there is someone to blame here- and Ledger isnt the one.

[Tremulant1]

Up

0

Down

::

I’ve installed this app via ledger live a few times over the last couple months and used it successfully without issue. Don’t tell me I have to friggin reset my wallet now because this app is vulnerable. Can someone from Ledger support confirm on the status and security of this app??

[AlmightyshO]

Up

0

Down

::

Yeah, I call this FUD or BS.

[notdsylexic]

Up

0

Down

::

What we need to know if Ledger is aware of any exploited seed checker apps. If an exploited seed checker app exists….. then that is bad news. It means that attackers can somehow access the ledger making it a “online” device.

[memestraighttomoon]

Up

0

Down

::

Let’s go down the common list of suspects:
– is your seed phrase stored in any sort of digital form?
– does anyone else have access to your seed phrase?
– where did you buy your ledger?
– did you use your seed phrase on any other types of wallets?

[7sevenheaven]

Up

0

Down

::

I’m shocked that people don’t know about the seed checker app. But not surprised op used a “”””pre installed one”””””

[Massive_Fish_2872]

Up

0

Down

::

where was this app installed on ledger device or your laptop?

[justfortoday82670]

Up

0

Down

::

I ran into same thing…restored accounts and went to seed checker app…but was redirecting to external site…I contacted ledger and got no where..I never tried external site….erased ledger and restored ledger to test seed…

[omega180984]

Up

0

Down

::

Seed checken app?

Never put your seed in any app!!!!!!

Thats scam

[osrsflopper]

Up

0

Down

::

THIS IS FUD! TOTALLY TROLL POST!

[Fabulous-Flatworm997]

Up

0

Down

::

I think he bought a pre rigged ledger.

[Money_killer]

Up

0

Down

::

Never heard of a seed checker

[Brilliant_Tax1012]

Up

0

Down

::

Did you buy your ledger on the official website ?

[FroddoSaggins]

Up

0

Down

::

Never heard of or used a seed checker.

[Bubbly_Payment_5494]

Up

0

Down

::

Lmfao I have one question.. what and why the fuck would anyone ever need a seed phrase checker…sounds just like a credit card checker here gimme your numbers so I can check if it works for you…. sorry this happened to you, gotta be way more careful out there 🙏

[Candid-Register-6718]

Up

0

Down

::

Never heard of a seed checker app.
I don’t have it on my ledger … sounds rather suspicious

[Impstoker]

Up

0

Down

::

Soooo. When and where did you enter your seedphrase on your phone or pc?

[hepcat-6591]

Up

0

Down

::

Sounds like your issue is with that seed checker app, not Ledger.

[woody-alien]

Up

0

Down

::

Seed check app??? Pre-installed???
Does it exist?
Wasn’t it the mistake triggering the rest?

[woody-alien]

Up

0

Down

::

Man, I read your post and all your answers in this thread…
First of all, I’m really sorry for that…
Second, I guess you either got a tempered device or a fake ledger live…

[Matthews413]

Up

0

Down

::

Did your ledger come with a seed phrase or did you create one on first use?

[Environmental-Owl383]

Up

0

Down

::

I guess Ledger is not the culprit, but I never used that App.

With a fresh new seed, I restore my device and then recover the seed and see if first generated receiving address is the same.

[eM_aRe]

Up

0

Down

::

How did you have funds on the wallet before you even confirmed the seed phrase?

[loupiote2]

Up

0

Down

::

You somehow leaked your seed.

Eg took a photo of it with phone, ir saved it in computer or cloud etc.

[Autor]

Beiträge