@Romanwilhem_ you contact me this morning about my stolen crypto. You sent me this link https://t.co/rfHaPy9LRE this link shows to be a scam. And then you block me.
@Romanwilhem_ I have pictures of mine and your conversation this morning.
As far as person debt, I am me and said he works for the ledger live.
But since you blocked me for no reason at all, just because I called it a scam because I was talking with ledger live.And I was looked it up.I guess I'll post it too
People that use the https://t.co/pGskZ68aJz devices
I put this content out there because it's happened to me. And many of other people's on the ledger, I don't care for the ledger. And how they do stuff
I'm just letting people be aware of what's happened to others. It could happen to any of the 7,000,000 people that ues it. it could happen to you
I put this content out there because it's happened to me. And many of other people's on the ledger, I don't care for the ledger. And how they do stuff
Come on.I'm just letting people be aware of what's happened to others. It could happen to any of the 7,000,000 people that ues it it could happen to you
https://t.co/IvBucOe8n1
Ledger Wallet Scam Drains $214K: Lessons for Crypto Security

Merkle Science
January 29, 2025

On January 12, 2025, a Reddit user shared a troubling account of a friend whose Ledger Nano X wallet was drained of all its digital assets—totaling $214,000. The incident highlights growing vulnerabilities in the crypto ecosystem, especially as new users flock to a bullish market.
What Happened?
In late November, the victim purchased a Ledger Nano X from Lazada, a popular e-commerce platform in Asia. The storefront, claiming to represent "Ledger Thailand," was likely fraudulent. Upon receipt, the device passed the manufacturer’s hardware check, and the victim set up a seed phrase as instructed. However, by early January, the wallet had been completely drained, raising concerns about whether the device had been compromised or the private keys exposed.
While the amount stolen is relatively small compared to high-profile breaches, this incident underscores key lessons for both individual crypto holders and businesses. For one, it demonstrates the evolving sophistication of cybercriminals in laundering even small amounts of stolen funds. For another, it highlights the importance of blockchain analytics in deterring and tracking these crimes.
Breakdown of the Illicit Funds Trail

