Cryptocurrency stolen from a Ledger wallet 钱包被黑
I came across a news saying that someone opened up his Ledger wallet after one week not touching it, to check the value of his holdings including XRP, Litecoin and Dash only to find out all of them showed zero in balance. Total value reported was over £25000. A huge amount of money indeed.
This is definitely shocking and I was wondering how could this happen? I own a Trezor and Ledger and nothing bad has happened to me yet. Digging down the story which you can view at the original Reddit post here, not to my surprise everything was due to scam and human error.
How could this happen?
- The scam part
The victim bought a Ledger wallet from eBay seller that comes with a fake Recovery Sheet which has the 24-word phrases already written on it. It then guided the victim to activate the wallet by using this recovery seed.
The fake recovery seed looks like:
Image from https://imgur.com/DsICkge
Obviously the scammer also holds another copy of the same seed while the victim thought he was the only one who holds it. When the victim restores the wallet using that seed, same balance of coin was showing up in the device of both the scammer and victim. Next thing, scammer moved all the coins to his another wallet, of course.
- The human error part
Lack of knowledge, the victim did not know what he was doing at all. I'm not sure how much he did to educate himself. But in this case, he clearly does not know how does a hardware wallet works. If he is well informed, all the traps that the scammer set up in the compromised Ledger package would not work at all at the first sight.
And if he refers to the official or reliable source of information while setting up the wallet. He would know that he can actually generate a new seed but not using the shady one on the sheet.
What's the lesson?
Always buy hardware wallet like Trezor or Ledger from official site if you want to be 100% safe.
Educate yourself. If you wouldn't, no one else would.
In the crypto world, you are your own bank. You take full responsibility for your assets.
Know what you are doing or don't do it at all!
简要:
有位网友在第三方买了 Ledger 的硬件钱包结果钱全被盗了。追根究底,原来他买的钱包被人改过了包装,里头教他使用一张写好回复密码的 24 字种子来设置钱包。而事实是诈骗者也拥有同样的种子,所以双方都可以进入同一个钱包。当受害人把钱币都存进去的时候,诈骗者就立马把钱都转走了。
我们可以从中得到什么教训呢?
- 只从官方渠道购买钱包
这样就只会买到原装正品,可以大大降低被盗的风险。
- 自己要有足够的相关知识
这是最重要的。在加密货币的世界你就是你自己的银行,如果你也不知道自己在干什么,那么就等于玩火,出事了都不知哪里出的问题。
以这个事件为例,要是受害人知道钱包是如何运作的,一开始他就不会掉入这陷阱。退一步而言,要是他根据官方的指南设定钱包,他也会知道恢复种子是什么。而不会去用那假种子而导致损失。
币圈里安全是第一位的,弄丢了就找不回来了。谨记谨记!
There’s no doubting the fact that Cryptos are making a significant impact on the way we think about money movement and currencies in general
Yes, this is a totally different game.
Educating oneself is so important. Right now we have a lot of people being exposed to cryptocurrencies without proper information from a reliable source. We really need wisdom before the greed sets in.
Well said. Hope more new comers can be as careful as you.
心疼你
谢谢,不过我不是受害人…
安全第一.
永远第一
I've always wondered how these scams will affect crypto in the long term. Are people honest enough to admit they did a human error or that they fell for a scam. Or will they blame crypto the same way they blame someone else every time they face a technical problem.
The concept of public and private keys should be simple enough for anyone to understand, or at least a simplified version of it that'll help the average Joe to identify this kind of schemes. It's a shame they don't teach the kids in schools about basic cryptography.
Dont think this is gonna affect the crypto badly in any sense. As most of these are due to human error or ignorance to educate themselves. Problem like this will exist forever if user continue to be dumb.
Crypto is too new to reach normal school tho.
读标题差点吓死,原来是被ebay seller动了手脚
原来我标题党了吗,不好意思哈哈哈
thanks for the info, good post u got there.
Thanks!