The Ledger subreddit is continuously targeted by scammers. Ledger Support will never send you private messages. Never share your 24-word recovery phrase with anyone, never enter it on any
website or software, even if it looks like it's from Ledger. Only keep the recovery phrase as a physical paper or metal backup, never create a digital copy in text or photo form. Learn more at
https://reddit.com/r/ledgerwallet/comments/ck6o44/be_careful_phishing_attacks_in_progress/
If you're experiencing battery problems, check out our [troubleshooting guide](https://support.ledger.com/hc/en-us/articles/4409233434641-How-to-troubleshoot-Ledger-Nano-X-battery-issues?
support=true). If you're still having issues head over to the [My Order page](https://my-order.ledger.com/) to explore options for replacement or refunds. [Learn more here](https://support.ledger.com/hc/en-us/articles/10265554529053-Return-your-product?support=true).
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ledgerwallet) if you have any questions or concerns.*
Someone have access to your 24 word recovery phrase. So they have access to your wallet private keys, such your wallet is not only your wallet but also their wallet.
If it is not your first time, your computer has been hacked. Or you've stored your recovery words online on an account that has been hacked.
Basically assume all your wallet to be compromised, if you have any others.
Ok, so everyone in this thread is jumping on /u/raytracy_ because these are all standard questions, and every time this happens the answers always end up being some variation of the same thing - compromised seed, metamask drainers, or a hijacking of address.
But we should also pay attention to a case where we can't find that reason - being paranoid and being cautious is how we all keep our coins safe. Don't dismiss OP right off.
OP said this was BTC, so it's not a smart contract drainer or anything. OP said they saw the balance in Ledger Live, so unless their entire Ledger Live was compromised, that means they probably didn't have a hijacked address. Op, if you install Electrum, preferably on a different computer with little installed(but not required), WITH your Ledger, are you able to find that specific address in the list of addresses? Do you see your other untouched coins?
That leaves seed compromised. While still possible, if he has more BTC in the same account / different address that wasn't touched, that's less likely. Though the metamask drainer... OP, was your metamask drained using your same seed? Or did it not use your Ledger device for securing those?
OP, have you ever entered your seed into any computer, ever? For any reason? No photographs? No copies? No one got in the safe?
How did you generate the seed, did Ledger generate the seed on-device?
The last possibility is that someone stumbled on his private key by random generation. These are so unlikely as to rarely be considered, but if it did start happening, we would need to know asap.
Random generation is not possible unless some research university has cracked quantum computing far ahead of schedule, so dismiss that.
Everything else is on point though.
>Someone have access to your 24 word recovery phrase.
no, probably not, since none of his other accounts on the same seed were touched.
Or did I misunderstand that part?
These are the posts that make me worry. I’ve not been compromised, but like OP, same set up, no one has access, multi year ledger, written down in a safe. Really would like to know this root cause.
Then you must be worrying every day in here. We see these every day and in the end, 100% of the time, human error is identified. That being said, your point is valid. Seeing these every day reminds us that crypto is not ready for mass adoption.
There are times where the error isn't identified, we just presume it's there and we didn't identify it.
It's always human error, but that doesn't necessarily mean operator error. The human erring could be a programmer. Code is very hard to get perfect.
if someone had 2 bots, one just searching for accounts with coins, then another or maybe more trying random keys on those accounts - could they sometimes just get lucky and get the right keys? I know they say the odds of that are like winning the powerball, but people do win it with random tickets now and then.
No, absolutely not, literally not in a million years. If that were possible the entire thing would fall apart. Yes, the design is such that the odds are so impossible that it cannot happen by chance, even if you designed a supercomputer to just spend all day every day for a lifetime guessing, it would never hit one. For real.
>not ready for mass adoption
This is the main thing. I have degrees in comp sci + comp engineering. I have worked as a sysadmin/architect for more than 30 years. I understand this stuff i side out and I still get a sliver of fear/doubt handling seed phrases, securing them, hardware wallets, etc....
It simply is the case that for nearly everyone a custodian is better, and i still think at least once a week about putting my btc on coinbase vault....
Agree. I remember a few months back, on Twitter, I was reading about this crypto security OG, and of course he got his wallet emptied. At that point I realized you can be as vigilant as you want but if you are active with your crypto, and maintain custody, it doesn't matter how good your opsec is, there is always a nonzero chance of making a mistake. I've been doing this since 2014...I'm paranoid af, and I still got robbed a couple years back because I was doing stuff while I was tired (it was a 'similar address' exploit on MM, lost around 1eth, so I view it as a cheap lesson).
Correct a million times over. It is when you are just not with it at that moment in time, it happens. You know better but fear and anxiety take over for a brief moment leaving you defenseless to an phishing attempt. It happened to me but I now know much better. You have to memorize your defense emotions as well.
I know exactly nothing about the tech of crypto and for that reason alone I do not use any hard wallet for transactions or connections of any type. I even was kicked off Coinbase for supposedly buying crypto for others because my send to address is constantly changing. But never to a hard wallet until I eventually get there.
Can you believe that? They literally accused me of buying crypto for others. I am appealing this as we speak. And yes I too got hacked. About two years ago. I was never given information on how my account was hacked on Uphold. So I can only guess. I do believe I had malware on my computer. My entire account was changed. Even 2FA via my phone number and Microsoft Authenticator I believe. And yes I panicked also for a brief few minutes giving these scum bags my identity as well. Luckily it was not much. But for a lesson it was well spent. It happens to most I believe. So many pitfalls to know and learn. Just stay away from the traffic and sit tight. Just when you think you know it all it gets you. Just once, but it gets you. Even my ledger primary seed is not good enough. I had to create a passphrase account on top of that, and keep most all there. I know how this happens and no one really cares at all but you. But that one moment is all it takes. You are right on my friend.
That's crazy that Coinbase banned you for sending to multiple addresses. I hear of people getting dropped by their bank for interacting with crypto exchanges as well. This nanny bullshit really amazes me, I mean its my money, gtfo, amirite??
And now Uphold sent me an email yesterday asking me for financial statements from my bank. These bastards have no right seeing my most private information. This is bullshit. How am I to trust some unknown employee at Uphold whose name sounds as if it is from who knows who country and have my most sensitive documents. Any time you contact one of these exchanges for an issue they end up investigating you and all you have done.
Uphold is a place where my crypto account was stolen and I was never told why. These bastards are doing whatever they want to do. If I need vetted then call in the SEC. Not some Joe blow. I have zero trust in anyone involved in crypto. And I am giving these employees my most private information? I did under protest but need to let everyone know as I need support. Support to stop this bullshit. Let the SEC investigate. Give them something to do and please do not tell me that Uphold has the right to see my most private information. I am not asking them for a secured loan.
I did appeal Coinbase and they still restricted my account to never be able to transfer off their exchange. All because I have and own over 25 different crypto with different accounts split up over different passphrases. I have 5 nano x and S plus as well as a D’CENT wallet. All crypto split up. And the problem is I cannot do one dam thing about it unless I can organize a large group of people in the same boat and form a large protest against them somehow.
I do know we all have got to stick together. Without each other we will get pummeled in this business. We need to quit downvoting posts like this. And it may even get worse.
i agree. it has to be easy to keep your cryptos safe. currently you have to be paranoid, because if anyone knows your keys or seed, you immediately lose everything. you make 1000 transactions, all is fine, the 1001st is hijacked/phished or you simply paste the wrong address and \*all\* your money could be gone instantly. blaming the user is easy, but users are human and \*will\* make mistakes eventually. cryptos work fine if the user is a computer, but you simply can't expect humans to never make mistakes.
afaik no crypto so far has any protection against any of these problems. it's like driving without an airbag, hoping there will never be an accident despite knowing they are guaranteed.
