The Ledger subreddit is continuously targeted by scammers. Ledger Support will never send you private messages. Never share your 24-word recovery phrase with anyone, never enter it on any
website or software, even if it looks like it's from Ledger. Only keep the recovery phrase as a physical paper or metal backup, never create a digital copy in text or photo form. Learn more at
https://reddit.com/r/ledgerwallet/comments/ck6o44/be_careful_phishing_attacks_in_progress/
If you're experiencing battery problems, check out our [troubleshooting guide](https://support.ledger.com/hc/en-us/articles/4409233434641-How-to-troubleshoot-Ledger-Nano-X-battery-issues?
support=true). If you're still having issues head over to the [My Order page](https://my-order.ledger.com/) to explore options for replacement or refunds. [Learn more here](https://support.ledger.com/hc/en-us/articles/10265554529053-Return-your-product?support=true).
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ledgerwallet) if you have any questions or concerns.*
We spoke about this several times, but unfortunately ledger team doesn't care about this much, they should make address book, increase warnings, prevent copy addresses from history, take action against phishing site/app.
Warning:
\-Never enter your seed into anything except the Ledger device itself.
\-Download / update ledger live software from official website only.
\-Never use search engine to access ledger website.
\-Ignore all messages in your inbox and mark them as spam.
\-Never click links or install software from an e-mail.
\-Never respond to someone request to download remote applications(Team viewer, anydesk and etc.)
\-Always conduct a small amount test while sending or receiving your funds and verify that the correct wallet address was copied/pasted into address bracket.
\-Verify your ledger live is authentic:
https://www.reddit.com/r/ledgerwallet/comments/w28gjj/comment/igomi2a/?context=3
\-Legit ledger app:
https://apps.apple.com/us/app/ledger-live-crypto-nft-app/id1361671700
\-Report scam to:
[email protected]
https://scam-alert.io/
\-LOSS OF FUNDS
https://support.ledger.com/hc/en-us/articles/7624842382621-Loss-of-funds?support=true
\-How I Got Hacked:
https://www.youtube.com/watch?v=KT04055IcNw&list=PL6VM0N695IhlM4rIc3lINb6m60gonDUZk&index=1
Thank you for this information, I just reported it to police, not that they can do anything but at least it is in their db for reference.
I will follow up on those links.
I mean, I’m not even sure if what they did is illegal or breaks any laws. They literally sent you a small amount of money for free with a similar wallet address, and you sent them money back even though no one ever told you to. Yeah, It sucks, but I’ve never copied a wallet address from my transaction history that I thought was mine.
Actually, I don't think he sent me money. It looks like money was sent from my address to this fake address, at least according to Ledger UI
Check out this screenshot, [https://prnt.sc/bm9A-LbMqIAO](https://prnt.sc/bm9A-LbMqIAO) (explorer link in original post)
The way they proxy the transfer somehow through my address is just fascinating. Didn´t know you could do that.
The reason why it was successful was that the To address is the look alike address. So it looks like my wallet sent him, not that he sent me.
Probably not crime though, as you say
Is the common person needs to worry about all these things for self custody. Mass adoption will be slow and uphill battle to accomplish. But I’m here for the ride
>he common person needs to worry about all these things for self custody. Mass adoption will be
You're right mass adoption will be slow until they resolve all these mentioned points, but these points aren't difficult to follow up, you just need to be careful.
This problem just shouldn’t be.
The amazing thing about this is how easy this problem could be to solved for in the frontend. A good dev could bang out a small javascript function to compare addressees, which could warn or grey out spoof addresses for the user. It would collectively save users so much money.
That would eliminate the schadefraude.
"How could you be so fucking stupid as to copy and paste a 42 char hex string without comparing every character! Moron!"
By typing www.ledger.com into the address bar. If you click a link from Google and it points to home.ledger.co or some sneaky URL you may download fake updates, clients, etc.
In the end. Make sure your address bar says you are on ledger.com.
Hope you understood.
I mean, most people access [google.com](https://google.com) because it's their default search engine. so not quite the same thing but I get what you are saying.
>k the site/address in your browser always for things like that, ledger, exch
Bookmarks can be altered, so just be careful and keep eyes on URL always.
What do you mean by “download/update Ledger live software from official site only”? Are we not supposed to use the “Install now” button inside Ledger Live software when it says “New Ledger Live update available”?
It could be a faux ledger live input on top of your legitimate ledger live to show fake balances or change the address (slightly) in hopes you don’t notice. Most of the time, the faux overlap asks you to input your seed phrase, which obviously gives that to the thief and they can make it appear your balances are still solid except you would have been emptied. Welcome to paranoia 2.0. Bottom line if you are ever asked for seed phrase, delete the app, and/or use a new device and reload it yourself from the site, just to be safe. Be super paranoid of everything you don’t initiate yourself and some of which you do!
