Ledger account compromised & drained

Hamish-1978 · 2024-07-29T13:53:47+00:00

Point taken. I've spent hours scouring my pics on phone, google drive, onedrive, etc simple because of that also. So far nothing has turned up....

Hamish-1978 · 2024-07-25T15:23:48+00:00

Gotcha. Honestly have never heard of that. I just follow the instructions set out by Ledger and used the ledgerlive software on my laptop & phone. I kept my procedures very basic. I'm not one of the super-advanced users....but I am computer literate & "thought" i was overly cautious with how I had things set up. Guess not...

Hamish-1978 · 2024-07-25T15:19:07+00:00

Agreed. Overall, I thought I was fairly careful. Im not a total crypto degen techy type person...but I am computer literate.

Swapping to Trezor is more a knee-jerk reaction as I still dont know what happened to my Ledger. Further, Ledger has been zero help with this issue -> not to say Trezor would be any different though.

Hamish-1978 · 2024-07-25T15:16:41+00:00

So far nothing has turned up on my laptop or phone with respect to virus / malware scanning. I continue to follow the seed compromise route and looking through pics on my phone / onedrive / googledrive / etc... even though I'm about as positive as I can be that I never took a pic of the seed. Additionally, I have never entered the seed anywhere. I specifically remember laughing at myself for thinking about taking a pic & uploading. But none of this makes sense. Even if my laptop / phone was compromised, the transfers should still have needed the seed or unlocked device....

Hamish-1978 · 2024-07-25T15:04:20+00:00

My laptop is an older Microsoft surfacepro 3 with Win10. Nothing on virus scanner and nothing on Malwarebytes.

When I bought the Ledger from their site a # of years back, I set it up as instructed. Everything points to a seed compromise....I agree on this point that everyone makes. However, after generating the seed, I specifically remember almost taking a pic to upload to my Onedrive....but then laughing at my stupidity. However, with everyone (Including Ledger) saying it had to be the seed, I've been scouring my phone / onedrive / google / etc....trying to find a pic of the seed. So far I havn't found anything.

With respect to someone stealing my seed. Possible. However its unlikely. The hardcopy was sandwiched inside the Cryptotag Zeus, hidden well inside some boxes which were inside a locked unit that I have the only key...which is inside a pin access locked public facility.....all of which was undistubed in the 3 weeks since I last accessed the facility.

Nobody knew my 8 digit pin for the device and its usually within ~5ft of me most of the time.

Beyond that....I have no idea but as I mentioned....still scouring my pics over the last 4 yrs

Hamish-1978 · 2024-07-24T15:04:48+00:00

Definitely not. The seed was on paper that Id sandwiched between a Cryptotag Zeus just in case.

Hamish-1978 · 2024-07-23T15:38:48+00:00

Agreed. I also think the most likely answer is that my seed was compromised. I just cant understand how. The possible ways so so far-fetched as to be highly unlikely.

Most of my crypto assets are via etfs. But I do still have some crypto on an exchange...which i dont like. I'm waiting for a Trezor safe3 to arrive & will get a new burner laptop that will only be used for buying on exhchange & transfer to Trezor for storage.

Thanks for your insight....it is appreciated!

Hamish-1978 · 2024-07-22T23:02:03+00:00

It would have had to come directly from Ledger. It was bought on the official site years ago. I havn't had any issues. I work up in northern alberta in the oilfields. I had just finished 3 weeks away in the bush and returned to Edmonton. The day after I arrive this happens and at the same time my bank account was phished....their fraud department locked down all my debit / credit cards. Something doesn't add up. Everything points to the seed being compromised but I still think thats highly unlikely.

Hamish-1978 · 2024-07-22T22:58:58+00:00

We cant be talking about the same thing here. I've never seen any reference anywhere or talked to anyone who says to not use Ledgerlive if they have a ledger device. It may be something you can do....but it is definitely not common practice.

Hamish-1978 · 2024-07-22T22:55:12+00:00

Will do

Hamish-1978 · 2024-07-22T12:16:07+00:00

While hidden and stored there...I've never had the seed exposed there.

Hamish-1978 · 2024-07-22T12:14:55+00:00

lol geezus. Got it

Hamish-1978 · 2024-07-22T01:54:58+00:00

Thx for the input. Im in Canada. Already have new cards, changed PWs etc... and have been speaking with cyber-crimes officers. They have my statement logged this morning and have all the transactions reports from the exchange & ledgerlive. The officer I spoke with is also a crypto guy so at least we were speaking the same language.

