Meine schlimmste Befürchtung – dass Gelder aus meiner Ledger-Wallet genommen werden, ohne dass ich auf mein Gerät zugreifen kann, ohne Zugriff auf meine Schlüssel, die komplett offline gehalten werden. $3K in ETH plötzlich weg. Wie ist das möglich?!!

[root_s2yse8vt]

Up

0

Down

::

\*UPDATE 1/18/2024 – Ich habe eine Antwort vom Ledger Support erhalten, leider ist mein Fall ein hoffnungsloser Fall –

Hallo,

Vielen Dank, dass Sie sich an den Ledger-Support gewandt haben. Mein Name ist Cindy und ich werde mich gerne um Ihr Anliegen kümmern.

Es tut mir sehr leid zu hören, dass Sie ohne Ihre Zustimmung Vermögenswerte von Ihren Konten transferiert bekommen haben.

Es gibt in der Regel drei Möglichkeiten, wie Gelder gestohlen werden können:

1. Ihre 24-Wörter-Wiederherstellungsphrase wurde möglicherweise missbraucht.
2. Sie könnten unwissentlich mit einem bösartigen Smart Contract interagiert haben.
3. Ihr Ledger-Gerät könnte von einer anderen Person benutzt worden sein.

Wenn Sie Guthaben auf einem Ihrer Ledger-Konten haben, die noch nicht übertragen wurden, empfehle ich Ihnen dringend, diese so schnell wie möglich zu transferieren. Sobald Sie Ihr Restguthaben übertragen haben, können Sie [reset](https://support.ledger.com/hc/en-us/articles/360017582434-Reset-to-factory-settings-?docs=true) Ihr Ledger-Gerät und [generate the new 24-word recovery phrase](https://support.ledger.com/hc/en-us/articles/6178949486109-Can-I-edit-or-change-my-24-word-recovery-phrase-?docs=true), so dass Sie Ihr Geld zurück an die Bank senden können. [newly created accounts](https://support.ledger.com/hc/en-us/articles/4404389482641-Add-your-accounts?docs=true) mit einer neuen 24 Wörter umfassenden Wiederherstellungsphrase.

Wenn diese Vermögenswerte ohne Ihre Erlaubnis und/oder gegen Ihren Willen in eine Wallet transferiert wurden, die Sie nicht kontrollieren, empfehle ich Ihnen dringend, eine Anzeige bei Ihren örtlichen Behörden einzureichen, da diese befugt sind, die Angelegenheit weiter zu prüfen.

Es gibt nichts, was Ledger speziell tun kann, um diese Vermögenswerte wiederzuerlangen und an Sie zurückzugeben, aber ich stehe Ihnen weiterhin als Ressource zur Verfügung, um Ihnen dabei zu helfen, herauszufinden, wie es dazu gekommen ist.

Ich möchte Ihnen helfen, sicherzustellen, dass so etwas nie wieder passiert, indem ich Ihnen einige Sicherheitstipps gebe [here](https://support.ledger.com/hc/en-us/articles/6747982542749-Best-safety-practices-Ledger?docs=true).

Ich empfehle auch die Durchsicht des Inhalts von [this article](https://support.ledger.com/hc/en-us/articles/7624842382621-Loss-of-funds?support=true) zu lesen, um besser zu verstehen, was passiert sein könnte und wie man vorgehen sollte.

Mein herzliches Beileid zu Ihrem Verlust.

Passen Sie auf sich auf,

CindyLedger Unterstützung

\————————————————————————————

Also schätze ich, dass ich an diesem Punkt herausfinden muss, bevor ich meinen Ledger ausmiste, indem ich meine beschissenen Münzen in ein anderes Gerät verschiebe. Seufz! 🙁

Danke an alle, die sich zu Wort gemeldet haben, ich muss noch viel lernen!

​

\———————————————————————————–

Meine schlimmste Befürchtung – jemand, der in der Lage ist, Gelder aus meiner Ledger-Wallet ohne meine Erlaubnis oder Autorisierung, ohne Zugriff auf mein Gerät und ohne Zugriff auf meine privaten Schlüssel, die vollständig offline gehalten werden, abzuheben. $3K in ETH sind plötzlich weg. Wie ist das möglich?!! Alles, was ich getan habe, war, meine verbleibenden BTC per Swap in ETH umzuwandeln, indem ich das CIC-Ding in meinem Ledger Live Desktop benutzt habe. Ich habe mich diesbezüglich an den Ledger-Support gewandt und warte auf eine Rückmeldung. Der CIC-Support hat sich bei mir gemeldet und sie sagen, dass es “fertig” ist, dass es für sie unmöglich ist, weil sie keinen Zugang zu meinen privaten Schlüsseln haben.