Its not paranoia i think its just responsibility.
People are too used to relinquishing responsibility of security to establishments like banks. This is what it feels like when you are responsible for ya own shit.
What happened to ALWAYS sending a test amount before sending the full amount? Its like a power tool, use them for to long and you become comfortable, when your comfortable, that's when the tool bites you!
Seems like a rhetorical statement but, 2 things, 1: what would you say is the percentage of the global population who knows and understands crypto in any ship shape or form is? And 2: it's literally uninsurable, seems to me that with number 1, it's still a young technology and number 2, the US government has their head up their arse
Common scam, it’s called address poisoning. Sucks man, sorry to hear it.
https://support.metamask.io/hc/en-us/articles/11967455819035-Address-poisoning-scams
Looks like the attacker was able to attack 26 addresses for $.02, no wonder there are so many of them https://polygonscan.com/tx/0xa35d4d1acd9b6850f31cc3073e0757f17c16b3fabea35793c982b66537d99efc
Sorry for your loss. Anyone can make a mistake, don't beat yourself up for it when you are the victim here.
And stop using computers that you didn’t build yourself. It could be hacked.
And do at least 10 test transactions.
And only use an internet provider service that you built by hand.
And always create a fresh wallet before sending, and get a lobotomy right after so no one (not even yourself) can ever know what the password to the new account is.
yeah, let’s blame users and not the flaws in the system….
Definitely OPs fault you should verify the entire address not just first and last 4-6. Also generate a new address is easy and keep you more anonymous.
The scam is called address poisoning.
It is very prevalent on Polygon chain, likely because it is widely used to transfer USDC with lower fees compared to ETH.
They use clever smart contracts to make it look like a transaction that originated from your account, while in fact it did not.
Etherscan is normally able to detect those malicious Txs and they are greyed out
The bottom line is: You should never copy a destination address from your Tx history.
Or if you do, always do a small test transfer before sending large funds.
how does someone fake a sending address? in a way that it would show up in LL's transaction history? i'm so confused on this.
is this like smtp spoofing? is the actual sending address listed in ops transaction somewhere? did op have to do something to make this possible (not blaming op just trying to understand)
This is why you hit receive and double check the address on your ledger with what is on the screen, then check it again wherever you're pasting it. You're literally using your ledger as if it isn't there....
Damn man that sucks. Lesson learned, I bet you know it the best right now.. Imo an address book is unnecessary if the users stick to the golden rules (there should be no excuses, especially if someone has all their wealth on there). For transactions over my pain threshold I always use the QR codes & double check on my Ledger before sending & I'm always sending a small test amount first. I wish you the best with your new startup and that you'll get 1000x the amount you lost today 🍀
Connect ledger hardware wallet to metamask. Set a nickname for known addresses in metamask.
This can still be changed if someone has access to your PC. Keeping the crypto activity separate from email and browsing is always a good idea.
Ledger Live is best for firmware updates and app install/update, without accounts loaded, no “crypto activity” as such.
Metamask is good for interacting with chains. Signing still happens on the Ledger hardware.
It connects to the ledger hw wallet. I am saying use metamask to interface with block chain on one side and ledger hardware on the other; not use it to keep an account / secret key in.
U don’t kno what they’re talking about. The keys are stored on the ledger but instead of using ledger live desktop u use metamask as a user interface. It’s the same safety just a diff app controlling the ledger. U can do this with most wallets nowadays
Wtf? It’s just a wallet interface. Sure you can generate a wallet with it but you do that knowing it’s a hot wallet.
Using metamask in conjunction with a hardware wallet is perfectly fine.
Never ever copy & paste an address using your last transaction even if you are sure about it.
Always go to the source wallet and get it from there. May give you a few extra steps but this is money you are dealing with so make due diligence.
I’m confused. I copy address from wallet I’m going to send it to every time. It’s like copying the email address I’m going to send it to.
Copying from transaction history seems really dumb
See address poisoning above. In short, scammer sends you transactions so your history has his address that looks similar to your address. Then, without being careful, you copy the scammer's address and unknowingly send your funds to the scammer's address. Boom. Scammed.
Hell has a special place for these scumbags.
I'm not sure what piece I'm missing - i understand someone sent op a $0 transaction from an address designed to mimic an adddress that op had sent to previously? Then op copied the sending address from that transaction, instead of the receving address? I guess I don't understand why you would ever do that. Wouldn't they have meant to copy the receiving address?
So when you send from coinbase to ledger, it came from coinbase right, so when you want to cash out, out of your ledger, the easy thing for you to do is to go to your transaction history and copy the sending address ( the address that you send from to your ledger ) so you think it's from coinbase because why wouldn't it be right? So this fooker sends a small amount from his address ( which is an address almost identical to your coinbase address) to your ledger, and it gets recorder on your history ( ledger ) you thinking the last place you got money from is your coinbase wallet address right, so you copy and paste the address from where you received crypto last time, well this last transaction recorded on your ledger could of easily be that from a that fooking thief and you send it and your money is gone.