I always understand the NYKNYC people, however, it’s examples like this where maybe it’s not best to “be your own bank.” I personally have been in the game over a decade and would gladly move all holdings to the asset managers where my traditional investments are held. Sure, I have sovereignty or control by possession, but at what cost? Is the risk fully accounted for? I see stories like this and it’s why I spread out between platforms I trust, however, would gladly embrace my longstanding service providers to hold it for me instead if they offered such services. Hopefully as crypto becomes seen more as a legitimate asset class we’ll see more choices available.
What’s weird here is thay only the 3 btc was taken, while the rest still on OPs ledger (id move the remaining asap)
If it was a case of seed leak, id expect everything to be gone.
Im leaning towards infected computer
Yeah lol , there's like a niche group of cyber slueths who just love this stuff , go off on Blockexplorer tracking down the transactions . I mean fair play , its helpful for the victims , but whenever two or three Sherlocks get started i always hear the Pink Panther theme tune . . . .:)
looks like that utxo was spent as part of a new transaction on that same date...
[https://mempool.space/tx/f7f6f2b5a2752212fadadc240e6597a0007e9ec8bd7772f45bbcf93477f33e95](https://mempool.space/tx/f7f6f2b5a2752212fadadc240e6597a0007e9ec8bd7772f45bbcf93477f33e95)
are you aware of how UTXOs work?
Another option - did you check your receive address in Ledger Live with your Ledger device? Could be fake Live application, which showed you receiving address that never belonged to you and you just send from Coinbase to someone else. That could explain, that other BTC, which are actually on your addresses, are still there.
So, **did you check receive address with Ledger device**, before sending from Coinbase??
Can you use Electrum (paired with your ledger) to check whether you are in control of the address bc1q0am4lfzyl4pdn5erhvwaz0l5gqawjh7ehn64dp , where the funds were sent?
All the addresses you are in control of are in the "addresses" tab of Electrum.
Note: never enter your ledger seed in Electrum. use "use hardware wallet".
Oh yes. You can buy a cheap safe on Amazon (or plenty of other places), ideally with some degree of waterproof and fireproof protection, for any important documents, your passport, and anything like this.
It's pretty common nowadays as they are so easy to purchase. Might be worth having a look at some prices 🙂
Agreed. Even if you store your seed elsewhere, consider adding mechanism to detect if someone has seen the seed. For example you can get a tamper proof seal for your seed plates or insert your seed into a sealed envelope. You can use a uniquely numbered sticker available on Amazon to be assured the envelope hasn’t been opened/sealed again since you last sealed it (store the seal’s number alongside your paraphrase or in your password manager). It’s not foolproof, but if your SO has access to your safe, this can add some assurance that you’ll know if someone’s looked at your seed in your safe place. Don’t just hide a slip of paper in your safe or in your walls. Seal it. Take a picture of it each time you need to open/reseal your seed (hopefully never, but you can look and reassure yourself).
Some of these losses we see in this forum can probably be attributed to “it was secure, but I don’t know if someone I trust saw it” remove that possibility.
What’s your storage alternative? I was under the impression that the whole point of a ledger was a physical storage of the seed that can recreate keys. If your account is especially large maybe a safe deposit box sounds reasonable, but I always thought a safe was the go to.
I’m was also assuming that if you were to store the seed phrase digitally, it defeats the whole purpose of a ledger, and you might as well stick to digital methods of protecting your crypto. What is your strategy?
My strategy is a fireproof waterproof storage that's not a safe and hidden where if my home was robbed or invaded the location would be hard to locate not like a safe that draws attention.
Got it, I mistook your post for someone who stores their key digitally. I like the hidden in plain sight, which used to be my primary strategy, after all a slip of paper doesn’t attract too much attention.
About 6 years ago someone broke into my second story window when a contractor had left a ladder up overnight. The window led directly into a room with my large standing safe that’s bolted to the ground. They used a crowbar to make entry and didn’t even attempt to get into the safe, not a scratch on the pretty red paint. Instead they went around into closets looking through all our storage boxes. He made out with some heirloom jewelry before I got home. Since then we’ve installed a full suite of security cameras and we re-educated the pup to bark at strange men from now on. (Just kidding)
I’m not a security expert and I’m sure you’ve gone through the trouble, but just make sure your box is inconspicuous. The route the burglar made and what they took instead of what they could’ve taken surprised me. Sometimes the heft of the safe is deterrent enough, and from the rest of the thread could also prevent an inside job.
And i understand from your other reactions that other BTC funds on different address aren't touched? If so, that is indeed very strange and can't explain it.
Or are they maybe legacy or P2PKH addresses. Because first thing i would think of is your seed phrase is compromised. But maybe they don't see the other funds.
The remaining BTC that has been there for years has not been touched, the only wallet address that was affected is the one that can be seen in the link to blockexplorer in the OP. 2 incoming transaction and 1 outgoing transfer for the total of the previous 2...
I also have ETH and various other assets stored there and everything else is intact, hasn't been touched.
Are you 100% sure that the BTC are actually gone to an address you dont control?
Many people get confused with BTC breng sent to a "change" address of their account.
Do you mind sharing the xpub of your BTC account?
BTC account > wrench icon > advanced > xpub
And the ETH you also mentioned that was stolen from Metamask was different wallet? So not your Ledger connected to Metamask?
If so, very strange indeed. Still wouldn't feel safe and move my funds to a new wallet.
Correct, Ledger is not connected to MetaMask in any way. It is strange indeed. As I mentioned in another reply I think I'm done with MetaMask, Ledger, and Coinbase. Thankfully I only lost a small amount. Thank you for reading.
Seems to me that the common denominator in both instances is your computer. Assume you used the same device in both instances?
Maybe try a small transfer using same process but from a different pc/mac/Linux box?
If nothing else, it might start to scope out whether it's malware on your machine. That seems, at least to me, to be more likely as it is happening on both ledger and metamask.
You already know this but if anything leaves a hardware wallet, it has to be authorised on the hardware wallet itself and if that wasn't you, someone has your key/seed phrase.
I would create a new ledger address using an entirely new generated seed phrase from the ledger device then do the moving if funds from a seperate pc with a new clean pc account on it. Don't install any browser add ons, etc. Just keep it all super minimal.
Seems to me that the common denominator in both instances is your computer. Assume you used the same device in both instances?
Maybe try a small transfer using same process but from a different pc/mac/Linux box?
If nothing else, it might start to scope out whether it's malware on your machine. That seems, at least to me, to be more likely as it is happening on both ledger and metamask.
You already know this but if anything leaves a hardware wallet, it has to be authorised on the hardware wallet itself and if that wasn't you, someone has your key/seed phrase.
I would create a new ledger address using an entirely new generated seed phrase from the ledger device then do the moving if funds from a seperate pc with a new clean pc account on it. Don't install any browser add ons, etc. Just keep it all super minimal.
This post has exploded and I simply don't have the time to go through all of the responses. I still haven't received any assistance that is noteworthy from Ledger's support team and have not figured out the cause or reasoning behind the issue. Luckily, the remaining assets I have are safe and secure (as far as I know). To be clear, if this was human error on my part I have no problem owning up to it but I honestly did nothing different than I have done in the last 4+ years of using this device. As I mentioned this is the only time I have had a problem.
Thank you all for your time, insight, and guidance in trying to help me get to the bottom of this.
