The cryptocurrency community has been reminded once again of the importance of security as a Ledger Nano S user reported significant losses due to a phishing attack. On December 13, X user Anchor Drops revealed the loss of 10 Bitcoin (BTC) and $1.5 million worth of non-fungible tokens (NFTs), totaling approximately $2.5 million.
Anchor Drops disclosed that the loss occurred through a phishing attack, highlighting the ongoing threats facing hardware wallet users. Ledger confirmed the incident, linking the losses to a malicious transaction that happened years ago but resurfaced recently.
Ledger attributed the hack to “Fake_Phishing5443,” a phishing transaction identified by community member KDean on February 22, 2022. Blockchain security platforms have verified that this transaction was responsible for the unauthorized access to the wallet, draining both BTC and NFTs.
Hakan Unal, senior scientist at Cyvers, explained that the phishing attack lay dormant for years before the hacker drained the wallet. He emphasized that the incident is unrelated to Ledger’s hardware but underlined the importance of users carefully managing their token approvals and recovery phrases.
Despite the alleged phishing being tied to Ethereum transactions, concerns remain about how Bitcoin holdings were compromised. Tony Ke, lead security researcher at Fuzzland, pointed out the unclear path from the Ethereum hack to the loss of Bitcoin funds, raising suspicions of broader vulnerabilities.
Ledger and security experts stress the importance of vigilance and regular checks on hardware wallet interactions. Cyvers and Ledger noted that if a user’s recovery phrase was compromised, attackers could gain access across multiple supported blockchains, including Bitcoin.
Ledger’s spokesperson urged users to remain cautious with on-chain transactions, advising them to thoroughly understand and review each action to safeguard their assets.
This incident serves as a stark reminder of the risks associated with digital asset management and the need for continuous security education within the crypto community. Users are urged to adopt best practices and maintain heightened security measures to protect their investments from similar attacks.
