A British man has lost his “life savings” after $34,000 of crypto was stolen from his newly obtained Nano Ledger hardware wallet.
The device was compromised, not because of any flaws in its production, but due to a man in the middle attack that saw the reseller insert their own recovery seed.
The buyer then unwittingly started using the wallet, not aware that the default seed they were using had not been randomly assigned by the manufacturer.
“I have not used my Ledger in a week, today I decide to check the value of my XRP, Litecoin and Dash only to discover that all of them showed up as zero and had been transferred somewhere else yesterday all around the same time at 7:30pm.
“I am not sure how this is possible as I have not access my Ledger in a week.”
The victim was initially bewildered as to how the attack could have been pulled off, before eventually twigging that the Ebay seller must have tampered with the device.
After sharing his story on Reddit, Ledger reached out to the man who goes by the name moodyrocket and encouraged him to report the crime to “bring the eBay seller to justice.”
The odds of the British-based victim getting his cryptocurrency back are small, but his loss can at least be the community’s gain.
The widespread attention the incident has received highlights the dangers to anyone who is considering the purchase of a hardware wallet from a third party.
Auction sites, unaffiliated vendors, and merchants who have no formal partnership with wallet manufacturers should all be eschewed.
The vast majority of resellers stocking wallets such as Ledgers and Trezors have no goal of meddling with the devices.
However, it only takes one unscrupulous party to interfere with a wallet and pass it on to the unsuspecting buyer.
The Ebay seller who scammed moodyrocket had gone to a lot of trouble to orchestrate the scam.
The seed is to be generated by the device, but this purchase came with “scratch off” paper that revealed the seed.
Despite the security of hardware devices, the weakest link is always the people using them.
Even anti-theft tech can’t make up for human error.
Had the victim reset the device and created a new seed, the incident would have been avoided.
When presented with convincingly forged documentation, though, he naturally felt safe in sticking with the default seed.
Purchasing hardware wallets directly from the manufacturer may take longer and cost more, but the alternatives are just not worth the potential trouble.
- Sberbank of Russia Launches Blockchain Laboratory 12 January 2018
- Ukraine Creates Oversight Working Group for Cryptocurrency Regulation 12 January 2018
- BitConnect Given Second Cease-and-Desist Order 12 January 2018
- Arizona Lawmakers Propose to Let People Pay Taxes with Bitcoin 12 January 2018
- KFC Canada Offers Fried Chicken for Bitcoin in Innovative Marketing Ploy 12 January 2018
Bitcoin3 days ago
Bitcoin Event Stops Accepting Bitcoin Due to Fees and Congestion
Blockchain5 days ago
United States SEC Office Pokes Fun at Blockchain Stock Pumpers
Bitcoin2 days ago
Ukraine Creates Oversight Working Group for Cryptocurrency Regulation
Bitcoin5 days ago
ViaBTC to Shut Down Marketplace for Mining Contracts This Week