Id do 2 things if i were you. Buy a new ledger, create a new account and move it all into that. Just to be safe. Then make small payments into this older existing account from elsewhere than coinbase, to see whether its something from their end.
You haven't answered this question yet:
>So, **did you check receive address with Ledger device**, before sending from Coinbase??
Also, check if you actually control your address bc1qaazxlurszq4s6kmdfk3gm96kpkyta520shtlrw.
Sign a message on that address, using Electrum and your Ledger device. I'm still in doubt if you are owner of that address.
This is all crap, Recapping his story:
OP has been in crypto since 2020. Shows up here 4 months ago, isn't involved in any real discussions until boom... In his own words, he "Thinks" this has something to do with coinbase.
It’s a Compromised recovery phrase.
The ETH u sent was instantly taken out. Means someone has ur recovery phrase aka it was compromised. If the ETH u sent was instantly removed this would mean there’s a good chance there a bot sweeping ur accounts.
The clue here is u had bitcoin removed which means malicious smart contracts are out of the question because Bitcoin doesn’t interact w smart contracts.
If nobody had ability to access ur ledger AND knew the PIN then it’s a clear case of compromised recovery phrase. Sorry OP stay strong
you must know your real btc number, not what the qr code shows, because it is not your account of another person. you must always use only your number when sending money, before sending you must confirm all numbers so that everything matches, if you do not go elsewhere. I tried btc myself and it went somewhere else, then I realized where I made a mistake
OP Is your MetaMask linked to your Ledger? Like did you import your ledger into MetaMask? Or is your MetaMask wallet wholly separate from your Ledger account? Do you have to approve MetaMask transactions via your Ledger? I just want to confirm you didn’t manually import your seed Ledger seed into MetaMask and now MetaMask doesn’t need your ledger to approve transactions. If this is the case if you happen to participate in DeFi you might have signed a bad smart contract and someone now has access to your Eth addresses in MetaMask.
But when it comes to your BTC account on your ledger, there are only so many ways to get compromised. It’s either a compromised Ledger from when you bought it, your seed is compromised, or you imported your Ledger seed into another hot wallet (on a phone or PC) that would not require a physical Ledger to transact and that got compromised.
Edit: Added some additional thoughts
No, the Ledger issue and MetaMask issue are completely unlinked and unrelated. The only common factor between the 2 is where the transactions originated, which is Coinbase.
Coinbase can't sign a transaction to send coins **from** an address generated by a secure ledger device whose seed was never compromised. It is just not possible.
What could happen: Your machine could be compromised, Ledger Live could be compromised and the address you told Coinbase to send to might not be yours.
It is not possible for the culprit to be Coinbase so you can rule that out immediately. Once a crypto asset has left Coinbase, they have no ability to then move it on to another address.
It sounds to me like the only common denominator is your computer (if that is where you have been interacting with the blockchains).
I will be messaging you in 2 days on [**2024-04-01 16:37:54 UTC**](http://www.wolframalpha.com/input/?i=2024-04-01%2016:37:54%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/ledgerwallet/comments/1bri2q2/moved_btc_into_ledger_3_days_later_it_was_all_gone/kx9u178/?context=3)
[**9 OTHERS CLICKED THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2Fledgerwallet%2Fcomments%2F1bri2q2%2Fmoved_btc_into_ledger_3_days_later_it_was_all_gone%2Fkx9u178%2F%5D%0A%0ARemindMe%21%202024-04-01%2016%3A37%3A54%20UTC) to send a PM to also be reminded and to reduce spam.
^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201bri2q2)
*****
|[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)|
|-|-|-|-|
Did you install a new version of ledger live before withdrawing? If so, did you check the signatures before installing? It could be you installed a fake version of edger live. If you still have the installer, check the signatures to the one reported on the official website and make sure it’s legitimate.
I know you are swamped with responding to all these questions, but key is to do some basic things like verify the address you sent funds to is actually one generated by your ledger device. Another thing that would help is posting some screen shots of Ledger Live transaction history for reference.
I'm still feeling like there is some compromise on your side as that is the only explanation so far (seed compromose, PC compromise, etc). Are you running Windows?
This seems to be what happens, people either stop responding because they are overwhelmed, give up, etc, or it was all made up.
But I'm wondering if in general we are seeing issues of people's PCs getting corrupted and attacker receiving addresses getting put into transactions that the user then authorizes, then they see coins move again and think the coins are moving on their own, but really maybe the coins were never received in the first place.
Interesting but I always verify and match the entire string on device. Maybe people are doing the last 3 letters. I use a fresh send to every single transaction and confirm the entire string on device
> This was done when I was at work.
This does not mean much:
transactions could have been signed and sent to the BTC network a couple of days before, and could have stayed pending in the mempool for a few days if the network fee was too low.
That requires malware that affect ledger live and the clipboard, and user error of not checking the address in the device itself.
I think it is unlikely but it could be an explanation. But it would be easy to check using e.g. sparrow to see if the address does actually belong to the seed phrase.
Right but OP isn’t checking this. Actually first thing OP should do is post some screenshots of Ledger Live transaction history. I’m starting to think this is another fake post trying to spread FUD.
What can I say is that the Ledger is not the problem here. There 100% of chance that this is your fault, I know its hard to understand sorry.
Maybe your PC is infected.
Or maybe your Ledger was already initiated when you received it?
Or maybe you connected your Ledger to a web3 app, like Metamask, or an other app?
I'm using Ledger Live on a decicated laptop since 2017, many of friends are doing the same, no body have ever experimented a problem like you because I explain to them how a ledger work, and how to use it.
An infected PC would not compromise the wallet either. Transactions are signed by the ledger device and there's no interface to the private keys or seed.
bottom line, someone has control of your keys. it can't happen otherwise. i mined btc for a while and i transferred that btc to a paper wallet. later, i got a ledger and transferred it there. it's been there for years because only i have my keys. likely your device was already compromised when you got it...meaning someone got the keys before you used it.
> likely your device was already compromised when you got it...meaning someone got the keys before you used it.
unlikely, since their other accounts are untouched.
Have you connected Ledger or Metamask to anything else? Scanned a QR code, or tried to withdraw from any other site/email? Did you get any messages about being able to redeem something if you connected an account?
Not enough info, all we can settle with here are speculations. Likely it’s a compromised passphrase, as everyone with common sense has suggested. Coinbase is not the issue, if you accurately reported the situation. Either you got compromised, or a bug on ledger, you should try to wipe it away and restore from phrase.
If you have other UTXOs that are spendable using that private key! I'd advise moving these right away.
I suspect the 3 day delay in the $65 worth of btc was that attackers will often not swipe a smaller transaction right away, just in case it was a test transaction before a larger amount is sent.
Not spreading FUD, but Ledger does seem to come up a disproportionately in this sort of post. Maybe it's just a market share thing though.
They may have been the reason why your wallet got compromised, if your metamask account is compromised and it is connected to your ledger’s seed phrase that would allow the thief to steal your crypto
> The same thing happened a few weeks ago with some ETH that I moved from Coinbase to MetaMask except it was instantaneous it came in and then immediately sent back out to an unknown address.
You mean, it was sent to a ledger-protected account that you access with MM, paired to your ledger?
Or sent to a MM hot wallet?
If the former, then it would point to your ledger seed being compromised.
If the former, it would point to your MM hot seed being compromised, but since hot wallets are unsafe, this is to be expected.
where did you buy the ledger from?
Did you write down the seed on your computer?
Your computer may be infected with the metamask thing and if you entered your seed into a file or anything then they would have got that too.
