$100,000 Worth of Ethereum Tokens Stolen from Ledger Located in Safe. How Is This Possible?
A cryptocurrency trader, who is a member of the Stacking Ventures group, has allegedly lost more than $100,000 worth of ERC-20 tokens from his Ledger wallet.
The most puzzling part of his tweet is that someone seemingly hacked into his wallet while it was located in a physical safe.
Someone hacked into my Ledger and stole over 100k in ERC-20 tokens... My ledger is in a safe, and I reset it last week - so no one knows the recovery phrases.
A Ledger oddity
Dedicated cold storage devices such as Ledger are generally regarded as the safest way to store cryptocurrency, given that they are not connected to the internet.
Of course, they are not exempt from vulnerabilities. In January, Kraken Security Labs described a flaw in the Trezor hardware that could allow bad actors to "brute force" the seed phrase. Ledger Donjon, the security research team at Ledger, noted that the cryptocurrency wallet of one of its competitors, Coldcard, could be hacked with a sophisticated laser attack.
All of these hypothetical scenarios would, however, require physical access to the device.
As reported by U.Today, multiple Ledger users lost all of their crypto by entering their recovery phrases into malicious Google Chrome extensions. But this victim’s case appears to have nothing to do with phishing since the hacked wallet was located in a physical safe.
An ad for Trezor
While some were quick to point out that the revelations seemed like an advertisement for Ledger's archenemy Trezor, prominent trader Scott Melker claims that he has seen proof that the hack really took place.
Ledger has always been reliable, not sure how this has possibly happened.
Ledger's support team is currently investigating the problem, according to its Twitter handle.
This incident comes less than two months after the French wallet manufacturer suffered a massive security breach that resulted in more than one million of its customers' emails being leaked.
Shortly after the incident, Trezor trolled Ledger by offering a 10 percent discount with the promo code "DATAPRIVACY."