Hardware wallet provider Ledger has attributed a user’s recent loss of funds to a phishing attack that occurred in February 2022.
A hardware wallet user has reported substantial losses, which have been associated with a fraud attack, serving as yet another reminder to the cryptocurrency community to remain vigilant during the bull market.
On December 13, the crypto user, who goes by the handle “Anchor Drops” on X, reported a personal loss of 10 Bitcoin on his Ledger Nano S wallet to the social networking platform.
Anchor Drops claimed that he lost $1.5 million in non-fungible tokens (NFT) stored in the same container, in addition to the alleged loss of approximately $1 million in BTC.
The incident has been associated with a phishing attack that took place a few years ago but has only recently been discovered by the cryptocurrency community and Ledger.
Malicious Transactions From Years Ago Are Indicated By Ledger
Anchor Drops “seems to have been a victim of phishing and malicious transactions many years ago,” Ledger informed Cointelegraph.
The wallet manufacturer cited an X post by community member KDean, who associated the loss with a phishing transaction involving the compromised Ethereum address shared by Anchor Drops.
Labeled as “Fake_Phishing5443,” The purported phishing transaction took place on February 22, 2022.
The fishing transaction that KDean detected was the most probable cause of the losses, as confirmed by numerous blockchain security platforms.
“Hakan Unal, senior scientist at the blockchain security platform Cyvers, informed Cointelegraph that they unknowingly approved a malicious actor by signing a phishing transaction nearly three years ago,” he stated.
Unal emphasized that the incident is not related to Ledger and that the hacker was inert for years before eventually draining the Hardware Wallet.
Additionally, he stated:
“We strongly encourage users to follow best practices and regularly review token approvals to ensure their assets remain secure.”
Concerns About Bitcoin Loss
It is still uncertain how the nefarious activity affected the user’s Bitcoin holdings, even though the NFT losses were associated with Ethereum transactions.
“KDean’s comment can provide a comprehensive explanation for the NFT.” However, Tony Ke, the chief security researcher at Fuzzland, stated to Cointelegraph, “I am unable to comprehend how the BTC is stolen.”
Cyvers and Ledger proposed that a fraudulent transaction on Ethereum could have spread to additional blockchains within a Hardware Wallet.
“The attacker could gain access to the wallet across all supported chains, including Bitcoin if the phishing attempt also captured the user’s recovery phrase,” stated Unal of Cyvers.
“We can assume that the user made a mistake on the BTC side, as we are aware that the user was phished concerning the ETH wallet,” a spokesperson for Ledger informed Cointelegraph.
Ledger has issued a strong recommendation to users to exercise caution when signing any transactions on-chain in the wake of the incident.
“It is equally important to comprehend every interaction with the Hardware Wallet and make informed decisions, even though the use of hardware wallets is essential for security enhancement,” Fuzzland’s Ke added.
