A cryptocurrency holder, using the alias "Anchor Drops" on X, recently reported losing 10 Bitcoin (valued at ~$1 million) and $1.5 million worth of NFTs stored on a Ledger Nano S hardware wallet. The user claimed the wallet had been purchased directly from Ledger, with the seed phrase stored securely and never entered online. In the report, it was stated that the user had not signed any malicious transactions recently, nor had the wallet been used for two months.
Suspected Phishing Attack from 2022 Resurface
The loss has been attributed to a phishing attack dating back to February 2022. Blockchain security experts revealed that the user unknowingly signed a malicious Ethereum transaction nearly three years ago, granting unauthorized access to their wallet. The attacker remained dormant until recently when they exploited the approval to drain funds. Ledger, the hardware wallet manufacturer, supported the phishing theory, stating: "The user seems to have been a victim of phishing and malicious transactions years ago."
A series of investigations were carried out to assess the situation. Consequently, blockchain security experts noted that the phishing transaction, labeled “Fake_Phishing5443,” provided the attacker long-term access to the wallet’s Ethereum holdings and NFTs.
How Did Bitcoin Get Involved?
While the NFT thefts were tied to the malicious Ethereum transaction, questions remain about how the attacker accessed Bitcoin stored on a separate blockchain. Experts speculate that the phishing attack might have also captured the wallet’s recovery phrase. In turn, it might have granted access across all supported blockchains, including Bitcoin.
Ledger pointed to potential user error, stating: “If the phishing attempt captured the recovery phrase, the attacker could access funds across all chains.”
Key Takeaways for Crypto Users
This incident serves as a caution to crypto users. It shows the importance of maintaining vigilance when managing crypto assets. Security experts advise the following precautions:
1. Be cautious with on-chain interactions. Be sure to carefully review token approvals and transactions.
2. Monitor for malicious approvals. At regular intervals, audit wallet permissions to prevent unauthorized access.
3. Secure your seed phrase. Make sure that you store recovery phrases offline in a secure, inaccessible location.
While hardware wallets like Ledger enhance security, they are not immune to human error or phishing attacks. As such, users must remain informed and proactive to safeguard their assets. The $2.5 million loss experienced by "Anchor Drops" underscores the vulnerabilities in cryptocurrency management, even with the use of hardware wallets like Ledger. While such wallets provide an additional layer of security, user awareness and caution are equally crucial. Phishing attacks, as seen in this case, can have devastating consequences even years after the initial compromise. That is why, crypto users are advised to adopt best practices, such as auditing token approvals, securing seed phrases offline, and verifying all on-chain interactions before signing transactions.
FAQs
1. How did the attacker steal $2.5 million worth of crypto and NFTs?
The attacker exploited a phishing transaction signed by the victim nearly three years ago. This transaction unknowingly granted the attacker permission to access the victim's wallet. The attacker then remained dormant for years before draining the wallet's funds.
2. Why were both Bitcoin and NFTs stolen if they were on different blockchains?
While the NFTs were stolen through the malicious Ethereum transaction, it is suspected that the attacker also gained access to the victim's recovery phrase. This allowed them to access the wallet across multiple blockchains, including Bitcoin.
3. How can crypto users protect their wallets from similar attacks?
To avoid such incidents, users should:
- Regularly audit token approvals and revoke unnecessary permissions.
- Never share or expose their recovery phrase online.
- Double-check the authenticity of all transactions before signing.
- Stay cautious of phishing attempts and avoid interacting with unknown or suspicious platforms.