A man’s life savings disappeared from his wallet sold by a reseller

Hardware wallets are considered to be the safest solution for storing your cryptocurrencies. Each has its own 24-word unique private key plus a PIN code. Couldn’t be safer. A British man purchased his Ledger Nano hardware wallet on Ebay. His story has a lesson to teach for us.

$34,000 worth of savings, actually his life’s savings in crypto was stolen from his device. How can that happen?

The attacker was the reseller, actually. Of course, we would like to avoid any generalization. Most resellers have no intention of meddling with the device. This one went to great length to steal from his customer.

In order to understand how the attack happened you have to know how the security process works with Ledger Nano. When you initialize your device you can see 24 words on its display. That is your private key. Only you know that because you are the person who initialized the device, so only you have seen the word sequence (and you were instructed to write it down).

The victim of the attack did not know this because the instructions for the device were removed from the box and what he found was fake instructions and a scratch-off card. The fake instructions told him to scratch off the card to see his 24-word sequence and to store it in a safe place. What he did not know was that the device that he purchased had already been initiated earlier by the reseller who noted down the security word sequence and inserted the fake instructions to mislead him.

How was his crypto stolen?

If you note down your security word sequence (you must), and you lose or break your Ledger Nano S somehow, you don’t have to worry. If you buy a new device you can initialize it with the 24-word sequence that you had for your old (and lost or broken) device and, as a result, your new device will be an exact replica of your old Ledger Nano S, meaning that you will find all your crypto in it. (There are important compatibility specifications, so in a case like this find out about the details on the manufacturer’s website.)

So, in the unfortunate case of this victim, all the attacker had to do was initialize another Ledger Nano S and use the word sequence in recovery mode to make a replica of the device that he had sold to the victim, who by then had already placed all his crypto-currencies on his Ledger. The attacker and the victim had two exact copies of the same Ledger Nano S, so both of them had access to what was stored on it. After that it took only a few clicks for the attacker to empty the device and move all the crypto to wherever he wanted to.

The lesson is simple: Purchase your hardware wallet from the manufacturer and check the initialization instructions on the manufacturer’s website, too, just in case. That’s all it takes to make your hardware wallet really the safest place for storing your crypto-currencies.

Zsolt Balló