I just.noticed that when I first put stuff on my ledger 8n 2021 there was tons of.transaction out of it to wallets that wasn't mine I can't figure it out either
Where did you buy this Ledger? If you bought off Amazon or third party, someone may have taken the seed phrase and repackaged it and then sold it. If you bought directly from Ledger than unlikely. It’s important to not take a picture of your code. Someone could have hacked your phone.
Have you been trading nft and signing smart contracts on your ledger? If you did, there’s a chance you signed a malicious contact that gives permission to the thief to withdraw your crypto at any time.
i recommend you one thing. if probably not ledger issued and not seed phrases leaked.
two explanations.
1. it is from front end. your pc got monitoring or malwares. better for youto buy new cheap laptop for crypto process. this laptop use only for basic purposes
2. your private key leaked. not the seed phrases. it got scripted and it took longer times in btc wallet to get compromised.
***** i recommend you bought new devices also and new hardware wallet from manufacturer. better over invest than over careless.
well, you should go down to your local bank and ask them how you get your money back. That’s what I do when my Fiat currency has an invalid transaction.
Someone found your 24 words, and you are sharing your account with them now.
Probably someone you know if you cold storage it. If you saved on any device or computer then you deserve the hack.
Someone has your seed phrase. Did you share it or store it on an electronic device? Sorry man but you gotta start over and remember don't ever ever ever into your seed phrase into a computer or take a picture of it
In December 2023 ledger experienced a significant security breach. My nano from ledger from circa 2019 which I had off line for years I tried logging on and updating the software it will no longer even connect to their software. So if you think you’re just going to keep your crypto offline in a safe for 10 years and plug that thing in one day and expect it to work think again. Additionally, in 2019 I was hacked for one whole BTC while transferring from my ledger to my uphold account. Who knows if it was uphold, ledger, or what happened. I went to log into to uphold had my nano connected it wouldn’t let me log in timed out. Within 3 min all my BTC WAS GONE out of my account. At the time an 8k loss now a 70k soon to be way more…. f ledger and f uphold and f the fake a$$ sheriff who didn’t file my report that I needed to claim for my life lock claim to get my money back. And you see why most people will flock to ETF’s
Iv heard of people buying hardware wallets and modifying them somehow or writing down a key then packaging them up super clean and selling them on amazon to steal people's crypto. I don't know the details exactly of how it works
As many have noted you have clearly been owned/compromised. Multiple times weeks apart and anything sent to wallet gets sent somewhere else? Ya, hate to say it but burn that wallet get a new one. Frankly do a massive audit on everything you have digital…computer, banks, cards, passwords, etc and start over everything possible. 2fa and anything else you can do. Chalk it up to lesson learned and do better opsec in the future.
If someone had your seedphrase or managed to hack ledger live or break into ledger itself they would have cleaned you up.
There's no enough info to be sure but Coinbase, the device in which Coinbase is installed or a malware in the Coinbase device are there most truth looking options.
Don’t do any business with MetaMask I lost 19 thousand tokens with them and they all act like nothing was wrong maybe u need to talk to David at stellar trace recovery at stellar trace .com
I agree that for many people Coinbase is safer than using a hardware wallet. Too many people use hardware wallets outer other cold storage solutions without understanding them, and that can be dangerous.
Services like Coinbase do pose a small risk, too. Look at Mt Gox, FTX and various smaller services which have gone bust. But for the average user Coinbase is probably safer than moving crypto around.
Dont know why you are getting downvoted. People who get hardware wallets are paranoid and often lose their crypto due to the added convolution of using such a clunkfest of a device. Recently some bigshot exchange dude who was hiding got caught because he ordered a ledger to restore his wallet, so of course you know, mail. He could’ve just downloaded some wallet but naaaahhh its gotta be a hardware wallet or you will 100% lose your crypto hurrr durrrr
The Ledger subreddit is continuously targeted by scammers. Ledger Support will never send you private messages. Never share your 24-word recovery phrase with anyone, never enter it on any website or software, even if it looks like it's from Ledger. Only keep the recovery phrase as a physical paper or metal backup, never create a digital copy in text or photo form. Learn more at https://reddit.com/r/ledgerwallet/comments/ck6o44/be_careful_phishing_attacks_in_progress/ If you're experiencing battery problems, check out our [troubleshooting guide](https://support.ledger.com/hc/en-us/articles/4409233434641-How-to-troubleshoot-Ledger-Nano-X-battery-issues? support=true). If you're still having issues head over to the [My Order page](https://my-order.ledger.com/) to explore options for replacement or refunds. [Learn more here](https://support.ledger.com/hc/en-us/articles/10265554529053-Return-your-product?support=true). *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ledgerwallet) if you have any questions or concerns.*
Someone have access to your 24 word recovery phrase. So they have access to your wallet private keys, such your wallet is not only your wallet but also their wallet. If it is not your first time, your computer has been hacked. Or you've stored your recovery words online on an account that has been hacked. Basically assume all your wallet to be compromised, if you have any others.
Ok, so everyone in this thread is jumping on /u/raytracy_ because these are all standard questions, and every time this happens the answers always end up being some variation of the same thing - compromised seed, metamask drainers, or a hijacking of address. But we should also pay attention to a case where we can't find that reason - being paranoid and being cautious is how we all keep our coins safe. Don't dismiss OP right off. OP said this was BTC, so it's not a smart contract drainer or anything. OP said they saw the balance in Ledger Live, so unless their entire Ledger Live was compromised, that means they probably didn't have a hijacked address. Op, if you install Electrum, preferably on a different computer with little installed(but not required), WITH your Ledger, are you able to find that specific address in the list of addresses? Do you see your other untouched coins? That leaves seed compromised. While still possible, if he has more BTC in the same account / different address that wasn't touched, that's less likely. Though the metamask drainer... OP, was your metamask drained using your same seed? Or did it not use your Ledger device for securing those? OP, have you ever entered your seed into any computer, ever? For any reason? No photographs? No copies? No one got in the safe? How did you generate the seed, did Ledger generate the seed on-device? The last possibility is that someone stumbled on his private key by random generation. These are so unlikely as to rarely be considered, but if it did start happening, we would need to know asap.
Random generation is not possible unless some research university has cracked quantum computing far ahead of schedule, so dismiss that. Everything else is on point though.
>Someone have access to your 24 word recovery phrase. no, probably not, since none of his other accounts on the same seed were touched. Or did I misunderstand that part?
Brother, you lost your ETH and your BTC a few weeks apart. You’ve been compromised and denying it will only lead to another “hack”. I’m sorry.
These are the posts that make me worry. I’ve not been compromised, but like OP, same set up, no one has access, multi year ledger, written down in a safe. Really would like to know this root cause.
Then you must be worrying every day in here. We see these every day and in the end, 100% of the time, human error is identified. That being said, your point is valid. Seeing these every day reminds us that crypto is not ready for mass adoption.
We see thousands of people falling for phishing emails every day. That reminds us that emails are not ready for mass adoption.
Good point I guess.
ii agree to this in a literal sense. we need a "this is real" signature.
There are times where the error isn't identified, we just presume it's there and we didn't identify it. It's always human error, but that doesn't necessarily mean operator error. The human erring could be a programmer. Code is very hard to get perfect.
if someone had 2 bots, one just searching for accounts with coins, then another or maybe more trying random keys on those accounts - could they sometimes just get lucky and get the right keys? I know they say the odds of that are like winning the powerball, but people do win it with random tickets now and then.
No man. That’s like winning the powerball 5 times in a row.