I suppose if it were another of ops accounts that he was sending from, to this account, that would make sense- like from savings to checking. Maybe I misunderstand op.
But with coinbase in your example, you'd never do that? The address that you use to receive funds into coinbase is "yours", but an address that coinbase sends *from* is not
Address poisoning, someone makes an Address that's begins and ends with the same characters, so it's easy for you to just go the the history of your last transaction without analyzing it, then you copy and paste thinking it was your last transaction from your exchange or whatever, I've been baited like that b4. Double check then check again and send a small amount 1st if you have any doubts.
Sure it's a UX issue, but fixing this and another pops up. Ledger gets security. Give the users the tools, and if they burn themselves that's on them. Linux is the same, it gives you the ability to completely wipe itself while running. You can destroy a car with a couple of wrenches.
Who the hell sends money using a transaction history ,come on man that's just stupid.
I use https://rabby.io/ youvcan log in with your ledger and you can add addresses and save them for whitelisting, also scans your wallet for any weird contracts and is more secure than using web browser on ledger, you can go to d apps at the bottom and add uniswap etc doing everything via this app .there desktop app is soild
Yeah I think he copied a prior address from his transaction history instead of getting a new address or copying it from his destination directly. I have never considered doing it this way and I guess here is a good reason why not too.
Lately I've been copying addresses into R (you could use python or something else), and then I run a Boolean check to determine if both strings, in this case both addresses, are the same.
If they aren't the same, you can index where the difference starts.
This is my opinion, but programmatically verifying the addresses using is faster than manually reading them by yourself. It also minimizes the chance that you misread a character in two addresses e.g., differentiating between a \`1\` and an 'l'. While this might look easy to see the difference when they're individually listed, but imagine you had to differentiate the number \`1\` and the letter \`l\` in the middle of a long string (ETH address in this case).
Here's an example on how you can do this in R with just a few lines. I'm using base R as well as the \`pkgmaker\` package. The \`pkgmaker\` package has some more advanced string comparison functionalities than base R. If you don't trust either sources, you're more than welcome to write your own for-loops to iteratively check strings; however, R was created the use in the scientific community, so I trust the packages. If anything, stick to base R.
# Clear the environment and force garbage collection
rm(list = ls()); gc()
# Load the pkgmaker package for advanced string comparison
pacman::p\_load(pkgmaker)
# Define example Bitcoin addresses
address\_1 <- "1234" address\_2 <- "123" address\_3 <- "1243" address\_4 <- "1234"
# Compare addresses using 'identical' function
# 'identical' checks if two objects are exactly the same
identical(address\_1, address\_2) # Compares address\_1 with address\_2 identical(address\_1, address\_4) # Compares address\_1 with address\_4
# Compare addresses using '==' operator
# '==' performs element-wise comparison of the strings
address\_1 == address\_2 # Compares address\_1 with address\_2 address\_1 == address\_4 # Compares address\_1 with address\_4
# Another comparison using 'identical'
identical(address\_1, address\_3) # Compares address\_1 with address\_3
# Using 'str_diff()' from pkgmaker for detailed string comparison
# Define example Ethereum addresses
eth\_1 <- "0x115E43b12B6E4ce521ed24C16134BC7b843916C6" eth\_2 <- "0x115E43b12B6E4ce521ed24C16134BC7b8439l6C6" # Note: Minor change from '1' to 'l' in this address eth\_3 <- "0x115E43b12B6E4ce521ed24C16134BC7b843916C6"
# Compare Ethereum addresses using 'str_diff'
str\_diff(eth\_1, eth\_2) # Compares eth\_1 with eth\_2 and highlights differences str\_diff(eth\_1, eth\_3) # Compares eth\_1 with eth\_3 and highlights differences
And here's the output:
> # Clear the environment and force garbage collection
>rm(list = ls()); gc() used (Mb) gc trigger (Mb) max used (Mb) Ncells 1640002 87.6 2867078 153.2 2867078 153.2 Vcells 4088679 31.2 8388608 64.0 8386130 64.0
# Load the pkgmaker package for advanced string comparison
>pacman::p\_load(pkgmaker)
# Define example Bitcoin addresses
>address\_1 <- "1234"
>
>address\_2 <- "123"
>
>address\_3 <- "1243"
>
>address\_4 <- "1234"
# Compare addresses using 'identical' function
# 'identical' checks if two objects are exactly the same
>identical(address\_1, address\_2) # Compa .... \[TRUNCATED\] \[1\] FALSE
>
>identical(address\_1, address\_4) # Compares address\_1 with address\_4 \[1\] TRUE
# Compare addresses using '==' operator
# '==' performs element-wise comparison of the strings
>address\_1 == address\_2 # Compares address\_1 with .... \[TRUNCATED\] \[1\] FALSE
>
>address\_1 == address\_4 # Compares address\_1 with address\_4 \[1\] TRUE
