Wurde mein Ledger kompromittiert?

[root_s2yse8vt]

Up

0

Down

::

Hallo zusammen, ich bin besorgt, dass mein Ledger kompromittiert worden sein könnte. Bei der Überprüfung meiner Transaktionen sind mir zahlreiche kleine Zahlungen in BUSD aufgefallen, die vor drei Tagen von meinem Ledger gesendet wurden, obwohl ich es in dieser Zeit nicht benutzt habe. Ich bin mir nicht sicher, woran das liegen könnte, und bitte um Unterstützung. Kann mir jemand dabei helfen, herauszufinden, was hier passiert und wie ich es verhindern kann? Gibt es außerdem eine Lösung, um zu verhindern, dass dies in Zukunft wieder geschieht?

[cheeb_ledger]

Up

0

Down

::

This type of activity would indicate a newer type of scam known as [address poisoning](https://support.ledger.com/hc/en-us/articles/8473509294365-Beware-of-address-poisoning-scams?docs=true). Thankfully, as long as you ignore these transactions, you and your funds should be absolutely safe, however you’ll want to **make sure that you** ***always*** **use the “receive” tab to generate your “receiving” addresses in Ledger Live.**

These types of scams rely upon the notion that users will copy and paste receiving addresses from their transaction history (instead of generating the address from the receive tab) and mistakenly send their funds to one of these foreign addresses. Scammers are getting crafty as well and getting these false, scam addresses to look **extremely** similar to the actual previously used addresses, and so simply checking the beginning and endings of the addresses aren’t a safe method.

You’ll want to make sure you generate the receiving address with the “receive” tab in Ledger Live and verify that the address matches **precisely** to what your physical Ledger device’s screen is showing – that is the address that you can trust.

You can’t always trust what your computer screen is showing you (as this can be tampered with), however you can always trust what your physical Ledger device’s screen shows you. This is also why you should always refer back to the physical Ledger device with respect to confirming that the generated address is indeed, absolutely correct.

I also wanted to mention, our most recent of Ledger Live 2.54.0 removed these “$0 value” transactions from the UI’s transaction histories, such that users won’t visually see these address poisoning transactions in their own tx histories, and ideally, mitigate the chances of these instances occurring.

[Here](https://www.ledger.com/ledger-live) is a link to our Ledger Live download tab as well (remember, Ledger Live will **NEVER** ask you for your 24 word recovery phrase, if you ever see this, then you know it’s a fake phishing scam).

[HolySurvivor]

Up

0

Down

::

Did the transactions actually send any BUSD away? Or were they „empty“ transactions. If they were empty, then its probably the new address poisoning scam that started appearing this year. I recommend googling it to learn more about it. Short form: Your assets are not at risk.
But if the transactions actually contained a BUSD amount, then yes, your wallet is definitely compromised.

[Yodel_And_Hodl_Mode]

Up

0

Down

::

In the entire history of wallets, a Ledger hardware wallet has never been successfully hacked. Your hardware is safe, which means if coins are being sent out of your wallet, your seed has been compromised.

So… **if your seed has been compromised,** where else have you used it?

When you first got a Ledger, did it assign you a random seed, or did you import (“restore”) a seed you already had?

Have you ever typed your seed into any device other than your Ledger hardware wallet? Did you type it on your Mac or PC? Did you enter it on an app on your phone or tablet?

MY ADVICE:

If you have doubts about the security of your seed, get your coins out of there, ASAP. Here’s how:

First, before doing anything, make sure you have your seed written down (and your passphrase if you use one, though make sure your passphrase isn’t stored where you wrote down your seed, because that’s not safe. Secure them in separate places).

Then:

Wipe out your Ledger hardware wallet and use it to create a new random seed. Write the new seed down.

Set up accounts for your coins at your new seed in Ledger Live.

Save a receiving address for every kind of coin! In other words, BTC, ETH, ADA, etc. These are the new addresses you’ll be sending your coins to.

When you’re done setting up the new seed and saving receiving addresses for your coins, wipe out your Ledger again, and restore your old seed. Send coins from the old seed to the new addresses for your new seed.

Finally, wipe out your Ledger hardware wallet one more time, and restore your new seed. Consider the old seed gone. Never use it again. From now on, only use your new seed.

Last but not least, secure your new seed by putting it somewhere safe. Perhaps in a safe. Never enter your new seed on any device other than your Ledger hardware wallet. Never type it on a phone, tablet, or desktop computer.

One last thing: Before doing any of this, you should consider whether or not you want to use a passphrase to further protect your coins. I’m a big fan of using a passphrase, but it’s advanced stuff, so only do it if you fully understand how to use your Ledger hardware wallet.

I wrote about how I set u a passphrase and confirm that it’s exactly right **[here](https://www.reddit.com/r/ledgerwallet/comments/wj3wf9/do_you_use_the_passphrase_on_ledger/ijfkdc9/)**.

[Autor]

Beiträge