Victor Ugochukwu · Dec 14, 2020 . 5min read
Ledger User Alleges Hardware Wallet was hacked and over $100,000 ERC20 Tokens Stolen
User claims Ledger hardware wallet was hacked and his funds worth over $100,000 in ERC20 tokens stolen
By Victor Ugochukwu · Aug 15, 2020 . 7min read
A Twitter user with the handle @StackingUSD appears to have brought up the claim alleging his Ledger hardware wallet was hacked and his funds worth over $100,000 in ERC20 tokens stolen by the perpetrator.
In the post, he appears to be calling the attention of the Ledger, the manufacture of the hardware wallet seeking an explanation of what could possibly have gone wrong.
While a lot could have gone wrong and even himself not exempted from being responsible for his misfortune if indeed he is telling the truth, the user claims his Ledger appears to be safe and recovery phrase kept away from any possible third party. In his tweet, Ledger hardware wallet user said
“My Ledger is in a safe, and I reset it last week – so no one knows the recovery phrases.”
His tweet has since elicited reactions from notable CryptoOGs like Andreas Antanoupoulus and even Vitalik Buterin. As usual, a lot of speculations are already brewing on what could have possibly gone wrong; some others think the hardware wallet user’s claim is just unfounded and baseless.
Has anyone hacked Ledger Wallet before?
Clearly, hardware wallets are one of the safest methods of storing and keeping your digital assets. Especially away from any possible hack or Man-In-The-Middle – MITM attack. However, there are instances of Ledger hardware wallet hack in the past. A useful reference is the story of the Ledger hack by a 15-year-old, Saleem Rasheed. However, even Ledger made it clear the hack was preventable and didn’t emanate from any root flaw in the security protocol the wallet employs. Also, Ledger suffered a recent data breach in its marketing and e-commerce platforms but still not connected to its flagship product. How then can @StackingUSD’s claim be valid? Some possible scenarios if indeed wallet user’s request is true:
The Hacker already spoofed the wallet before reselling to present wallet user. In essence, the user bought Ledger hardware wallet as a second-handed product and not brand new. We see these kinds of sales on eBay.
On the flip side, a hacker might have breached the safe housing the wallet without him knowing. Even safes can be breached, and maybe that is what has actually happened here. Security experts and cypherpunks think remote access to a brand new Ledger wallet private keys is impossible.
Another Twitter fellow responding to the wallet’s user claim asked:
What are the chances of it not being a compromised system but a generated seed/private key collision of someone who already had that seed/key?
Check out the responses of both Andreas and Vitalik.
Corroborating Andreas’ view, Vitalik also tweeted
Ledger’s support has reached out to him and a ticket submitted by wallet holder as at the time of this publication.
Follow Cryptodose for daily updates