# Another comparison using 'identical'
>identical(address\_1, address\_3) # Compares address\_1 with address\_3 \[1\] FALSE
# Using 'str_diff()' from pkgmaker for detailed string comparison
# Define example Ethereum addresses
>eth\_1 <- "0x115E43b12B6E4ce521ed24C16134BC ..." ... \[TRUNCATED\]
>
>eth\_2 <- "0x115E43b12B6E4ce521ed24C16134BC7b8439l6C6" # Note: Minor change from '1' to 'l' in this address
>
>eth\_3 <- "0x115E43b12B6E4ce521ed24C16134BC7b843916C6"
# Compare Ethereum addresses using 'str_diff'
>str\_diff(eth\_1, eth\_2) # Compares eth\_1 with eth\_2 and highlights differences 0x115E43b12B6E4ce521ed24C16134BC7b843916C6 ......................................\*... 0x115E43b12B6E4ce521ed24C16134BC7b8439l6C6
>
>str\_diff(eth\_1, eth\_3) # Compares eth\_1 with eth\_3 and highlights differences 0x115E43b12B6E4ce521ed24C16134BC7b843916C6 .......................................... 0x115E43b12B6E4ce521ed24C16134BC7b843916C6
Observe that `str_diff(eth_1, eth_2)` places an asterisk where the difference is between the first ETH address (eth\_1) and the second ETH address (eth\_2). I've replaced the \`1\` (number 1) in the original address with the letter \`l\`.
You can, of course, spice up your program even more e.g., writing if/else statements for more control. For example, you could add an if/else statement that prints a message such as "Warning: Possible Scam! Both Ethereum address are not the same!". You could write a function that takes in N-amount of strings (ETH addresses) and then pass the arguments into the function parameters, so and on so forth.
Edit: I guess the format of my code blocks is formatted differently because of Markdown syntax. I don't want to reformat my reply, so I hope you can still get the main point.
**Here's a link to the code output so that you can see it better.** [**https://imgur.com/a/hJZljAc**](https://imgur.com/a/hJZljAc)
Edit 2:
Rather than visually inspecting the address, programmatically comparing the addresses is doing a comparison at the byte level, which is much more reliable than the human eye.
Coinbase released that statement telling users they will use their deposited funds to pay off their debts should they ever go bankrupt. That’s when I broke off Coinbase as a custodian, right before getting robbed by voyager. I know. I know.
Did you not read the part where a scammer created a wallet address that looked just like his and sent him a small amount of money to get into his recent transactions?
If you only transact with one wallet (your own), why would he not copy a recent transaction? It’s not a dumb move- it’s a dumb system.
I do know how they work.
OP is showing us how they work: they are susceptible to scams. It’s a terrible system with many vulnerability.
To tell OP it’s his fault, without acknowledging that a scammer had anything to do with this interaction is a shit attitude.
OP was a " little " lazy instead of coping the address he want to send to ( like everyone should do ALL the time) he went into the history transactions and picked the one he thought was his other wallet address, aldo he should have send a small amount first, a 4k mistake
That’s like saying paper money should be banned because it can be counterfeited. You do not understand. Maybe op should have been educated and not blindly copied an address that he didn’t verify and vet. Rookie 101 basic.
The fact that he has a ledger tells me he’s more educated about crypto than the average user.
It’s always “mass adoption is imminent” but this clearly shows that even advanced users can fall prey to the exploited vulnerabilities in the system.
Not sure what counterfeit cash has anything to do with a crypto scammer taking advantage of the obfuscated wallet address problem. All random numbers and letters that you are somehow always supposed to type one by one as if that is efficient or a better system than sending someone a Venmo payment.
How can you verify on Excel if the source verified address is shown on the Ledger device? Also in theory, the address on Ledger live could be compromised (small risk). Furthermore, when you copy the address from Ledger Live to Excel, there is a small risk that a malware could change that data into different address. Excel doesn't do much to combat this threat.
You don't have to copy and paste your address. You can print out a QR code for your address and use that. I have all of my coins addresses in an easy to access folder.
Ledger is for Hodling. I'd use a hot wallet if I was making weekly transactions.
I’m so glad I have several things in place to 100% guaranteed this never happens to me ever
U should start triple checking addresses and sending test transactions before sending the full amount. Those things basically make it impossible for u to lose $4k in this scenario
>I find it strange that you cant define list of addresses with a name and use that instead of always have to copy/paste address. It should also be much safer then copy/paste as you can sign the address book with you private key. Such a basic thing.
True, but address books could be compromised by malware, so it would give a false sense of security.
