The cryptocurrency community has been reminded once again to remain vigilant in the bull market after a hardware wallet user reported significant losses linked to a phishing attack.
Massive Losses Linked to Phishing Attack
On December 13, a user identified as "Anchor Drops" on X (formerly Twitter) shared their personal experience of losing around $1 million worth of Bitcoin (BTC) and $1.5 million in non-fungible tokens (NFTs) stored in their Ledger Nano S wallet.
Phishing Attack Linked to Malicious Transactions
Ledger, the manufacturer of the hardware wallet, attributed the incident to a phishing attack that occurred several years ago but only recently surfaced. According to Ledger, Anchor Drops appears to have been a victim of phishing and malicious transactions many years ago.
Malicious Transaction Traced Back to 2022
A community member on X, KDean, linked the loss to a phishing transaction involving the hacked Ethereum address shared by Anchor Drops. The alleged phishing transaction, tagged "Fake_Phishing5443," occurred on February 22, 2022.
Blockchain Security Platforms Confirm Phishing Incident
Several blockchain security platforms confirmed that the fishing transaction caught by KDean was likely responsible for the losses. Hakan Unal, senior scientist at Cyvers, told Cointelegraph:
"Blockchain evidence shows they signed a phishing transaction nearly three years ago, unknowingly granting approval to a malicious actor. The hacker remained dormant for years before eventually draining the wallet."
Ledger Denies Any Fault
Unal stressed that the incident has nothing to do with Ledger itself. He added: "We strongly encourage users to follow best practices and regularly review token approvals to ensure their assets remain secure."
BTC Losses Remain a Mystery
While the NFT losses were tied to Ethereum transactions, it remains unclear how the malicious activity extended to the user’s Bitcoin holdings. Fuzzland’s lead security researcher, Tony Ke, told Cointelegraph: "For the NFT, KDean’s comment can explain everything. But I don’t understand how the BTC is stolen."
Phishing Incident Raises Awareness
Cyvers and Ledger suggested that a malicious transaction on Ethereum could have expanded to more blockchains within a wallet. If the phishing attempt captured the user’s recovery phrase, the attacker could gain access to the wallet across all supported chains, including Bitcoin.
"If the phishing attempt also captured the user’s recovery phrase, the attacker could gain access to the wallet across all supported chains, including Bitcoin," Cyvers’ Unal said.
A Ledger spokesperson told Cointelegraph: "As we know, the user got phished when it comes to the ETH wallet, we can assume user error on the BTC side too."
Important Reminders for Users
Following the incident, Ledger has strongly advised users to be vigilant while signing any transactions on-chain. Fuzzland’s Ke added: "While using hardware wallets is crucial in terms of security enhancement, it’s equally important to understand every interaction with the wallet and make informed decisions."
Conclusion
The crypto user’s loss serves as a reminder for the community to stay vigilant in the bull market. While the use of hardware wallets provides enhanced security, users must also be aware of phishing attacks and malicious transactions that can compromise their assets.
Additional Tips for Users
- Regularly review token approvals to ensure asset security
- Be cautious when signing any transactions on-chain
- Understand every interaction with your wallet and make informed decisions
Blockchain Security Platforms’ Recommendations
Cyvers and Ledger stress the importance of following best practices and regularly reviewing token approvals to ensure assets remain secure.
Magazine: Bitcoin Dominance Will Fall in 2025: Benjamin Cowen, X Hall of Flame
Explore more articles like this:
- Scammers are using Telegram verification bots to inject crypto-stealing malware
Subscribe to the Finance Redefined newsletter for a weekly toolkit that breaks down the latest DeFi developments, offers sharp analysis, and uncovers new financial opportunities.
Delivered every Friday. By subscribing, you agree to our Terms of Services and Privacy Policy.