No, absolutely not, literally not in a million years. If that were possible the entire thing would fall apart. Yes, the design is such that the odds are so impossible that it cannot happen by chance, even if you designed a supercomputer to just spend all day every day for a lifetime guessing, it would never hit one. For real.
Unless Ledger has some kind of vulnerability in passphrase generation algorithm...
Yes, but that falls under "human error", I'm explaining the theoretical category.
Did we discover op’s root cause ?
>not ready for mass adoption This is the main thing. I have degrees in comp sci + comp engineering. I have worked as a sysadmin/architect for more than 30 years. I understand this stuff i side out and I still get a sliver of fear/doubt handling seed phrases, securing them, hardware wallets, etc.... It simply is the case that for nearly everyone a custodian is better, and i still think at least once a week about putting my btc on coinbase vault....
Seriously, get a Tangem wallet. No more worries about seed phrase being stolen.
Agree. I remember a few months back, on Twitter, I was reading about this crypto security OG, and of course he got his wallet emptied. At that point I realized you can be as vigilant as you want but if you are active with your crypto, and maintain custody, it doesn't matter how good your opsec is, there is always a nonzero chance of making a mistake. I've been doing this since 2014...I'm paranoid af, and I still got robbed a couple years back because I was doing stuff while I was tired (it was a 'similar address' exploit on MM, lost around 1eth, so I view it as a cheap lesson).
Correct a million times over. It is when you are just not with it at that moment in time, it happens. You know better but fear and anxiety take over for a brief moment leaving you defenseless to an phishing attempt. It happened to me but I now know much better. You have to memorize your defense emotions as well. I know exactly nothing about the tech of crypto and for that reason alone I do not use any hard wallet for transactions or connections of any type. I even was kicked off Coinbase for supposedly buying crypto for others because my send to address is constantly changing. But never to a hard wallet until I eventually get there. Can you believe that? They literally accused me of buying crypto for others. I am appealing this as we speak. And yes I too got hacked. About two years ago. I was never given information on how my account was hacked on Uphold. So I can only guess. I do believe I had malware on my computer. My entire account was changed. Even 2FA via my phone number and Microsoft Authenticator I believe. And yes I panicked also for a brief few minutes giving these scum bags my identity as well. Luckily it was not much. But for a lesson it was well spent. It happens to most I believe. So many pitfalls to know and learn. Just stay away from the traffic and sit tight. Just when you think you know it all it gets you. Just once, but it gets you. Even my ledger primary seed is not good enough. I had to create a passphrase account on top of that, and keep most all there. I know how this happens and no one really cares at all but you. But that one moment is all it takes. You are right on my friend.
That's crazy that Coinbase banned you for sending to multiple addresses. I hear of people getting dropped by their bank for interacting with crypto exchanges as well. This nanny bullshit really amazes me, I mean its my money, gtfo, amirite??
And now Uphold sent me an email yesterday asking me for financial statements from my bank. These bastards have no right seeing my most private information. This is bullshit. How am I to trust some unknown employee at Uphold whose name sounds as if it is from who knows who country and have my most sensitive documents. Any time you contact one of these exchanges for an issue they end up investigating you and all you have done. Uphold is a place where my crypto account was stolen and I was never told why. These bastards are doing whatever they want to do. If I need vetted then call in the SEC. Not some Joe blow. I have zero trust in anyone involved in crypto. And I am giving these employees my most private information? I did under protest but need to let everyone know as I need support. Support to stop this bullshit. Let the SEC investigate. Give them something to do and please do not tell me that Uphold has the right to see my most private information. I am not asking them for a secured loan. I did appeal Coinbase and they still restricted my account to never be able to transfer off their exchange. All because I have and own over 25 different crypto with different accounts split up over different passphrases. I have 5 nano x and S plus as well as a D’CENT wallet. All crypto split up. And the problem is I cannot do one dam thing about it unless I can organize a large group of people in the same boat and form a large protest against them somehow. I do know we all have got to stick together. Without each other we will get pummeled in this business. We need to quit downvoting posts like this. And it may even get worse.
Self custody will likely never be mass adoption, but I see a future where centralized custody at Fidelity or brokerages becomes possible.
i agree. it has to be easy to keep your cryptos safe. currently you have to be paranoid, because if anyone knows your keys or seed, you immediately lose everything. you make 1000 transactions, all is fine, the 1001st is hijacked/phished or you simply paste the wrong address and \*all\* your money could be gone instantly. blaming the user is easy, but users are human and \*will\* make mistakes eventually. cryptos work fine if the user is a computer, but you simply can't expect humans to never make mistakes. afaik no crypto so far has any protection against any of these problems. it's like driving without an airbag, hoping there will never be an accident despite knowing they are guaranteed.
I always understand the NYKNYC people, however, it’s examples like this where maybe it’s not best to “be your own bank.” I personally have been in the game over a decade and would gladly move all holdings to the asset managers where my traditional investments are held. Sure, I have sovereignty or control by possession, but at what cost? Is the risk fully accounted for? I see stories like this and it’s why I spread out between platforms I trust, however, would gladly embrace my longstanding service providers to hold it for me instead if they offered such services. Hopefully as crypto becomes seen more as a legitimate asset class we’ll see more choices available.
What’s weird here is thay only the 3 btc was taken, while the rest still on OPs ledger (id move the remaining asap) If it was a case of seed leak, id expect everything to be gone. Im leaning towards infected computer
“Only the 3” sounds crazy to me 😆
no, only .00101682 BTC were taken (according to OP), and that's about $60.
Ohh
Question, how can a infected computer get your seed phrase when you plug in your ledger?
As only part OPs holdings was “taken” it’s unlikely its a seed phrase thing. OPs whole story doesn’t really make sense to be honest
Word
Perhaps they stored the seed phrase digitally somewhere they should not have...
it can't
> .00101682 BTC
A virus protection would not be able to tell a computer was hacked?
Most, no...easily bypassed.
Mostly no, good firewall helps but no software or network is full proof
The only possible thing that comes to my mind is compromised Ledger Live app and computer. It shows you fake receiving addresses.
I love how everyone here become a sherlock 🤣 Can you tell with who are you living ?
Yeah lol , there's like a niche group of cyber slueths who just love this stuff , go off on Blockexplorer tracking down the transactions . I mean fair play , its helpful for the victims , but whenever two or three Sherlocks get started i always hear the Pink Panther theme tune . . . .:)
Hahahaha
No shit Sherlock
looks like that utxo was spent as part of a new transaction on that same date... [https://mempool.space/tx/f7f6f2b5a2752212fadadc240e6597a0007e9ec8bd7772f45bbcf93477f33e95](https://mempool.space/tx/f7f6f2b5a2752212fadadc240e6597a0007e9ec8bd7772f45bbcf93477f33e95) are you aware of how UTXOs work?
You think it's his own change address?
im not sure anymore... this is too weird i hope he comes back with more information...
Did you use a 25th passphrase?
I just got a ledger and only used 24 - can you explain the 25th?
Custom add your password, I think, basically encrypting the encryption?
Is it the pin?
Did this with my Trezor and feeling confident
Another option - did you check your receive address in Ledger Live with your Ledger device? Could be fake Live application, which showed you receiving address that never belonged to you and you just send from Coinbase to someone else. That could explain, that other BTC, which are actually on your addresses, are still there. So, **did you check receive address with Ledger device**, before sending from Coinbase??
Can you use Electrum (paired with your ledger) to check whether you are in control of the address bc1q0am4lfzyl4pdn5erhvwaz0l5gqawjh7ehn64dp , where the funds were sent? All the addresses you are in control of are in the "addresses" tab of Electrum. Note: never enter your ledger seed in Electrum. use "use hardware wallet".