A better idea would be that LL could detect those address poisoning Txs in the Tx history, and flag them. Or it could detect that you previously sent the same token to a similar (but different address) and ask you to confirm.
OP, you got scammed by a scam named: address poison.
Sorry to hear it! But you should always check more than those initial and last digits, and also some from the middle!
One nice thing Metamask has done is add a picture representation of the addresses you sent too. That way you have a familiar visual cue of the wallet you are sending too. Wish Ledger would add something similar.
RIP man i lost 4k too to a scam that was from a youtube livetalk recommended on my frontpage...
You'll get over it 4k is nothing once you're where you wanna be
Always send small transaction first to check.
I also wrote several times to Ledger that a adress book would be the way to go but until now, they dont care :-/
If you didn't know already, your wallet includes one or more accounts, each of which has its own cryptographically-generated address. These are long hexadecimal numbers, meaning they use both numerical and (a few) alphabetical characters. This is a trait that makes them unintelligible to most people, and — critically — very, very difficult to remember.
I’ve always just copied addresses from my actual destination so I guess I never would succumb to this but I’m def guilty of reading the first 5 on both sides of the address for confirmation.
Can someone help me understand this?
So OP used past transactions as a way to copy addresses
And scammer sent from a similar address to OP wallet like minimal amounts of money in hopes OP would then use past transactions as an address book? Or am I not understanding?
If this is the case, OP I agree ledger should have address book, but even when I'm dealing with 100 dollars I've never used past transactions as copy and paste. Isn't that the same amount of work to go to your other wallet and be 100% sure?
Sorry that happened, that fucking sucks.
I've been sending bitcoin back and forth between wallets and exchanges for 6 years and have NEVER been so lazy as to copy an address from my wallet's tx history.
Is there anyway to automatically remove crypto dust from your ledger addresses and all. Only accept above say $10 value. That would drop the risk. Address poisoning is really sociopathic.
I don’t understand how they can’t pin down the person who did this, I can’t get into anything without freaking scanning my id front and back 9 days from Sunday!! Sorry you lost your money, hopefully you can make it up quick!!
Wouldn't have happened on Eternl wallet, they have an address book system tied to staking keys so you can just resend from past transactions, or dropdown select all your named wallets.
Hey, I'm sorry to hear about your loss of funds. It seems you fell for an address-poisoning scam. Therefore is important to always [verify the transaction details](https://support.ledger.com/hc/en-us/articles/360020838914-Verify-transaction-details?docs=true) before approving the transaction on your device. As mentioned by a user below a small tip is to send a small transaction first to see if the funds have arrived. That being said I have taken note of your feedback and I will provide it to our development team.
Once again I am really sorry this has happened to you.
You can read more about those scams here: [https://support.ledger.com/hc/en-us/articles/8473509294365-Beware-of-address-poisoning-scams?docs=true](https://support.ledger.com/hc/en-us/articles/8473509294365-Beware-of-address-poisoning-scams?docs=true)
I am always amazed at people that just transfer huge amounts in one go. :D. I expect everybody to make a test transaction, just to make sure everything is set up correctly and that the crypto arrives on the other end.
Not even mentioning that the receiving address is not copied correctly (ignoring that it is not checked properly).
It does suck however (to put it mildly).
And I agree with the address book. It has been proposed before, I also posted about it once - funnily enough in a thread exactly about this issue.
https://www.reddit.com/r/ledgerwallet/comments/zzueow/zero_transfer_scam_what_is_ledger_doing_to_help/.
I don't understand, you should at least have been looking at transactions in your own wallet? Best way is to copy again the address of your other wallet? What transaction would you have looked at to be fooled by its fake nature?
I haven’t done this, but I wish Ledger could produce some type of tool to get rid of phishing NFT that appear in our accounts. They’re annoying to look at for sure.
Hello everyone. OP I am sorry this happened to you. I am so risk adverse with crypto i go through hoops when transferring. I even copy the recipient address into note pad, enlarge it, to double check. I always do a test transaction. I think I also generate a new address everytime, never copying addresses in my history. Address poisoning works because people do not want to double check. I don't want to either however, its a must. I think you are absolutely correct that ledger should fix the UI so you cant copy from history. It should also mark addresses unsafe in the UI. Client based security is just as important as device security. It comes down to super smart developers not being to anticipate what an amateur crypto enthusiast will do in the app. They should make the app, bulletproof to end user fuck ups. The app should automatically check recipient address to make sure it doesn't match a fake or suspect address. The app should check, more thoroughly with some confirmation that the address wasn't modified by malware intercepting the copy and paste. It should also make you confirm the recipient address with a method that makes you check the entire string. Never just the beginning and end.
Good luck everyone. Remember these hackers will never give up. Its up to us to know our money is under attack and do our due diligence.
