Fonds STOLEN kurz nach der Verwendung der Seed Checker App – ist Ledger sicher?
Home › Foren › Ledger Wallet › Fonds STOLEN kurz nach der Verwendung der Seed Checker App – ist Ledger sicher?
- Dieses Thema hat 28 Antworten und 1 Teilnehmer, und wurde zuletzt aktualisiert vor 1 Jahr, 11 Monaten von loupiote2.
-
AutorBeiträge
-
-
6. Juni 2022 um 20:36 Uhr #882696root_s2yse8vtAdministrator::
Nur setzen diese da draußen, auch wenn meine Gelder sind jetzt für immer weg.
Am 15. April, kurz nachdem ich die App benutzt hatte, die überprüft, ob mein Seed korrekt ist, wurde mir mein gesamtes Geld aus meiner mit Ledger verbundenen Wallet gestohlen. Ich habe Anzeige bei der Polizei erstattet, und ein paar Redditoren konnten mir helfen. In der Wallet, an die das Geld geschickt wurde, befinden sich 4 Bitcoin. Ich habe 0,7 Bitcoin verloren.
Ist Ledger sicher? Ist es möglich, dass Ihr Seed, wenn Sie es in die App “Seed Recovery Check” eingeben, an einen privaten Server gesendet und böswillig verwendet wird?
Mein Ledger war per USB an meinen Laptop angeschlossen, der zu dem Zeitpunkt mit dem Internet verbunden war. Mir war nicht bewusst, dass man die App auch offline nutzen kann.
-
6. Juni 2022 um 20:36 Uhr #882697thomgloamsGast::
A moderator needs to clean this thread up. It’s going to confuse many people that aren’t familiar with every feature of a Ledger or how a Ledger works.
FACT: There IS a legit Ledger Live exclusive app called Recovery Check that can be installed ON TO YOUR LEDGER FROM LEDGER LIVE ONLY in the exact same way one would install the bitcoin app or Ethereum app. “App” refers to the apps approved by Ledger, only available from Live. THERE IS NO OTHER WAY TO INSTALL AN “APP” FROM SOMETHING LIKE GOOGLE PLAY STORE.
FACT: The ONLY way to install ANY LEDGER APPROVED APP is via Live Manager AND you must physically press both buttons when the device itself prompts you to allow Live to talk to the Ledger. This does NOT expose your private keys or recovery words to the internet or any other “hot” connection.
FACT: When you buy a legit Ledger no apps are preinstalled. PERIOD. It’s a blank slate. If there IS an app on it then the device was tampered with prior to you receiving it.
What this means is:
A) If the OP is CERTAIN that he set up the device with a fresh seed phrase that the device itself generated (not any seed words that came with the device or that were already loaded up before he received it) then we know OP at some point after installing the Bitcoin app installed the Recovery Check app.B) If OP received a device that was already set up with apps and a 24 word seed and did not reset it right there, and only recalled the 24 words via the Recovery checker app or found a pre written card in the box then OP has been compromised since then.
C) Regardless of A or B , Ledger Live Desktop also has a fail-safe that checks if the connected device is genuine. We do not know if the OP was aware of that or saw the msg that appears EVERY TIME YOU CONNECT that device is genuine. If it weren’t, it would have screamed at him in red letters and been totally obvious. If somehow that itself was tampered with then it would be a brand new, never before seen, active exploit of Ledger out in the wild. This is highly unlikely.
D) Everything could have been exactly correct, working as expected, brand new seed on legit device in 2020 up until today. Just because he used recovery checker and lost funds some time after that, does NOT prove it was a bad app. It could just be coincidence and OP is creating a Link that isn’t there. And maybe his 24 words were exposed by a user mistake or some person any time between 2020 and now.
Conclusion:
OP got a used device from day 1
and never reset the recovery phrase and somehow there was a malicious app or whatever piggy backed on the device. Then Live would have had to miss this and say device was genuine (which it very well could have been) There are too many things we don’t know from OP to even speculate what could have been done.
This is full of holesOP could be a troll. Because things don’t add up and it would be such a sophisticated attack, the first one, first time, first person for just 0.7 BTC? nope.
Likely outcome – OP compromised his recovery phrase by mistake like EVERY OTHER SUPPOSED HACK of a Ledger.
It’s Ochams Razor. It’s too far fetched that OP somehow got a bad Recovery Checker app on his device WHILE ALSO not being flagged by the Live device and firmware check that happens every time you connect. This would be catastrophic if it were true. It’s extremely unlikely.This is a troll or basic user mishandling of recovery phrase.
-
6. Juni 2022 um 20:36 Uhr #882698
-
6. Juni 2022 um 20:36 Uhr #882699
-
6. Juni 2022 um 20:36 Uhr #882700
-
6. Juni 2022 um 20:36 Uhr #882701
-
6. Juni 2022 um 20:36 Uhr #882702Tremulant1Gast
-
6. Juni 2022 um 20:36 Uhr #882703
-
6. Juni 2022 um 20:36 Uhr #882704
-
6. Juni 2022 um 20:36 Uhr #882705
-
6. Juni 2022 um 20:36 Uhr #882706
-
6. Juni 2022 um 20:36 Uhr #882707
-
6. Juni 2022 um 20:36 Uhr #882708
-
6. Juni 2022 um 20:36 Uhr #882709
-
6. Juni 2022 um 20:36 Uhr #882710
-
6. Juni 2022 um 20:36 Uhr #882711
-
6. Juni 2022 um 20:36 Uhr #882712
-
6. Juni 2022 um 20:36 Uhr #882713
-
6. Juni 2022 um 20:36 Uhr #882714
-
6. Juni 2022 um 20:36 Uhr #882715
-
6. Juni 2022 um 20:36 Uhr #882716
-
6. Juni 2022 um 20:36 Uhr #882717
-
6. Juni 2022 um 20:36 Uhr #882718
-
6. Juni 2022 um 20:36 Uhr #882719
-
6. Juni 2022 um 20:36 Uhr #882720
-
6. Juni 2022 um 20:36 Uhr #882721
-
6. Juni 2022 um 20:36 Uhr #882722
-
6. Juni 2022 um 20:36 Uhr #882723
-
6. Juni 2022 um 20:36 Uhr #882724
-
-
AutorBeiträge
- Du musst angemeldet sein, um auf dieses Thema antworten zu können.