A recent incident involving a hardware wallet user has highlighted the importance of vigilance in the crypto market. The user, known as ‘Anchor Drops’ on X, reported significant losses due to a phishing attack that was linked to malicious transactions dating back several years.
Massive Losses Linked to Phishing Attack
On December 13, Anchor Drops took to X to report personal losses of 10 Bitcoin (BTC) and $1.5 million in non-fungible tokens (NFTs) stored on their Ledger Nano S wallet. The incident has raised concerns about the security of hardware wallets and the importance of user vigilance.
Ledger Points to Malicious Transactions from Years Ago
In a statement to Cointelegraph, Ledger attributed the losses to a phishing hack that occurred several years ago but only recently surfaced. The company pointed to malicious transactions from 2022, which were identified by community member KDean on X. The alleged phishing transaction, tagged ‘Fake_Phishing5443,’ occurred on February 22, 2022.
Blockchain Evidence Confirms Phishing Transaction
Several blockchain security platforms confirmed that the fishing transaction caught by KDean was the likely culprit behind the losses. Hakan Unal, senior scientist at Cyvers, a blockchain security platform, told Cointelegraph:
"Blockchain evidence shows they signed a phishing transaction nearly three years ago, unknowingly granting approval to a malicious actor. The hacker remained dormant for years before eventually draining the wallet."
Unal emphasized that the incident has nothing to do with Ledger itself and encouraged users to follow best practices and regularly review token approvals to ensure their assets remain secure.
Questions Surround Bitcoin Losses
While the NFT losses were tied to Ethereum transactions, it remains unclear how the malicious activity extended to the user’s Bitcoin holdings. Fuzzland’s lead security researcher, Tony Ke, told Cointelegraph:
"For the NFT, KDean’s comment can explain everything. But I don’t understand how the BTC is stolen."
Cyvers and Ledger suggested that a malicious transaction on Ethereum could have expanded to more blockchains within a wallet. If the phishing attempt captured the user’s recovery phrase, the attacker could gain access to the wallet across all supported chains, including Bitcoin.
Ledger Warns Users of Phishing Threat
Following the incident, Ledger has strongly advised users to be vigilant while signing any transactions on-chain. A spokesperson for Ledger told Cointelegraph:
"While using hardware wallets is crucial in terms of security enhancement, it’s equally important to understand every interaction with the wallet and make informed decisions."
Fuzzland’s Ke added:
"As we know, the user got phished when it comes to the ETH wallet, we can assume user error on the BTC side too. Users should be aware of the potential risks associated with signing transactions on-chain."
The Importance of User Vigilance in Crypto Market
The incident serves as a reminder for crypto users to remain vigilant and take necessary precautions to protect their assets. With the increasing popularity of hardware wallets, it is essential for users to understand the security features and limitations of these devices.
Best Practices for Hardware Wallet Users
To avoid falling victim to phishing attacks, hardware wallet users should:
- Regularly review token approvals
- Be cautious when signing transactions on-chain
- Use strong passwords and recovery phrases
- Keep software up-to-date
- Monitor account activity regularly
By following these best practices and staying informed about the latest security threats, crypto users can minimize the risk of falling victim to phishing attacks.
Conclusion
The recent incident involving Anchor Drops serves as a reminder for crypto users to stay vigilant in the bull market. The importance of user vigilance cannot be overstated, especially when it comes to hardware wallets and signing transactions on-chain. By following best practices and staying informed about security threats, crypto users can protect their assets and avoid falling victim to phishing attacks.
Related Articles
- Scammers are using Telegram verification bots to inject crypto-stealing malware
- Bitcoin dominance will fall in 2025: Benjamin Cowen, X Hall of Flame
Subscribe to Finance Redefined
A weekly toolkit that breaks down the latest DeFi developments, offers sharp analysis, and uncovers new financial opportunities to help you make smart decisions with confidence. Delivered every Friday.
By subscribing, you agree to our Terms of Service and Privacy Policy.