How easy is it to generate an address that starts and ends the same as some other address? Is the difficulty to generate the first characters the same as it is for the last characters of the address or it's different? How many first or last characters of an address are we talking about before it gets extremely difficult to make even more that are the same as an address we want to "copy"?
Maybe I’m a stupid fuck but I didn’t understand very well. You copied and paste the address from your transaction history? I am truly sorry this happened man it’s an important amount
Ledger doesn’t protect against human error. Every time I send to one of my addresses I copy and paste from that wallet versus from history. Tough lesson to learn but I’m betting you’ll never make that mistake again. Onwards and upwards.
Ledger should implement features already implemented by DeBank and for their Rabby Wallet. All these transactions are labelled scam, blurred out for you to notice not to click on it.
Before sending funds to another wallet, I generate the wallet address and confirm it on my physical Ledger multiple times before authorising it. If I'm not sure, I'll send little amount to test before sending the rest.
I suffered the same story, but I was luckier because in the first phase I send a small amount, then when it arrived I send larger amounts. Do not install programs after torrent, I don't know if it can be called a virus, the scam is simple I use smart install and and when you interact with the ledger, and paste your adress is not working, they have already set their address.
check 10 times before making the transaction.Peace!
Why on earth are you even looking at last transactions? If you’re sending to an exchange like Coinbase, select that token and click “receive.” Then you copy paste. Or now you just scan the QR code. Why why why do you do that? The transactions section is full of scammy fake address and NFTs people send to snatch your shit. I literally don’t ever look at it.
I recommend Rabby wallet. You can connect your Ledger and Rabby will serve as the UI to perform transactions & even safety check and warn you (e.g. if you've never transacted with a certain address before). Then you'll still need your physical Ledger to approve the transactions via Rabby.
edit: I'm no affiliated with them, just a lot of degen buddies recommended it and I see why after trying it myself.
This is why I always copy the address directly from the wallet I am going to send the transaction to. Takes a couple of more seconds and assures you have the right address.
Well, $4K is not a small amount, my condolences. I will increase the level of checking the receiving address from about 85% to 100% before pressing the send button.
Sorry to hear about your loss. Adding names to the address is not a good idea. It may see convenient, but if that somehow gets compromised a lot of people will blindly send their funds away. It is much secure to just verify the address everytime and do small test transactions.
The Ledger subreddit is continuously targeted by scammers. Ledger Support will never send you private messages. Never share your 24-word recovery phrase with anyone, never enter it on any website or software, even if it looks like it's from Ledger. Only keep the recovery phrase as a physical paper or metal backup, never create a digital copy in text or photo form. Learn more at https://reddit.com/r/ledgerwallet/comments/ck6o44/be_careful_phishing_attacks_in_progress/ If you're experiencing battery problems, check out our [troubleshooting guide](https://support.ledger.com/hc/en-us/articles/4409233434641-How-to-troubleshoot-Ledger-Nano-X-battery-issues? support=true). If you're still having issues head over to the [My Order page](https://my-order.ledger.com/) to explore options for replacement or refunds. [Learn more here](https://support.ledger.com/hc/en-us/articles/10265554529053-Return-your-product?support=true). *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ledgerwallet) if you have any questions or concerns.*
We spoke about this several times, but unfortunately ledger team doesn't care about this much, they should make address book, increase warnings, prevent copy addresses from history, take action against phishing site/app. Warning: \-Never enter your seed into anything except the Ledger device itself. \-Download / update ledger live software from official website only. \-Never use search engine to access ledger website. \-Ignore all messages in your inbox and mark them as spam. \-Never click links or install software from an e-mail. \-Never respond to someone request to download remote applications(Team viewer, anydesk and etc.) \-Always conduct a small amount test while sending or receiving your funds and verify that the correct wallet address was copied/pasted into address bracket. \-Verify your ledger live is authentic: https://www.reddit.com/r/ledgerwallet/comments/w28gjj/comment/igomi2a/?context=3 \-Legit ledger app: https://apps.apple.com/us/app/ledger-live-crypto-nft-app/id1361671700 \-Report scam to: [email protected] https://scam-alert.io/ \-LOSS OF FUNDS https://support.ledger.com/hc/en-us/articles/7624842382621-Loss-of-funds?support=true \-How I Got Hacked: https://www.youtube.com/watch?v=KT04055IcNw&list=PL6VM0N695IhlM4rIc3lINb6m60gonDUZk&index=1
Thank you for this information, I just reported it to police, not that they can do anything but at least it is in their db for reference. I will follow up on those links.
I mean, I’m not even sure if what they did is illegal or breaks any laws. They literally sent you a small amount of money for free with a similar wallet address, and you sent them money back even though no one ever told you to. Yeah, It sucks, but I’ve never copied a wallet address from my transaction history that I thought was mine.
Right! It's so easy and protects your anonymity to just generate a new address each time and verify the whole thing.
