Mein Hauptbuch wurde für $80k gehackt
- Dieses Thema hat 36 Antworten sowie 1 Teilnehmer und wurde zuletzt vor vor 1 Jahr, 6 Monaten von
aktualisiert.
-
Beiträge
-
-
Am 2. Juni um 1:42pm mein Ledger Wallet wurde fast für über $75k geleert jetzt im Wert von über $85k-$90k seit Krypto hat sich nach oben gegangen. Ich habe nie meine Seed-Phrase zu jemandem geteilt, es ist auf einer Haftnotiz in meinem Vater Safe seit dem ersten Tag gewesen. Habe es auch nie mit jemandem geteilt.
Das einzige, was ich mir vorstellen kann, ist ein Phishing-Angriff von einer meiner nicht verwahrten Wallets, die Geld an mein Ledger geschickt haben, aber das würde immer noch keinen Sinn machen, weil die Krypto auf allen meinen Metamask-Wallets immer noch da sind und nfts (über $50k im Wert)
Was ist passiert? Kann ich Ledger dafür verklagen. Wenn es ein Phishing-Angriff war, bedeutet das, dass sie meine Daten richtig verkaufen? Fast 1/2 meines Nettovermögens wurde gelöscht und ich war noch nie so deprimiert.
-
-
-
-
-
-
-
-
-
-
-
-
-
-
Sue Ledger? I’m not a lawyer but I guess that the burden of proving they were somehow responsible is on you and that will be a hard thing to prove.
No, if you fell victim to a phishing attack it does not mean Ledger sold your data, it means that you were tricked to give it voluntarily to the attacker.
I’m sorry for your loss, it must be devastating. But the lack of technical details, no substantial info about your OpsSec set up and an apparent misunderstanding of essential concepts makes it hard to find your claim of Ledger being hacked credible. Plus your mention of NFTs and a large amount on a hot wallet suggests you interact with DEXes, market places, etc. which is a major attack vector in itself.
-
-
-
Since you lost assets on multiple chains it’s clear that it was not a malicious smart contract or anything like that. So we know that your seed phrase was leaked. The question is how?
1. When was the last time you personally looked at your seed phrase?
2. Who has access to the safe?
3. Do you have any copies/backups of the seed phrase?
4. When was the last time, to your knowledge, the safe was even opened
5. What did you do the previous hours/days before your phrase was leaked? -
-
Question here for the group. If I have blind signing on for nfts is there anyway they can fish into my account. I only use my ledger and mm on my dex and on open sea but I’m not sure how these hacks could even potentially happen. I never photographed or put my seed anywhere but on my device and it’s locked in my safe written down. I know how to use my device and seed phrase correctly but do not understand how anyone could hack into my account from a dapp? Even when I use it I still have to approve everything on the device itself. Is phishing in from a dapp possible? Anyone with more experience can enlighten?
-
-
-
-
-
-
-
-
Just glanced at your history OP, have you ever visited a site that may have been suspect? Ever click on a link in your email etc? Are you sure you didn’t take a photo of your seed? Does anyone else have access to that safe of yours? Even if you blind signed once say using metamask or zerion, i think you still need to confirm the transaction on your ledger if moving funds etc. Someone can correct me if i’m wrong. Sorry this happened to you. Also, did you leave blind transaction on or off? If i use one of the dapps that require blind transactions to be turned on, i’ll turn it off after done. Not sure if that provides extra security or not. But ya, sorry this happened to you.
-
OP, try to remember if you did anything out of the norm at the beginning of June when this all went down. That could be a start to where someone got access to your account. Did you connect your ledger to another device, do you typically leave your ledger on? I typically turn it off when not in use. Was your computer hooked up to an unsecured wifi? Just thinking ways something might have gone wrong. Or even clicking on a link in an email, twitter, telegram, site, etc?
-
-
-
No, Your ledger did not get hacked
You somehow leaked your seed. Your seed should never be used again, as it is compromised. Anyone who has access to your seed (24 words + optional passphrase) has full control of your cryptos and does not need a ledger to access / take them.
Common causes of compromised seeds (unauthorized access).
Have you ever:
– entered in your ledger a seed that you got from „ledger live“ (in that case it would be a fake ledger live, and the seed is known by the scammer)
– used a seed that came pre-printed on a card with your ledger (the common pre-seeded ledger scam), or used the seed from MetaMask (or any other wallet)
– taken a phone photo of your words? (this is the most common source of leakage)
– entered your words on your computer or phone (i.e. typed it on your keyboard, e.g. to make a print), e.g. sending an email to yourself (second most common source of leakage)
– entered your seed in „Ledger Live“ when you updated your computer, to recover from „damaged ledger memory“ or to „unlock your ledger account“ or „sync or validate your wallet“? (all those are scam apps that will steal your seed)
– entered your words in a computer or phone notebook or notepad or any app (e.g. password manager) or website, or in MetaMask, or on the cloud?
– entered in your ledger a seed phrase that was previously used in a software wallet?
– have your words in sight of any webcam, laptop cam, phone cam, security cam etc. This can happen if your seed words card is exposed in a public space like a library.
– printed or photocopied your words using a computer printer or wireless printer or a commercial copy machine?
– digitalized your words or encrypted them in anyway with a computer?
– used off-line or on-line tools to generate or check your seed or to verify it or to access other software or phone wallets?
-
-
Hello, these are always tricky situations and I understand your frustration. We feel for all our users who encounter this. Please do open an email ticket and share with us your ticket number so we can see further investigate this incident and better assist with our investigations team: [support.ledger.com/hc/en-us](https://support.ledger.com/hc/en-us)
-
You have a security issue via *pir8* software and/or malicious browser plugin.
examples of such is: VenomSoftX / ViperSoftX
[„ViperSoftX info-stealing malware“](https://www.bleepingcomputer.com/news/security/vipersoftx-info-stealing-malware-now-targets-password-managers/)
-
-
-
- Du musst angemeldet sein, um auf dieses Thema antworten zu können.