\——–

“Equipo de soporte

6:45 PM (2 hours ago)**📷📷📷**to me📷

Lieber Jaime,

Wir sehen, dass deine Transaktion abgeschlossen ist, hier ist der Hash:[https://etherscan.io/tx/0xf4d3fb677f423a92ecc206d11b1ffc4d3f937e6b044e1285af1abd8d6e1c5e59](https://etherscan.io/tx/0xf4d3fb677f423a92ecc206d11b1ffc4d3f937e6b044e1285af1abd8d6e1c5e59)

Was das Versenden von Ihrer Wallet angeht, ist es für uns technisch einfach nicht möglich, da wir keinen Zugang zu den privaten Schlüsseln Ihrer Wallet haben, das ist die Frage, die Sie Ihrem Ledger Support stellen müssen.”

\———

Wenn jemand von euch erfahrenen Ledger-Wallet-Inhabern (oder anderen Wallet-Inhabern) sich einmischen und mir helfen möchte, um zu verstehen, was möglicherweise passiert ist oder wo ich bei einem BTC-zu-ETH-Swap, den ich schon oft ohne Probleme durchgeführt habe, einen Fehler gemacht habe, hier ist mein Hashtag-Ding:

0xe9e606e4900ad31b7f53ad3cc28a51f9ea0bd7c8a9f4c4ba33c0f97a93eb75bb

Ich hatte meine ETH gestern Abend erhalten und habe heute Morgen wieder danach gesucht, >POOF!< Alles weg!!

Ich bin immer noch ein Neuling, aber Lektionen werden gelernt, während sie ziemlich teuer sein können. Verdammt.

Ich werde zurückkommen, um diesen Beitrag zu aktualisieren, in der Hoffnung auf ein positives Ergebnis, während ich heute Abend ein paar Gläser Whisky trinken werde. Seufz! 🙁

\—————————————-

Hey, nur ein trauriges und vielleicht beschämendes Update in der Zeit, in der ich meinen obigen Beitrag geschrieben habe – jemand in diesem Thread hat mich gerade auf etwas hingewiesen, dessen ich mir nicht bewusst war, und ich habe vielleicht unschuldig eine bösartige Transaktion “blind unterschrieben”. Ich erinnere mich nur daran, dass ich mit einem “Bitcoin-Mining”-Unternehmen zu tun hatte und vor einer Weile unschuldig etwas unterschrieben hatte. Es war mit dieser Firma: [https://www.firstpayonline.com/](https://www.firstpayonline.com/)

**INVESTIEREN SIE NICHT, MELDEN SIE SICH NICHT BEI IHNEN AN, JETZT WO MIR DAS PASSIERT IST!!!

Auch wenn es mich schmerzt, dies zu erkennen, war es vielleicht besser, dass mir dies jetzt passiert, als noch viel mehr Geld auf dem Weg zu verlieren. Während ich höre, dass der Ledger-Support mir vielleicht nie helfen wird, bin ich kurz davor, mein Ledger-Gerät als kompromittiert zu betrachten oder vielleicht kann ich mein Gerät zurücksetzen, um neue private Schlüssel zu generieren. Das ist verdammt beschissen, Mann. Leben und lernen, wie sie sagen.

[loupiote2]

Up

0

Down

::

You somehow leaked your seed phrase.

Last time we heard a similar story, the user typed their seed words on their computer to print it.

Often people take photos of the words.

[Ydn_RealWaldo]

Up

0

Down

::

Hey, not a lecture but just some tips and suggestions for how to delegate your security a bit better.

Rule number 1 for owning a ledger: DO NOT, I REPEAT. DOOO NOOOT use your ledger for anything other then cold storage!

Always, always, always delegate in a 3 wallet format.

#1 – Your cold storage/ your ledger: this is what you use to send and store your coins or tokens as your final destination wallet. No one will send money to this address. Only ever you. This wallet by no means AT ALL should EVER be connected to any smart contract, trading website, nothing, nada, zilcharooni..

#2 – Your hot wallet: this is the wallet that acts as your middle man delegation. In which interacts with your verified sources. OpenSea, etherscan, etc; your guaranteed verified as safe sources only.
This is also the account you transact with between peers/Other verified sources who you are comfortable with making those trades with only.

#3 – Your degenerate wallet: this is the wallet which ultimately WILL become a throwaway wallet if you don’t practice proper security. This last l
Wallet is where you can play risky, send money to, connect to anything you virtually want to. I’d still consider testing precaution but the less you hold on the account the better and less likely you’ll be targeted.