Here's how the attacker executed the heist:
The Ledger Nano X contained 8,158.14 USDT (ETH) and 206,028.78 USDT (TRX).
The TRX funds were bridged to ETH through a proxy contract associated with a DeFi wallet.
The ETH funds were combined into address 0x220348efb98ea10dc3de5237e7f1855017f5b7d8.
The funds were sent to a THORChain router and swapped into BTC before returning to the ETH mainnet.
The stolen assets were consolidated into the hacker's wallet at 0x644dc17e70a46130203feadfa75c31d49acdddc1, then distributed across multiple wallets to further obscure the trail
2023-12-14 – 09:49AM / 10:44AM / 11:37AM: The attacker published on NPMJS (a package manager for Javascript code shared between apps), a malicious version of the Ledger Connect Kit (affecting versions 1.1.5, 1.1.6, and 1.1.7). The malicious code used a rogue WalletConnect project to reroute assets to hackers’ wallets.
https://t.co/QZLrWjpfME inside job
In order to be able to push the malicious code package on NPMJS, the attacker phished a former employee to individual’s access on NPMJS. The access of the former employee to Ledger’s systems (including Github, SSO based services, all internal Ledger tools, and external tools) were properly revoked, but unfortunately the former employees’ access to NPMJS was not properly revoked.
https://t.co/IvBucOe8n1 however, due to how current technology services and tools currently operate globally, we cannot automatically revoke access to certain external tools (NPMJS included), and these must be handled manually with an employee offboarding checklist for each individual.
2023-12-14: Morning: A former Ledger Employee fell victim to a sophisticated phishing attack that gained access to their NPMJS account, bypassing 2FA, using the individual’s session token.
https://t.co/IvBucOe8n1 and devices are no good.
January 12, 2025, a Reddit user shared a troubling account of a friend whose Ledger Nano X wallet was drained of all its digital assets—totaling $214,000. The incident highlights growing vulnerabilities in the crypto ecosystem, especially as new users flock to a bullish market.
What Happened?
In late November, the victim purchased a Ledger Nano X from Lazada, a popular e-commerce platform in Asia. The storefront, claiming to represent "Ledger Thailand," was likely fraudulent. Upon receipt, the device passed the manufacturer’s hardware check, and the victim set up a seed phrase as instructed. However, by early January, the wallet had been completely drained, raising concerns about whether the device had been compromised or the private keys exposed.
While the amount stolen is relatively small compared to high-profile breaches, this incident underscores key lessons for both individual crypto holders and businesses. For one, it demonstrates the evolving sophistication of cybercriminals in laundering even small amounts of stolen funds. For another, it highlights the importance of blockchain analytics in deterring and tracking these crimes
Ledger has been the target of multiple security incidents, including a 2020 data breach that exposed customer personal information and a December 2023 breach of its connector library, which led to stolen cryptocurrency assets and a phishing campaign targeting users. While Ledger's hardware devices themselves have not been compromised and private keys have remained secure on the devices, these incidents have increased the risk of scams and fraud for its customers.
@DigPerspectives Ripple partnership
Here's how the partnership works:
TRM Labs and Beacon Network: TRM Labs launched the Beacon Network to enable companies and law enforcement to prevent stolen cryptocurrency from being cashed out. TRM provides the underlying blockchain intelligence platform that powers the network.
Ripple's Role: Ripple is a founding member, collaborating with TRM Labs to share verified intelligence in real time. As part of this network, Ripple works with other member companies, exchanges, and law enforcement agencies to identify and freeze illicit assets, enhancing trust in the crypto ecosystem.
Crime Division Connection: A core function of TRM Labs is assisting law enforcement and government agencies in investigating crypto-related fraud and financial crime. The Beacon Network specifically includes federal law enforcement agencies as contributors, who flag addresses linked to critical threats.
All the more reason crypto needs more protection.
In 2021, Ledger Live users were targeted by a massive wave of fraud and phishing scams following a data breach that occurred in 2020
. Attackers used the stolen customer data to launch highly convincing phishing attempts that led to the theft of cryptocurrency from victims.
The 2020 Ledger data breach
The fraudulent activity in 2021 was a direct consequence of a July 2020 security incident. A Ledger e-commerce and marketing database was breached, exposing the personal information of approximately 270,000 customers. The leaked data, which was publicly dumped in December 2020, included:
Email addresses
Full names
Physical mailing addresses
Phone numbers
Fraudulent schemes in 2021
Using the personal information from the 2020 breach, scammers executed several deceptive schemes throughout 2021 to trick Ledger owners into compromising their security.
Phishing emails
Fake data breach warnings: Scammers sent emails impersonating Ledger support, claiming a new security vulnerability or data breach had occurred.
Fake firmware updates: Emails would prompt users to download a "critical firmware update" that linked to a fake Ledger Live website.
Harvesting recovery phrases: The fake websites or applications would ask users to enter their 24-word recovery phrase, or seed phrase. Entering this phrase into any software immediately gives the scammer access to a user's funds.
A phishing attack on a former Ledger employee's email account in December 2023 was the root cause of a sophisticated supply chain hack. The breach gave hackers access to the employee's account for the npmjs software registry, allowing them to publish a malicious version of the Ledger Connect Kit.
Details of the attack
Victim: A former Ledger employee's npmjs account was compromised through a phishing attack.
Attack method: The hackers used the employee's session token to bypass two-factor authentication on the npmjs account. This indicates a more sophisticated attack than simply stealing login credentials.
Vulnerability: A lapse in Ledger's offboarding procedure meant that the former employee's access to the external npmjs tool had not been revoked.
Malware deployment: Using the compromised account, the attackers published a malicious version of the Ledger Connect Kit to the npmjs registry. The Connect Kit is an open-source library that allows dApps (decentralized applications) to connect to Ledger hardware wallets.
User impact: When dApps loaded the malicious version of the Connect Kit, it injected malware known as "Angel Drainer." This malware tricked users into signing fraudulent transactions that drained their wallets. The hack was active for about five hours, with crypto funds being stolen for less than two hours before Ledger deployed a fix.