The cryptocurrency community has received yet another reminder to stay vigilant in the bull market as a hardware wallet user has reported massive losses, which have been linked to a phishing attack. This incident serves as a stark reminder of the importance of security and vigilance, even for experienced users.
A User’s Losses: A Cautionary Tale
The crypto user, identified as ‘Anchor Drops’ on X, took to the social networking platform on Dec. 13 to report personal losses of 10 Bitcoin (BTC) on their Ledger Nano S wallet. In addition to the alleged loss of roughly $1 million in BTC, Anchor Drops said they lost $1.5 million worth of non-fungible tokens (NFT) stored in the same wallet.
The Incident: A Phishing Attack Years in the Making
Ledger points to malicious transactions from years ago as the likely culprit behind the losses. According to an X post by community member KDean, the alleged phishing transaction ‘Fake_Phishing5443’ occurred on Feb. 22, 2022. This transaction has been linked to a hacking incident that happened several years prior but only recently surfaced.
Blockchain Security Platforms Confirm the Phishing Transaction
Several blockchain security platforms confirmed that the fishing transaction caught by KDean was the likely culprit of the losses. Hakan Unal, senior scientist at the blockchain security platform Cyvers, told Cointelegraph:
‘Blockchain evidence shows they signed a phishing transaction nearly three years ago, unknowingly granting approval to a malicious actor… The hacker remained dormant for years before eventually draining the wallet.’
The Role of Ledger: A Hardware Wallet Manufacturer
Ledger has emphasized that their wallets are not at fault in this incident. Unal added:
‘We strongly encourage users to follow best practices and regularly review token approvals to ensure their assets remain secure.’
Uncertainty Surrounds Bitcoin Losses
While the NFT losses were tied to Ethereum transactions, it remains unclear how the malicious activity extended to the user’s Bitcoin holdings.
Fuzzland’s Lead Security Researcher Weighs In
Fuzzland’s lead security researcher Tony Ke told Cointelegraph:
‘For the NFT, KDean’s comment can explain everything. But I don’t understand how the BTC is stolen… If the phishing attempt also captured the user’s recovery phrase, the attacker could gain access to the wallet across all supported chains, including Bitcoin.’
Ledger’s Advice: Vigilance in the Face of Phishing Attacks
Following the incident, Ledger has strongly advised users to be vigilant while signing any transactions on-chain.
‘While using hardware wallets is crucial in terms of security enhancement, it’s equally important to understand every interaction with the wallet and make informed decisions,’ Fuzzland’s Ke added.
The Takeaway: Security is Key
This incident serves as a stark reminder of the importance of security and vigilance in the cryptocurrency space. It highlights the need for users to be aware of phishing attacks and take necessary precautions to protect their assets.
What Can Be Done?
To avoid falling victim to similar incidents, it’s essential for users to:
- Regularly Review Token Approvals: Keep an eye on your token approvals and make sure you understand every interaction with the wallet.
- Be Vigilant While Signing Transactions: Double-check transactions before signing them, especially if they seem suspicious or require urgent action.
- Use Best Practices for Security: Follow best practices for security, including regularly updating software and using strong passwords.
Conclusion
The cryptocurrency community has received yet another reminder to stay vigilant in the bull market after a hardware wallet user reported massive losses linked to a phishing attack. This incident serves as a stark reminder of the importance of security and vigilance, even for experienced users.
References
- Blockchain evidence shows they signed a phishing transaction nearly three years ago, unknowingly granting approval to a malicious actor… The hacker remained dormant for years before eventually draining the wallet.
- If the phishing attempt also captured the user’s recovery phrase, the attacker could gain access to the wallet across all supported chains, including Bitcoin.
- While using hardware wallets is crucial in terms of security enhancement, it’s equally important to understand every interaction with the wallet and make informed decisions.
