Ledger attributed the loss to a phishing attack from 2022, stating that the incident stemmed from user error rather than a breach in its hardware.
In the cryptocurrency industry, scammers are constantly devising sophisticated methods to exploit vulnerabilities, targeting unsuspecting users to steal their funds.
A recent incident underscores this ongoing threat, as a hardware wallet user known as “Anchor Drops” reported the loss of 10 Bitcoin BTC $85 149 24h volatility: 1.0% Market cap: $1.69 T Vol. 24h: $29.70 B and approximately $1.5 million worth of non-fungible tokens (NFTs) stored on their Ledger Nano S wallet.
On December 13, 2024, “Anchor Drops” took to X (formerly Twitter) to share their distress, stating that despite purchasing the Ledger device directly from the manufacturer and securely storing the seed phrase offline, their assets were compromised.
They emphasized that the wallet had not been connected online for two months and claimed to have no recollection of signing any malicious transactions. Seeking answers, “Anchor Drops” directly questioned Ledger about the breach and demanded an explanation.
Hey @ledger tonight I lost 10 BTC and ~1.5m of NFTs stored on my ledger Nano S
The ledger was purchased directly from you. The seed phrase was stored in a secure location, never entered anywhere online. I never signed any malicious transactions. Everything is in my physical…
— Anchor Drops (@anchor_drops) December 13, 2024
Ledger Points to a Phishing Attack
In response to the allegations, Ledger pointed to a phishing attack that allegedly occurred on February 22, 2022. The so-called phishing attack was initially pulled out by an X user who claimed “Anchor Drops” signed a phishing transaction many months ago and is now blaming Ledger for their mistakes.
Blockchain experts, including those from Cyvers, also linked the loss to a malicious transaction that “Anchor Drops” unknowingly signed at that time.
Hakan Unal, a senior scientist at Cyvers told Cointelegraph that the phishing transaction granted a malicious actor long-term access to the wallet, enabling them to wait for an opportune moment to drain its contents.
“Blockchain evidence shows they signed a phishing transaction nearly three years ago, unknowingly granting approval to a malicious actor,” Unal said.
Rising Crypto Scams Undermine Industry Trust
Ledger maintained that the attack was unrelated to its hardware or systems and urged users to exercise caution when signing on-chain transactions. The company highlighted the importance of reviewing token approvals regularly to minimize risks.
Despite Ledger’s response, questions remain about how the attack extended to Bitcoin holdings, which operate on a separate blockchain from Ethereum-based NFTs.
Meanwhile, the incident involving “Anchor Drops” is a stark reminder of the growing presence of cybercriminals in the crypto industry. Phishing scams and exploits have become increasingly sophisticated, with attackers leveraging social engineering tactics to deceive users.
In 2024 alone, over $2.1 billion was lost to hacks, scams, and exploits, according to blockchain security reports. One significant case involved a phishing scam that stole $243 million by tricking users into providing sensitive wallet information.
In another instance, a DeFi protocol lost $50 million after hackers exploited a smart contract vulnerability. These incidents highlight the persistent risks faced by crypto users and the critical need for heightened security awareness.
next