TL;DR
- A Ledger user reports the loss of 10 BTC and $1.5 million in NFTs due to a phishing attack.
- The hack occurred in February 2022, but the funds were drained recently.
- The community and Ledger recommend staying alert and reviewing transaction approvals.
A Ledger user has reported a massive loss of funds, which has been linked to a phishing attack that occurred nearly three years ago. The incident, affecting a user known as “Anchor Drops,” resulted in the loss of 10 BTC, worth approximately one million dollars, and $1.5 million in NFTs stored on their Ledger Nano S wallet.
Although the phishing attack took place in February 2022, the funds were not drained until recently, raising alarms within the community about the risks users face.
Hey @ledger tonight I lost 10 BTC and ~1.5m of NFTs stored on my ledger Nano S
The ledger was purchased directly from you. The seed phrase was stored in a secure location, never entered anywhere online. I never signed any malicious transactions. Everything is in my physical…
— Anchor Drops (@anchor_drops) December 13, 2024
The cause of the hack is attributed to a malicious transaction carried out years ago, which allowed attackers to access the user’s wallet. This transaction, identified as “Fake_Phishing5443,” was confirmed by several blockchain security experts, who explained that the victim unknowingly approved a malicious transaction that compromised their Ethereum address.
While the loss of NFTs was related to Ethereum transactions, the details of how the attack extended to the Bitcoin funds are still unclear. Some experts suggest that if the attacker obtained the user’s recovery phrase, they could have accessed funds across multiple chains, including Bitcoin.
Ledger Warns About Security Practices
Ledger, the cold storage device manufacturer, is not directly involved in the hack but has urged users to be extremely cautious when signing any transactions on the blockchain. According to Hakan Unal, a security expert at Cyvers, users should regularly review their token approvals to ensure they are not granting unauthorized access to malicious actors. The recommendation is clear: although hardware wallets like Ledger improve security, users must follow best practices to keep their assets protected
