Generally speaking a hardware wallet is a special kind of cryptocurrency wallet that stores the user’s private keys in a secure hardware device. Hardware wallets are highly priced for major security advantages they have over software wallets.
That the security that hardware wallets offer is breakable is seen from the experience of a British man who lost $34,000 worth of crptocurrency.
The man simply identified as Redditor moodyrocket is coming to terms with having his “life savings” wiped out this week, after $34,000 of crypto was stolen from his newly acquired Nano Ledger hardware wallet. The device was compromised, not due to any flaws in its design, but thanks to a man in the middle attack that saw the reseller insert their own recovery seed. The buyer then unwittingly began using the wallet, unaware that the default seed they were using had not been randomly assigned by the manufacturer. He explained:
I have not used my Ledger in a week, today I decided to check the value of my XRP, Litecoin and Dash only to discover that all of them showed up as zero and had been transferred somewhere else yesterday all around the same time at 7:30pm. I am not sure how this is possible as I have not access my Ledger in a week.
The victim was initially confused as to how the attack could have been successfully pulled off, before eventually perceiving that the Ebay seller must have tampered with the device. After sharing his story on Reddit, Ledger reached out to moodyrocket and encouraged him to report the crime to “bring the eBay seller to justice”.
The odds of the British-based victim getting his cryptocurrency back are remote, but his loss can at least be the community’s gain. The widespread attention the tale has received serves to highlight the dangers to anyone considering purchasing a hardware wallet from a third party. Auction sites, unaffiliated vendors, and merchants who have no formal partnership with wallet manufacturers should all be avoided.
The vast majority of resellers stocking wallets such as Ledgers and Trezors have no intention of meddling with the devices. But it only takes one unscrupulous entity to interfere with a wallet and pass it on to the unsuspecting buyer. The Ebay seller who duped moodyrocket had gone to great lengths to orchestrate the scam. The seed is meant to be generated by the device, but this purchase came with “scratch off” paper that revealed the seed.
Despite the security of hardware devices themselves, the weakest link is always the people using them. Even a raft of anti-theft tech can’t atone for human error. Had the victim reset the device and created a new seed he would have been fine. When presented with convincingly forged documentation, though, he naturally felt safe in sticking with the default seed. Purchasing hardware wallets directly from the manufacturer may take longer and cost more, but the alternatives just aren’t worth it.
For more cryptocurrency news follows on Instagram and Twitter @mntrendsblog. You can also like us on Facebook “Mntrends Blog” or you may subscribe to our newsletter below.