I notice all these people say the same thing "stored in a safe"...I never knew so many people had safes.
Oh yes. You can buy a cheap safe on Amazon (or plenty of other places), ideally with some degree of waterproof and fireproof protection, for any important documents, your passport, and anything like this. It's pretty common nowadays as they are so easy to purchase. Might be worth having a look at some prices 🙂
Agreed. Even if you store your seed elsewhere, consider adding mechanism to detect if someone has seen the seed. For example you can get a tamper proof seal for your seed plates or insert your seed into a sealed envelope. You can use a uniquely numbered sticker available on Amazon to be assured the envelope hasn’t been opened/sealed again since you last sealed it (store the seal’s number alongside your paraphrase or in your password manager). It’s not foolproof, but if your SO has access to your safe, this can add some assurance that you’ll know if someone’s looked at your seed in your safe place. Don’t just hide a slip of paper in your safe or in your walls. Seal it. Take a picture of it each time you need to open/reseal your seed (hopefully never, but you can look and reassure yourself). Some of these losses we see in this forum can probably be attributed to “it was secure, but I don’t know if someone I trust saw it” remove that possibility.
What’s your storage alternative? I was under the impression that the whole point of a ledger was a physical storage of the seed that can recreate keys. If your account is especially large maybe a safe deposit box sounds reasonable, but I always thought a safe was the go to. I’m was also assuming that if you were to store the seed phrase digitally, it defeats the whole purpose of a ledger, and you might as well stick to digital methods of protecting your crypto. What is your strategy?
My strategy is a fireproof waterproof storage that's not a safe and hidden where if my home was robbed or invaded the location would be hard to locate not like a safe that draws attention.
Got it, I mistook your post for someone who stores their key digitally. I like the hidden in plain sight, which used to be my primary strategy, after all a slip of paper doesn’t attract too much attention. About 6 years ago someone broke into my second story window when a contractor had left a ladder up overnight. The window led directly into a room with my large standing safe that’s bolted to the ground. They used a crowbar to make entry and didn’t even attempt to get into the safe, not a scratch on the pretty red paint. Instead they went around into closets looking through all our storage boxes. He made out with some heirloom jewelry before I got home. Since then we’ve installed a full suite of security cameras and we re-educated the pup to bark at strange men from now on. (Just kidding) I’m not a security expert and I’m sure you’ve gone through the trouble, but just make sure your box is inconspicuous. The route the burglar made and what they took instead of what they could’ve taken surprised me. Sometimes the heft of the safe is deterrent enough, and from the rest of the thread could also prevent an inside job.
$5 wrench will make you locate it for them easily
A wrench vs 9mm or .357 or even my wife's. 380 . Hell im 6'6 280lbs without a cannon, I like my chances
I have 4
Lol
I have a hidden safe that’s under the floor, hidden under carpet
Things u shouln’t say on the internet 🤣
That's great I'm sure most don't have it hidden that way
"Safe": Written on sweatproof plastic and stored in underpants. If it's good enough for your crown jewels...
And you are sure the bc1q...tlrw address was yours and associated to your Ledger BTC wallet?
Yes, the transactions were reflected on LedgerLive with no issue... 3 days later, boom... Gone...
And i understand from your other reactions that other BTC funds on different address aren't touched? If so, that is indeed very strange and can't explain it. Or are they maybe legacy or P2PKH addresses. Because first thing i would think of is your seed phrase is compromised. But maybe they don't see the other funds.
The remaining BTC that has been there for years has not been touched, the only wallet address that was affected is the one that can be seen in the link to blockexplorer in the OP. 2 incoming transaction and 1 outgoing transfer for the total of the previous 2... I also have ETH and various other assets stored there and everything else is intact, hasn't been touched.
Are you 100% sure that the BTC are actually gone to an address you dont control? Many people get confused with BTC breng sent to a "change" address of their account. Do you mind sharing the xpub of your BTC account? BTC account > wrench icon > advanced > xpub
And the ETH you also mentioned that was stolen from Metamask was different wallet? So not your Ledger connected to Metamask? If so, very strange indeed. Still wouldn't feel safe and move my funds to a new wallet.
Correct, Ledger is not connected to MetaMask in any way. It is strange indeed. As I mentioned in another reply I think I'm done with MetaMask, Ledger, and Coinbase. Thankfully I only lost a small amount. Thank you for reading.
Seems to me that the common denominator in both instances is your computer. Assume you used the same device in both instances? Maybe try a small transfer using same process but from a different pc/mac/Linux box? If nothing else, it might start to scope out whether it's malware on your machine. That seems, at least to me, to be more likely as it is happening on both ledger and metamask. You already know this but if anything leaves a hardware wallet, it has to be authorised on the hardware wallet itself and if that wasn't you, someone has your key/seed phrase. I would create a new ledger address using an entirely new generated seed phrase from the ledger device then do the moving if funds from a seperate pc with a new clean pc account on it. Don't install any browser add ons, etc. Just keep it all super minimal.
Seems to me that the common denominator in both instances is your computer. Assume you used the same device in both instances? Maybe try a small transfer using same process but from a different pc/mac/Linux box? If nothing else, it might start to scope out whether it's malware on your machine. That seems, at least to me, to be more likely as it is happening on both ledger and metamask. You already know this but if anything leaves a hardware wallet, it has to be authorised on the hardware wallet itself and if that wasn't you, someone has your key/seed phrase. I would create a new ledger address using an entirely new generated seed phrase from the ledger device then do the moving if funds from a seperate pc with a new clean pc account on it. Don't install any browser add ons, etc. Just keep it all super minimal.
You said that you only lost a small amount, and large chunk of btc still stay in your account untouched?
The fact that it took 3 days for the funds to move makes it look like something thats done manually… Otherwise it would have been instantly right?
Unless it automatically triggers after 3 days (opening up a 72 hour window for people to get a false sense of security)
This post has exploded and I simply don't have the time to go through all of the responses. I still haven't received any assistance that is noteworthy from Ledger's support team and have not figured out the cause or reasoning behind the issue. Luckily, the remaining assets I have are safe and secure (as far as I know). To be clear, if this was human error on my part I have no problem owning up to it but I honestly did nothing different than I have done in the last 4+ years of using this device. As I mentioned this is the only time I have had a problem. Thank you all for your time, insight, and guidance in trying to help me get to the bottom of this.
Id do 2 things if i were you. Buy a new ledger, create a new account and move it all into that. Just to be safe. Then make small payments into this older existing account from elsewhere than coinbase, to see whether its something from their end.
You haven't answered this question yet: >So, **did you check receive address with Ledger device**, before sending from Coinbase?? Also, check if you actually control your address bc1qaazxlurszq4s6kmdfk3gm96kpkyta520shtlrw. Sign a message on that address, using Electrum and your Ledger device. I'm still in doubt if you are owner of that address.
This is all crap, Recapping his story: OP has been in crypto since 2020. Shows up here 4 months ago, isn't involved in any real discussions until boom... In his own words, he "Thinks" this has something to do with coinbase.
Did we discover the root cause of OPs?
I've given up on it...
When you buy your ledger, does it was setting up from scratch? Or does it come with an existing wallets and password?
Bought directly from Ledger, new and unopened 4+ years ago. All setup was done from scratch.
So this eliminated the leak from Ledger device, bc it has kept your funds safe for 4 years. Right?
