Ledger User Reports Loss of 10 BTC and $1.5 Million in NFTs
Scammers in the cryptocurrency industry continuously develop methods to exploit vulnerabilities and steal funds from users. A recent incident involved a hardware wallet user, “Anchor Drops,” who reported losing 10 Bitcoin and approximately $1.5 million worth of non-fungible tokens (NFTs) stored on their Ledger Nano S wallet.
On December 13, 2024, “Anchor Drops” shared their experience on X, stating that they purchased the Ledger device directly from the manufacturer and securely stored the seed phrase offline. Despite not connecting the wallet online for two months and having no recollection of signing any malicious transactions, their assets were compromised. They questioned Ledger regarding the breach.
Hey @ledger tonight I lost 10 BTC and ~1.5m of NFTs stored on my ledger Nano S
The ledger was purchased directly from you. The seed phrase was stored in a secure location, never entered anywhere online. I never signed any malicious transactions. Everything is in my physical…
— Anchor Drops (@anchor_drops) December 13, 2024
Ledger Points to a Phishing Attack
In response, Ledger attributed the loss to a phishing attack allegedly occurring on February 22, 2022. An X user claimed that “Anchor Drops” unknowingly signed a phishing transaction at that time and is now blaming Ledger. Blockchain experts from Cyvers connected the loss to this malicious transaction.
Hakan Unal, a senior scientist at Cyvers, explained that the phishing transaction granted a malicious actor long-term access to the wallet, allowing them to drain its contents later.
“Blockchain evidence shows they signed a phishing transaction nearly three years ago, unknowingly granting approval to a malicious actor,” Unal said.
Rising Crypto Scams Undermine Industry Trust
Ledger stated that the attack was unrelated to its hardware or systems and advised users to exercise caution when signing on-chain transactions. They emphasized the importance of regularly reviewing token approvals to minimize risks.
Despite Ledger's assertions, questions persist about how the attack extended to Bitcoin holdings, which operate on a different blockchain than Ethereum-based NFTs. The incident serves as a reminder of the increasing presence of cybercriminals in the crypto space. Phishing scams are becoming more sophisticated, with attackers employing social engineering tactics.
In 2024, over $2.1 billion was lost to hacks, scams, and exploits, according to blockchain security reports. Notably, a phishing scam resulted in a theft of $243 million by deceiving users into providing sensitive wallet information. Additionally, a DeFi protocol lost $50 million due to a smart contract vulnerability. These cases underscore the ongoing risks faced by crypto users and the necessity for enhanced security awareness.