Best of luck in the future, I’m sorry to hear this happened to you and I feel you learned a pretty valuable lesson from this mistake.

[Possible_Ad_5738]

Up

0

Down

::

I bet you signed a malicious transaction (blind signing).

[No_Condition_3313]

Up

0

Down

::

Doesn’t happen without you messing up or being scammed out of your money. Sorry for your loss

[Zatouroffski]

Up

0

Down

::

FYI: Your native ETH tokens are withdrawn by a simple transfer action. This can only happen with someone accessing your key / seed. Signing a dapp or setting a spending allowance has nothing to do with transaction.

Next time when you are getting new seeds, also make sure you didn’t read it out loud or didn’t hover your seed paper near a device with a camera even if it’s turned off. Keep it like a government secret.

I’ve also sewn and waxed the ledger’s folded seed written paper I’m hiding and checking it from time to time just in case my wife wants to read it even if she doesn’t know what it does.

+ just leave some trash funds in your 24 word seed like 100-200 bucks and add a passphrase (don’t write the 25th word to paper) and put your main funds in it. So, if you notice someone withdraws your 200 bucks, you’ll know your seed is compromised but your funds in 25th word accounts will be safe.

[DailyUpsAndDowns]

Up

0

Down

::

Retrace every step you’ve ever taken with your Ledger and transactions. Somewhere along the way you were compromised. There’s usually a common culprit with others in the same situation. Phishing or dapps or approvals etc…

[Trip_seize]

Up

0

Down

::

This First Pay Online, are they the “Well Recognize Investment Bitcoin Platform”?

That site is so full of spelling/grammatical errors, the one I quoted was in the headline on the landing page. If I saw that for the fist time I would have clicked away INSTANTLY! Even if English isn’t your first language there are some very good tools to correct the mistakes. Heck, I’m sure you could even get someone on Fiverr give it the once over.

Maybe they put the spelling/grammatical errors there on purpose…

[jpochoag]

Up

0

Down

::

Instead of losing your key you could have signed a transaction that gave access to withdraw funds from your wallet.

Check revoke.cash for your public address and network to see if you had granted access to withdraw

[G0DL33]

Up

0

Down

::

Best practice IMO when playing with unknown protocols is to move play money to a hotwallet (metamask or the likes) and use that wallet to sign. That way if you are interacting with a malicious contract you only compromise that account and don’t lose all your savings. Your coldwallet should remain as cold as possible.

[Frosty-Log9470]

Up

0

Down

::

>How is this possible?!!

&#x200B;

>I may have innocently “blind signed” a malicious transaction

there you go. case closed

[k3vinz]

Up

0

Down

::

By the way you should keep in mind that there is also a glitch with ledger live where ETH deposit history is not shown. It’s been like this since dec 1,2023. Like I still can’t see the ETH I transferred back in December, but everything else I transferred like BTC and Solana was good.

[cryptojimmy8]

Up

0

Down

::

Ouch, sorry to hear that. That web page is though one of the scammiest I have seen. Also they write «BitCoin» and «Etherium». I’m happy to see you recognize your own mistake and contribute to others not doing the same mistake in the future

[faceof333]

Up

0

Down

::

Better do trading / swapping on exchange and then transfer to ledger.

Warning:

-Never enter your seed into anything except the Ledger device itself.

-Download / update ledger live software from official website only.

-Never use search engine to access ledger website.

-Ignore all messages in your inbox and mark them as spam.

-Never click links or install software from an e-mail.

-Never respond to someone request to download remote applications(Team viewer, anydesk and etc.)

-Always conduct a small amount test while sending or receiving your funds and verify that the correct wallet address was copied/pasted into address bracket.

-Verify your ledger live is authentic:

Comment
byu/faceof333 from discussion
inledgerwallet

-Legit ledger app:

https://apps.apple.com/us/app/ledger-live-crypto-nft-app/id1361671700

-Report scam to:

team-brand-protection@ledger.fr

https://scam-alert.io/

https://www.chainabuse.com/

https://www.ic3.gov/Home/ComplaintChoice

-LOSS OF FUNDS

https://support.ledger.com/hc/en-us/articles/7624842382621-Loss-of-funds?support=true

-How I Got Hacked:

[KIG45]

Up

0

Down

::

Have two separate accounts!

1.Passphrase protected account and only deposits and withdrawals on it!Exchange-Ledger…Ledger-Exchange!True cold wallet!

2.Another account on the same device secured only with your seed to use for staking!

3.Don’t use Ledger with dapps! The only smart contracts you interact with are the staking ones!