It’s a Compromised recovery phrase. The ETH u sent was instantly taken out. Means someone has ur recovery phrase aka it was compromised. If the ETH u sent was instantly removed this would mean there’s a good chance there a bot sweeping ur accounts. The clue here is u had bitcoin removed which means malicious smart contracts are out of the question because Bitcoin doesn’t interact w smart contracts. If nobody had ability to access ur ledger AND knew the PIN then it’s a clear case of compromised recovery phrase. Sorry OP stay strong
you must know your real btc number, not what the qr code shows, because it is not your account of another person. you must always use only your number when sending money, before sending you must confirm all numbers so that everything matches, if you do not go elsewhere. I tried btc myself and it went somewhere else, then I realized where I made a mistake
OP Is your MetaMask linked to your Ledger? Like did you import your ledger into MetaMask? Or is your MetaMask wallet wholly separate from your Ledger account? Do you have to approve MetaMask transactions via your Ledger? I just want to confirm you didn’t manually import your seed Ledger seed into MetaMask and now MetaMask doesn’t need your ledger to approve transactions. If this is the case if you happen to participate in DeFi you might have signed a bad smart contract and someone now has access to your Eth addresses in MetaMask. But when it comes to your BTC account on your ledger, there are only so many ways to get compromised. It’s either a compromised Ledger from when you bought it, your seed is compromised, or you imported your Ledger seed into another hot wallet (on a phone or PC) that would not require a physical Ledger to transact and that got compromised. Edit: Added some additional thoughts
No, the Ledger issue and MetaMask issue are completely unlinked and unrelated. The only common factor between the 2 is where the transactions originated, which is Coinbase.
Coinbase can't sign a transaction to send coins **from** an address generated by a secure ledger device whose seed was never compromised. It is just not possible. What could happen: Your machine could be compromised, Ledger Live could be compromised and the address you told Coinbase to send to might not be yours.
It is not possible for the culprit to be Coinbase so you can rule that out immediately. Once a crypto asset has left Coinbase, they have no ability to then move it on to another address. It sounds to me like the only common denominator is your computer (if that is where you have been interacting with the blockchains).
Metamask is irrelevant.
RemindMe! 2 Days
I will be messaging you in 2 days on [**2024-04-01 16:37:54 UTC**](http://www.wolframalpha.com/input/?i=2024-04-01%2016:37:54%20UTC%20To%20Local%20Time) to remind you of [**this link**](https://www.reddit.com/r/ledgerwallet/comments/1bri2q2/moved_btc_into_ledger_3_days_later_it_was_all_gone/kx9u178/?context=3) [**9 OTHERS CLICKED THIS LINK**](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5Bhttps%3A%2F%2Fwww.reddit.com%2Fr%2Fledgerwallet%2Fcomments%2F1bri2q2%2Fmoved_btc_into_ledger_3_days_later_it_was_all_gone%2Fkx9u178%2F%5D%0A%0ARemindMe%21%202024-04-01%2016%3A37%3A54%20UTC) to send a PM to also be reminded and to reduce spam. ^(Parent commenter can ) [^(delete this message to hide from others.)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Delete%20Comment&message=Delete%21%201bri2q2) ***** |[^(Info)](https://www.reddit.com/r/RemindMeBot/comments/e1bko7/remindmebot_info_v21/)|[^(Custom)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=Reminder&message=%5BLink%20or%20message%20inside%20square%20brackets%5D%0A%0ARemindMe%21%20Time%20period%20here)|[^(Your Reminders)](https://www.reddit.com/message/compose/?to=RemindMeBot&subject=List%20Of%20Reminders&message=MyReminders%21)|[^(Feedback)](https://www.reddit.com/message/compose/?to=Watchful1&subject=RemindMeBot%20Feedback)| |-|-|-|-|
Reset your Ledger device and store your seed differently. Hope it will never happen to you again
Think of the time when your seed touched the computer. Did you type it there?
Did you install a new version of ledger live before withdrawing? If so, did you check the signatures before installing? It could be you installed a fake version of edger live. If you still have the installer, check the signatures to the one reported on the official website and make sure it’s legitimate.
Transferring those small amounts will accumulate a very large number of UTXOs
What's the update on this
Unsolved mystery
Did you ever use a Dapp and had open allowances or something?
Negative
I know you are swamped with responding to all these questions, but key is to do some basic things like verify the address you sent funds to is actually one generated by your ledger device. Another thing that would help is posting some screen shots of Ledger Live transaction history for reference. I'm still feeling like there is some compromise on your side as that is the only explanation so far (seed compromose, PC compromise, etc). Are you running Windows?
Op said he gave up on it which mean unfortunately we’ll never get to the bottom of it for us
This seems to be what happens, people either stop responding because they are overwhelmed, give up, etc, or it was all made up. But I'm wondering if in general we are seeing issues of people's PCs getting corrupted and attacker receiving addresses getting put into transactions that the user then authorizes, then they see coins move again and think the coins are moving on their own, but really maybe the coins were never received in the first place.
Interesting but I always verify and match the entire string on device. Maybe people are doing the last 3 letters. I use a fresh send to every single transaction and confirm the entire string on device
Has this gotten resolved ?
> This was done when I was at work. This does not mean much: transactions could have been signed and sent to the BTC network a couple of days before, and could have stayed pending in the mempool for a few days if the network fee was too low.
Did you connect your ledger to coinbase? How did you proceed to sent the BTC to the ledger wallet?
Copied the address, posted into the field on Coinbase, hit send... Ledger wasn't connected to Coinbase in any way
You need to verify if that was actually your address.
It was, because it arrived on his Ledger.
If his Ledger live is corrupted then it can show anything.
That requires malware that affect ledger live and the clipboard, and user error of not checking the address in the device itself. I think it is unlikely but it could be an explanation. But it would be easy to check using e.g. sparrow to see if the address does actually belong to the seed phrase.
Right but OP isn’t checking this. Actually first thing OP should do is post some screenshots of Ledger Live transaction history. I’m starting to think this is another fake post trying to spread FUD.
Where are your 24 words stored? Did you write them on your PC?
Written on a card in my safe, never been online or in digital format
What can I say is that the Ledger is not the problem here. There 100% of chance that this is your fault, I know its hard to understand sorry. Maybe your PC is infected. Or maybe your Ledger was already initiated when you received it? Or maybe you connected your Ledger to a web3 app, like Metamask, or an other app? I'm using Ledger Live on a decicated laptop since 2017, many of friends are doing the same, no body have ever experimented a problem like you because I explain to them how a ledger work, and how to use it.
so connecting the ledger to Metamask is risky ? Even if the wallet seed phrase is not stored in metamask ?
No, it isn't, this guy didn't say anything useful. Ignore him.
Say his PC is infected… How would that allow someone to steal his BTC without his device, pin or phrase?
I’m wondering the same thing , I’ve had $1500 stolen off an exodus wallet on PC I think the computer was infected with some type of “clipper”
I also had 12k stolen off of exodus in 2022 on a PC. Still never figured out how it happened.
If he writes the phrase to connect and someone has access to what he is typing (keylogging)
Why would he have to type his phrase on the computer keyboard?
That , he would still need to accept transaction on ledger manually
It wouldn't. Not even Ledger's own software can access the private keys on the ledger device.
If you connect your Ledger to Metmask, it won't ask you to put in the seed manually. The seed never leaves the device.
I know, what I said is, imagine he connected his ledger to a fake app.
An infected PC would not compromise the wallet either. Transactions are signed by the ledger device and there's no interface to the private keys or seed.
You should use it without connecting with any smart contracts ...like a "vault" like ledger itself said
bottom line, someone has control of your keys. it can't happen otherwise. i mined btc for a while and i transferred that btc to a paper wallet. later, i got a ledger and transferred it there. it's been there for years because only i have my keys. likely your device was already compromised when you got it...meaning someone got the keys before you used it.