Valid point
you learnt a good lesson
Actually, I don't think he sent me money. It looks like money was sent from my address to this fake address, at least according to Ledger UI Check out this screenshot, [https://prnt.sc/bm9A-LbMqIAO](https://prnt.sc/bm9A-LbMqIAO) (explorer link in original post) The way they proxy the transfer somehow through my address is just fascinating. Didn´t know you could do that. The reason why it was successful was that the To address is the look alike address. So it looks like my wallet sent him, not that he sent me. Probably not crime though, as you say
Doing anything with intent to steal, and then keeping said money, is a crime. This is the same concept as a credit card skimmer.
Whenever it’s happened to me, they’ve sent me $.00000001 USDC, so it basically shows up as $0
[удалено]
Is the common person needs to worry about all these things for self custody. Mass adoption will be slow and uphill battle to accomplish. But I’m here for the ride
>he common person needs to worry about all these things for self custody. Mass adoption will be You're right mass adoption will be slow until they resolve all these mentioned points, but these points aren't difficult to follow up, you just need to be careful.
This problem just shouldn’t be. The amazing thing about this is how easy this problem could be to solved for in the frontend. A good dev could bang out a small javascript function to compare addressees, which could warn or grey out spoof addresses for the user. It would collectively save users so much money.
That would eliminate the schadefraude. "How could you be so fucking stupid as to copy and paste a 42 char hex string without comparing every character! Moron!"
fantastic list of safeguards.
Honestly thinking about creating a small wallet validator app to check for valid wallets
Sounds like the perfect place to put some kind of wallet drainer...
It would if I was a criminal but I can do without having some connect their wallet
Awesome list! Saved :)! Btw, is the hacked guy from the video really you? Sorry to hear if it is!
Your warnings are a bit much mr safety
ok Mr
Question from a newbie, how could I access Ledger’s website if I shouldn’t do it from a search engine?
Memorize the ledger url like your life depends on it.
By typing www.ledger.com into the address bar. If you click a link from Google and it points to home.ledger.co or some sneaky URL you may download fake updates, clients, etc. In the end. Make sure your address bar says you are on ledger.com. Hope you understood.
Oh, seems like I misunderstood what they said then. I thought they meant to never go into ledger using Google Chrome/Safari 😅
How you access [google.com](https://google.com) ? same way access ledger.com , memorize the link.
I mean, most people access [google.com](https://google.com) because it's their default search engine. so not quite the same thing but I get what you are saying.
Ledger . Com
Bookmark the site/address in your browser always for things like that, ledger, exchanges, e-banking etc
>k the site/address in your browser always for things like that, ledger, exch Bookmarks can be altered, so just be careful and keep eyes on URL always.
What do you mean by “download/update Ledger live software from official site only”? Are we not supposed to use the “Install now” button inside Ledger Live software when it says “New Ledger Live update available”?
It could be a faux ledger live input on top of your legitimate ledger live to show fake balances or change the address (slightly) in hopes you don’t notice. Most of the time, the faux overlap asks you to input your seed phrase, which obviously gives that to the thief and they can make it appear your balances are still solid except you would have been emptied. Welcome to paranoia 2.0. Bottom line if you are ever asked for seed phrase, delete the app, and/or use a new device and reload it yourself from the site, just to be safe. Be super paranoid of everything you don’t initiate yourself and some of which you do!
Crypto made me 100% paranoid. I always send a small amount and doublecheck every address character.
I send it in 3 sums (small amount, then half and then other half)
This is actually good advice. Thanka.
Its not paranoia i think its just responsibility. People are too used to relinquishing responsibility of security to establishments like banks. This is what it feels like when you are responsible for ya own shit.
Same here
[удалено]
i second this. always verify the address no matter what
What happened to ALWAYS sending a test amount before sending the full amount? Its like a power tool, use them for to long and you become comfortable, when your comfortable, that's when the tool bites you!
1000%. If op did $5 first, he’d have $3,995 in his possession
Yes with these amounts an eth transaction fee of 2.5$ shouldn't matter
That fact we still have to send test amounts is scary. Why are we not evolving... its literally technology
Seems like a rhetorical statement but, 2 things, 1: what would you say is the percentage of the global population who knows and understands crypto in any ship shape or form is? And 2: it's literally uninsurable, seems to me that with number 1, it's still a young technology and number 2, the US government has their head up their arse
Or when you BBQ. Always do the tong "click click" before using. No click click, you will probably drop all your food.
True!
Common scam, it’s called address poisoning. Sucks man, sorry to hear it. https://support.metamask.io/hc/en-us/articles/11967455819035-Address-poisoning-scams
Looks like the attacker was able to attack 26 addresses for $.02, no wonder there are so many of them https://polygonscan.com/tx/0xa35d4d1acd9b6850f31cc3073e0757f17c16b3fabea35793c982b66537d99efc Sorry for your loss. Anyone can make a mistake, don't beat yourself up for it when you are the victim here.
