Ledger user loses 10 BTC and $1.5M in NFTs to phishing attack
Phising attack
A cryptocurrency user known as “Anchor Drops” has reported a staggering loss of 10 Bitcoin (BTC), valued at roughly $1 million, along with $1.5 million in non-fungible tokens (NFTs) stored on a Ledger Nano S hardware wallet.
The incident, revealed on Dec. 13 via the social media platform X, has been attributed to a phishing attack that allegedly occurred in 2022 but only came to light recently.
Loading...
Blockchain forensics reveal long-dormant threat
Ledger and members of the cryptocurrency community have linked the loss to a malicious Ethereum transaction tagged as “Fake_Phishing5443,” which would have occurred on February 22, 2022.
Blockchain security firm Cyvers confirmed that “Anchor Drops” had unknowingly granted token approvals to a malicious actor, allowing the attacker to eventually drain the wallet. According to Hakan Unal, a senior scientist at Cyvers, the attacker remained dormant for years before executing the heist.
While the connection to the stolen NFTs appears clear, questions remain regarding how the Bitcoin was accessed, as it is stored on a separate blockchain. Experts, including Ledger’s team and Cyvers, suggest that if the phishing attempt captured the wallet’s recovery phrase, it would grant the attacker full access to the wallet’s multi-blockchain support, including Bitcoin.
Ledger has emphasized that the security breach was not due to a flaw in its hardware but rather a result of user error.
The company is urging users to review token approvals and be cautious when signing on-chain transactions. “Hardware wallets are critical for security, but users must remain vigilant in understanding each interaction,” said Tony Ke, lead security researcher at Fuzzland.
This incident highlights the ongoing risks faced by cryptocurrency users and the persistent threat posed by phishing scams. Security experts recommend regular audits of wallet permissions and constant vigilance to safeguard digital assets.
Recently, a cryptocurrency investor holding Gigachad tokens (GIGA) lost approximately $6.09 million in a phishing scam orchestrated through a fraudulent Zoom link. The incident highlights the growing sophistication of cyber threats targeting the crypto community.
