Hardware wallets are regarded as one of the safest means of storing bitcoin and other cryptocurrencies. Each device grants the holder possession of their private keys and adds a PIN code plus other tamer-proof tech for enhanced security. Hardware wallets are not impregnable, however, as one British man found to his peril after purchasing the device on Ebay.
Man in the Middle
Redditor moodyrocket is coming to terms with having his “life savings” wiped out this week, after $34,000 of crypto was stolen from his newly acquired Nano Ledger hardware wallet. The device was compromised, not due to any flaws in its design, but thanks to a man in the middle attack that saw the reseller insert their own recovery seed. The buyer then unwittingly began using the wallet, unaware that the default seed they were using had not been randomly assigned by the manufacturer. He explained:
I have not used my Ledger in a week, today I decide to check the value of my XRP, Litecoin and Dash only to discover that all of them showed up as zero and had been transferred somewhere else yesterday all around the same time at 7:30pm. I am not sure how this is possible as I have not access my Ledger in a week.
The victim was initially confused as to how the attack could have been successfully pulled off, before eventually twigging that the Ebay seller must have tampered with the device. After sharing his story on Reddit, Ledger reached out to moodyrocket and encouraged him to report the crime to “bring the eBay seller to justice”.