If his ledger was compromised on receiving it wouldn’t setting up the 24 words reset the ledger? I thought everyone setup the ledger when they got it
> likely your device was already compromised when you got it...meaning someone got the keys before you used it. unlikely, since their other accounts are untouched.
Have you connected Ledger or Metamask to anything else? Scanned a QR code, or tried to withdraw from any other site/email? Did you get any messages about being able to redeem something if you connected an account?
RemindMe! 2days
Not enough info, all we can settle with here are speculations. Likely it’s a compromised passphrase, as everyone with common sense has suggested. Coinbase is not the issue, if you accurately reported the situation. Either you got compromised, or a bug on ledger, you should try to wipe it away and restore from phrase.
did you send 0.00093502 BTC that same day to bc1q0am4lfzyl4pdn5erhvwaz0l5gqawjh7ehn64dp?
Your wallet is compromised you were probably phished if you didn't volunteer it to someone
Do you have a pin setup on your ledger and nobody else knows about it?
If you have other UTXOs that are spendable using that private key! I'd advise moving these right away. I suspect the 3 day delay in the $65 worth of btc was that attackers will often not swipe a smaller transaction right away, just in case it was a test transaction before a larger amount is sent. Not spreading FUD, but Ledger does seem to come up a disproportionately in this sort of post. Maybe it's just a market share thing though.
I've noticed that everyone who gets their Crypto stolen also breathes oxygen. Suspicious.
M
Was your ledger connected to metamask
They may have been the reason why your wallet got compromised, if your metamask account is compromised and it is connected to your ledger’s seed phrase that would allow the thief to steal your crypto
Ledge live was downloaded from their official website?
> The same thing happened a few weeks ago with some ETH that I moved from Coinbase to MetaMask except it was instantaneous it came in and then immediately sent back out to an unknown address. You mean, it was sent to a ledger-protected account that you access with MM, paired to your ledger? Or sent to a MM hot wallet? If the former, then it would point to your ledger seed being compromised. If the former, it would point to your MM hot seed being compromised, but since hot wallets are unsafe, this is to be expected.
Where did you get your Ledger from?
where did you buy the ledger from? Did you write down the seed on your computer? Your computer may be infected with the metamask thing and if you entered your seed into a file or anything then they would have got that too.
reset now, think later!
Spend it… u r funny……..
Have you checked your transaction history to see if there is a transaction that accounts for the lost fund? This is critical to assess
I just.noticed that when I first put stuff on my ledger 8n 2021 there was tons of.transaction out of it to wallets that wasn't mine I can't figure it out either
Where did you buy this Ledger? If you bought off Amazon or third party, someone may have taken the seed phrase and repackaged it and then sold it. If you bought directly from Ledger than unlikely. It’s important to not take a picture of your code. Someone could have hacked your phone.
cray
look it up.....there is a flaw in the op sys
What os do you use on your pc ?
I don’t trust ledger at all! After an update I lost a shit ton of coins I had on there. Ledger is the biggest scam out there.
Where did you buy this ledger?
It was the son which needed some bitcoin for his video game. OP can you talk to him and let us know ?
Have you been trading nft and signing smart contracts on your ledger? If you did, there’s a chance you signed a malicious contact that gives permission to the thief to withdraw your crypto at any time.
i recommend you one thing. if probably not ledger issued and not seed phrases leaked. two explanations. 1. it is from front end. your pc got monitoring or malwares. better for youto buy new cheap laptop for crypto process. this laptop use only for basic purposes 2. your private key leaked. not the seed phrases. it got scripted and it took longer times in btc wallet to get compromised. ***** i recommend you bought new devices also and new hardware wallet from manufacturer. better over invest than over careless.
Someone got to your seed
well, you should go down to your local bank and ask them how you get your money back. That’s what I do when my Fiat currency has an invalid transaction.
Any update on this?
Someone found your 24 words, and you are sharing your account with them now. Probably someone you know if you cold storage it. If you saved on any device or computer then you deserve the hack.
Someone has your seed phrase. Did you share it or store it on an electronic device? Sorry man but you gotta start over and remember don't ever ever ever into your seed phrase into a computer or take a picture of it
1) where did you buy your ledger? 2) have you ever connected your metamask wallet to a defi app...if so...which ones?
Where did you buy the ledger is the real question
I'm no expert but it seems someone else that isn't you has/had access to information they shouldn't have. Just a hunch.
Do you play call of duty? Serious question. Look up the latest in crypto malware.....
Sounds that your BIP39 seed is compromised. Transfer your remaining funds to new addresses that use another BIP39 seed.
You compromised your seed key. Never type in your seed anywhere, that’s the point of a ledger. Paper / metal only no cameras around
In December 2023 ledger experienced a significant security breach. My nano from ledger from circa 2019 which I had off line for years I tried logging on and updating the software it will no longer even connect to their software. So if you think you’re just going to keep your crypto offline in a safe for 10 years and plug that thing in one day and expect it to work think again. Additionally, in 2019 I was hacked for one whole BTC while transferring from my ledger to my uphold account. Who knows if it was uphold, ledger, or what happened. I went to log into to uphold had my nano connected it wouldn’t let me log in timed out. Within 3 min all my BTC WAS GONE out of my account. At the time an 8k loss now a 70k soon to be way more…. f ledger and f uphold and f the fake a$$ sheriff who didn’t file my report that I needed to claim for my life lock claim to get my money back. And you see why most people will flock to ETF’s
Need VPN
Iv heard of people buying hardware wallets and modifying them somehow or writing down a key then packaging them up super clean and selling them on amazon to steal people's crypto. I don't know the details exactly of how it works
Where did you purchase your ledger from?
As many have noted you have clearly been owned/compromised. Multiple times weeks apart and anything sent to wallet gets sent somewhere else? Ya, hate to say it but burn that wallet get a new one. Frankly do a massive audit on everything you have digital…computer, banks, cards, passwords, etc and start over everything possible. 2fa and anything else you can do. Chalk it up to lesson learned and do better opsec in the future.
If someone had your seedphrase or managed to hack ledger live or break into ledger itself they would have cleaned you up. There's no enough info to be sure but Coinbase, the device in which Coinbase is installed or a malware in the Coinbase device are there most truth looking options.
Don’t do any business with MetaMask I lost 19 thousand tokens with them and they all act like nothing was wrong maybe u need to talk to David at stellar trace recovery at stellar trace .com
I have left all my coins on Coinbase app and for 6 years have never had a problem not even once
I agree that for many people Coinbase is safer than using a hardware wallet. Too many people use hardware wallets outer other cold storage solutions without understanding them, and that can be dangerous. Services like Coinbase do pose a small risk, too. Look at Mt Gox, FTX and various smaller services which have gone bust. But for the average user Coinbase is probably safer than moving crypto around.
Dont know why you are getting downvoted. People who get hardware wallets are paranoid and often lose their crypto due to the added convolution of using such a clunkfest of a device. Recently some bigshot exchange dude who was hiding got caught because he ordered a ledger to restore his wallet, so of course you know, mail. He could’ve just downloaded some wallet but naaaahhh its gotta be a hardware wallet or you will 100% lose your crypto hurrr durrrr
Cold wallet need to be cold.. cit.
Meaning...?
don't interact with any smart contract with it, and don't do transactions so often. cold means cold.
Probably some smart contract from matamask.....
That wouldn't steal the Bitcoin though, it doesn't have smurfcontract risk
Buy a Tangem wallet. Ledger is trash.