Do this and you will be safe!

[am_lop]

Up

0

Down

::

ADVICE: use your ledger just for hold. Don’t connect it anywhere. Easy!

[Theo_Ledger]

Up

0

Down

::

Hey, I’m sorry to hear you may have had assets transferred out of your accounts without your approval. Do you mind sharing your Ledger case number?

[poyoso]

Up

0

Down

::

These types of posts make my stomach turn and give me the literal shits for the day. Im sorry this happened to you OP.

[montauk87]

Up

0

Down

::

Genuinely sympathise with you. I know everyone is going to come out with the usual you must have leaked your seed phrase but maybe, just maybe there is something within ledger itself that’s being exploited.

I mean for years we were told the seed never left the device until ledger recover, in which case it suddenly was possible all along

[TraditionSufficient8]

Up

0

Down

::

Ledger says that ETH holdings are not showing in some people’s wallets. This is a known issue on their website

[[deleted]]

Up

0

Down

::

[deleted]

[Impressive-News-1600]

Up

0

Down

::

I don’t use ledger but I don’t understand how you can make a transaction on your wallet without exposing your private key as you need to go online and bring it out of cold storage to make a transaction out of the wallet.

[el_pezz]

Up

0

Down

::

The coins are not stored on your device. It’s stored on the block chain.

[bobbyv137]

Up

0

Down

::

Malicious contract.

[UpLeftUp]

Up

0

Down

::

Another Lesger user losing their money. And people will continue to encourage taking crypto off exchanges to self custody. At what point do we accept that it’s a failure and people need a safety net?

[pituitary_monster]

Up

0

Down

::

Even after your update, ths is still weird. Could you please ellaborate in what you “signed”? You signed with a btc address? Or an ETH smart contract?

[[deleted]]

Up

0

Down

::

[deleted]

[Party-Ad8832]

Up

0

Down

::

It seems that the whole “smart contracts” thing, whatever it even means, is a major weak point and can readily be used to scam people.

Every single time I hear someone getting scammed, it’s either smart contracts or they’ve written their seed somewhere else than physical paper using a manual pen.

[gurke999]

Up

0

Down

::

Totally 🤦

[MISTYFIER_115]

Up

0

Down

::

Just out of curiosity, how do people sign malicious contracts by accident, and how do I avoid this?

[fairysquirt]

Up

0

Down

::

what support? and did you update ledger live since exploit?

[franciskoG]

Up

0

Down

::

Remind Me! 1 day

[azsxdcfvg]

Up

0

Down

::

Did you digitize your seed in any way? Computer keyboard? Perhaps a photo?

[esobofh]

Up

0

Down

::

It is possible you have to import a different ETH account from your ledger?

I have several 0 balance accounts on my device that I can choose to import for some reason, so wondering if you just aren’t ‘displaying’ the right one?

I used the swap function just recently… to swap ETH -> BTC. for some time the transaction on changelly was showing “finished” but I had nothing in my ledger account for a while after that, it wasn’t until I looked the next day that it was there.

[Reccon0xe]

Up

0

Down

::

You didn’t use a passphrase, and/or a phishing scam

[[deleted]]

Up

0

Down

::

Are you blind signing when you are staking Casper on the Casper website? I stake it and use my ledger to sign transactions oy for that Casper account. Those crypto cannot move out of that staking position u less I use my ledger device to approve it

Is this blind signing as I do not understand this concept? Is it dangerous to link your hbar account to your ledger as it is the only way to safeguard my HBAR account via a cold wallet. Is this blind signing?

[kreakong]

Up

0

Down

::

Did you use Ledger to connect to dApps?

[dalkan11]

Up

0

Down

::

Does anybody know where you keep your seed phrase written down? Maybe it’s someone you know that got a ahold of it?

[Wazy129]

Up

0

Down

::

Same fr same

[Purple_Caregiver_705]

Up

0

Down

::

Dear Ledger users, I have using LIDO staking ETH from my Ledger wallet, now after reading of this stories regarding blind signed and so on, I really afraid when I need to withdraw my stETH back from LIDO, I can be scammed by signing something like bypassed app, etc. Is there any advise how to do it in a safe way? Thank you

[fly_eagles_fly]

Up

0

Down

::

FUTURE OF FINANCE!

[Glum-Departure-8912]

Up

0

Down

::

Just cause keys are offline does not mean they are inaccessible. Only you know where the seed is/was. Who could theoretically have accessed it since you created the backup? That group of people is where you need to look, assuming your seed did never have any sort of interaction with the internet.

[Autor]

Beiträge