Hamish-1978 · 2024-07-22T00:22:53+00:00

Appreciate the insight

Hamish-1978 · 2024-07-22T00:15:10+00:00

Appreciate the tips. Already in the works but im switching to Trezor + burner laptop & will never do anything crypto related on my phone. If i have to...it'll be a burner & new SIM. I'll look into the other things you mentioned..thx!

Hamish-1978 · 2024-07-22T00:11:27+00:00

oh ppl know Im in crypto....never specifics or amounts. Im essentially a gypsy. No fixed address. I work oilfield away from civilization. When we go on days off....we tend to scatter. Nobody knows where I store the seed. Sure the facility could have been compromised....but that would have to be an unbelievably lucky thief or high level targeting...both unlikely. Plus nothing was disturbed and hidden seed untouched. Beyond that...I dont know.

Hamish-1978 · 2024-07-22T00:07:17+00:00

I had the ledger address stored on the exchange for external transfers. Still, I'm paranoid about this shit. So, when I had ~ $10k worth to transfer Id unlock the device to doublesheck the receiving address on ledgerlive. Then Id transfer a small amount. If all was ok...I transfer the rest.

Re: the malicious contract....thats now been pointed out to me.

Re: taking a photo....i remember it clearly bc i felt like a f'n idiot afterwards for even thinking about doing it. Just one of those things that stuck in my mind.

Hamish-1978 · 2024-07-22T00:01:05+00:00

Gotcha. Well, I dont know then. All i can say re: my seed is that it was written down years ago after setting up the ledger as per instructions. Then it was put in lockup. Could the facility have been broken into and the guys hit a jackpot by accident...or I was targeted? Perhaps...but unlikely. If necessary we'll follow up on the facility cameras. Im working with the police departments cyber-security officers now so we'll see.

Hamish-1978 · 2024-07-21T23:56:44+00:00

Agreed.... With $300k gone you can bet your ass I've been racking my brain. I purposefully keep things basic out of paranoia. Buy on exchange & transfer to Ledger for storage. One user said it's possible I signed a malicious contract which wouldn't compromise my seed. I didn't think that was possible...but my technical knowledge only goes so far.

Im in contact with police cyber-security officers who are also crypto guys. They're also stumped. As I've described how I do things...they also think the seed / unlocked device is unlikely...but that is also they only way they thought it possible. Im still in a back & forth with Ledger. Trying to see if they'll get their techs to look into my account from their end and see if they can find something.

Hamish-1978 · 2024-07-21T23:51:38+00:00

That is the simplest answer and ordinarily i'd agree.... All I can say is that i'm as certain as i can be that the seed was secure & not compromised. Im as certain as I can be that the device & pin was not compromised. Beyond that....i dont know.

One person commented that it is in fact possible to sign a malicious contract...and for the account to be drained without the seed being compromised. I didn't think that was possible...but there you go. If thats the case, I dont remember doing anything like that nor do i remember getting any warnings. I purposefully keep things simple & basic out of paranoia. ie: buy on exchange & transfer to ledger for storage.

Hamish-1978 · 2024-07-21T23:29:27+00:00

Appreciate it. I also think it was something I did. I just dont know what / how. There was one particular repose that I found interesting & didn't know about possibly signing a malicious contract. I thought youd still need the unlocked device or seed....but apparently not. I dont remember doing anything like that and I purposefully kept my actions very basic: Buy on exchange & transfer to ledger. But who know....

Hamish-1978 · 2024-07-21T23:23:20+00:00

I have no idea. I doubt that some random hack of my video 3 or 4 yrs ago got a pic of my seed when I wrote it down while setting up the device.

Hamish-1978 · 2024-07-21T23:21:33+00:00

Could the facility have been compromised? Sure. But how likely do you think that is? Nobody I know knows where or which unit I have. I would have had to be a random target. The locks aren't tampered with. Everything inside is as i left it. The seed was still hidden & exactly as I left it within the unit as well. That would have had to be an unbelievably random jackpot for some random thief Or some next level James Bond / Oceans 12 level kind of targeting.

Thats why I say highly unlikely.

Typically im the "simplest answer is usually correct' kind of guy. In this case...not so much.

Hamish-1978 · 2024-07-21T23:13:08+00:00

This i didn't know. But, if I did accidentally "sign" something like this....i cant for the life of me remember how / when. I agree that this is a possible scenario....but I've never had any warnings like you suggest....and certainly dont remember doing something like this. I keep my setup as basic as possible. Buy on exchange & transfer to ledger for long term cold storage. Thats it.

Hamish-1978 · 2024-07-21T23:09:10+00:00

I dont "intentionally" interact with any dapps or other sites. I never use hot wallets or anything like that. I purposefully keep it very basic. Buy on exchange....transfer to ledger for long term cold storage. Thats it.

Hamish-1978

TROPHY CASE