Cryptocurrency Community Reminded to Stay Vigilant in Bull Market
The cryptocurrency community has received yet another reminder to stay vigilant in the bull market as a hardware wallet user has reported massive losses, which have been linked to a phishing attack.
Massive Losses Linked to Phishing Attack
A crypto user, identified as ‘Anchor Drops’ on X (formerly Twitter), took to the social networking platform on December 13 to report personal losses of 10 Bitcoin (BTC) on their Ledger Nano S wallet. In addition to the alleged loss of roughly $1 million in BTC, Anchor Drops said they lost $1.5 million worth of non-fungible tokens (NFTs) stored in the same wallet.
The Incident: A Phishing Hack with a Long History
The cryptocurrency community and Ledger have linked the incident to a phishing hack that occurred a few years ago but has only surfaced recently. Ledger points to malicious transactions from years ago as the likely culprit of the losses.
According to Anchor Drops, they lost 10 BTC and $1.5 million in NFTs stored on Ledger. Source: Anchor Drops
Ledger’s Response
Ledger told Cointelegraph that Anchor Drops "seems to have been a victim of phishing and malicious transactions many years ago." The wallet manufacturer referred to an X post by community member KDean, who linked the loss to a phishing transaction involving the hacked Ethereum address shared by Anchor Drops.
Tagged ‘Fake_Phishing5443,’ the alleged phishing transaction occurred on February 22, 2022. Source: Etherscan
Blockchain Security Platforms Confirm Phishing Transaction
Several blockchain security platforms confirmed that the fishing transaction caught by KDean was the likely culprit of the losses.
"Blockchain evidence shows they signed a phishing transaction nearly three years ago, unknowingly granting approval to a malicious actor," Hakan Unal, senior scientist at the blockchain security platform Cyvers, told Cointelegraph. "The hacker remained dormant for years before eventually draining the wallet," Unal said, stressing that the incident has nothing to do with Ledger itself.
He added: "We strongly encourage users to follow best practices and regularly review token approvals to ensure their assets remain secure."
Questions Surround Bitcoin Loss
While the NFT losses were tied to Ethereum transactions, it remains unclear how the malicious activity extended to the user’s Bitcoin holdings.
"For the NFT, KDean’s comment can explain everything. But I don’t understand how the BTC is stolen," Fuzzland’s lead security researcher Tony Ke told Cointelegraph.
Cyvers and Ledger Suggest Malicious Transaction Expanded to More Blockchains
Cyvers and Ledger suggested that a malicious transaction on Ethereum could have expanded to more blockchains within a wallet.
"If the phishing attempt also captured the user’s recovery phrase, the attacker could gain access to the wallet across all supported chains, including Bitcoin," Cyvers’ Unal said.
Related: Scammers are using Telegram verification bots to inject crypto-stealing malware
A spokesperson for Ledger told Cointelegraph that "as we know, the user got phished when it comes to the ETH wallet, we can assume user error on the BTC side too."
Lessons Learned and Precautions
Following the incident, Ledger has strongly advised users to be vigilant while signing any transactions on-chain.
"While using hardware wallets is crucial in terms of security enhancement, it’s equally important to understand every interaction with the wallet and make informed decisions," Fuzzland’s Ke added.
As the cryptocurrency market continues to grow and evolve, it’s essential for users to stay aware of potential threats and take necessary precautions to protect their assets.
Best Practices for Securing Your Cryptocurrency
To avoid falling victim to phishing attacks like Anchor Drops’, follow these best practices:
- Regularly review token approvals: Make sure to regularly check the tokens you have approved on your wallet, especially if you’ve added new ones.
- Use a hardware wallet with strong security features: Consider using a hardware wallet that has advanced security features, such as multi-factor authentication and encryption.
- Be cautious when signing transactions: Be mindful of every interaction with your wallet, including signing transactions, to avoid inadvertently approving malicious activity.
- Keep your recovery phrase safe: Store your recovery phrase securely and never share it with anyone.
- Stay up-to-date with the latest security updates: Keep your wallet software and operating system updated to ensure you have the latest security patches.
By following these best practices, you can help protect your cryptocurrency assets from potential threats like phishing attacks.
Subscribe to Our Newsletter for the Latest DeFi Developments
Stay informed about the latest developments in decentralized finance (DeFi) with our weekly newsletter. From sharp analysis to uncovering new financial opportunities, we’ll provide you with the insights you need to make smart decisions in the crypto market. Subscribe now and stay ahead of the curve!
Sources:
- Anchor Drops’ X post
- KDean’s X post
- Etherscan
- Cyvers
- Ledger
This article is written by [Your Name] and published on [Publication Date].