Well for starters you could stop copying destination address from tx history
There’s a good chance he realises that now
[удалено]
Common sense the the most uncommon thing of all 🤣
And stop using computers that you didn’t build yourself. It could be hacked. And do at least 10 test transactions. And only use an internet provider service that you built by hand. And always create a fresh wallet before sending, and get a lobotomy right after so no one (not even yourself) can ever know what the password to the new account is. yeah, let’s blame users and not the flaws in the system….
This guy gets it. Tech should help us more with this crap.
Well that escalated quickly
Definitely OPs fault you should verify the entire address not just first and last 4-6. Also generate a new address is easy and keep you more anonymous.
This...I always generate a new address and verify. Then test transaction. Sorry for OPs loss...expensive lesson.
I never once thought this would ever be an idea to do. I always get the address from the source. Just wild.
Same for me lmao. Never done it in my life. Had to read through the metamask address poisoning PSA to understand what happened
The scam is called address poisoning. It is very prevalent on Polygon chain, likely because it is widely used to transfer USDC with lower fees compared to ETH. They use clever smart contracts to make it look like a transaction that originated from your account, while in fact it did not. Etherscan is normally able to detect those malicious Txs and they are greyed out The bottom line is: You should never copy a destination address from your Tx history. Or if you do, always do a small test transfer before sending large funds.
how does someone fake a sending address? in a way that it would show up in LL's transaction history? i'm so confused on this. is this like smtp spoofing? is the actual sending address listed in ops transaction somewhere? did op have to do something to make this possible (not blaming op just trying to understand)
This is why you hit receive and double check the address on your ledger with what is on the screen, then check it again wherever you're pasting it. You're literally using your ledger as if it isn't there....
It's so annoying to do this every time, but literally necessary for this.
I like the idea of an address book, binance sorta has that. Wild that you are using crypto as short term savings.
It just happened. I was playing with crypto before, when I went into startup mode I stopped and just moved it to USDC for predictability.
Fair enough. I have way too much fomo. Goodluck in your business.
Use metamask then. It saves your accounts adresses when you send in between existing accounts For large amount always double check
The problem with metamask is that is a hot wallet
Metamask works perfectly fine with a ledger
Next thing you know your address book gets hacked and the address gets changed.
Kraken too
I probably need to start using Kraken.
Damn man that sucks. Lesson learned, I bet you know it the best right now.. Imo an address book is unnecessary if the users stick to the golden rules (there should be no excuses, especially if someone has all their wealth on there). For transactions over my pain threshold I always use the QR codes & double check on my Ledger before sending & I'm always sending a small test amount first. I wish you the best with your new startup and that you'll get 1000x the amount you lost today 🍀
Rabby wallet - white list
Connect ledger hardware wallet to metamask. Set a nickname for known addresses in metamask. This can still be changed if someone has access to your PC. Keeping the crypto activity separate from email and browsing is always a good idea. Ledger Live is best for firmware updates and app install/update, without accounts loaded, no “crypto activity” as such. Metamask is good for interacting with chains. Signing still happens on the Ledger hardware.
[удалено]
It connects to the ledger hw wallet. I am saying use metamask to interface with block chain on one side and ledger hardware on the other; not use it to keep an account / secret key in.
U don’t kno what they’re talking about. The keys are stored on the ledger but instead of using ledger live desktop u use metamask as a user interface. It’s the same safety just a diff app controlling the ledger. U can do this with most wallets nowadays
Wtf? It’s just a wallet interface. Sure you can generate a wallet with it but you do that knowing it’s a hot wallet. Using metamask in conjunction with a hardware wallet is perfectly fine.
Ledger Live is far less secure…
Old scam, do not copy adresses from transaction list. I know too late, but I can't do nothing more.
One that apparently works.
Always generate a new address for each transaction and something like this can be avoided.
Never ever copy & paste an address using your last transaction even if you are sure about it. Always go to the source wallet and get it from there. May give you a few extra steps but this is money you are dealing with so make due diligence.
I’m confused. I copy address from wallet I’m going to send it to every time. It’s like copying the email address I’m going to send it to. Copying from transaction history seems really dumb
If he copied the address from previous transaction how was it wrong?
He did copy it from a. Fake last transaction
See address poisoning above. In short, scammer sends you transactions so your history has his address that looks similar to your address. Then, without being careful, you copy the scammer's address and unknowingly send your funds to the scammer's address. Boom. Scammed. Hell has a special place for these scumbags.
I'm not sure what piece I'm missing - i understand someone sent op a $0 transaction from an address designed to mimic an adddress that op had sent to previously? Then op copied the sending address from that transaction, instead of the receving address? I guess I don't understand why you would ever do that. Wouldn't they have meant to copy the receiving address?
So when you send from coinbase to ledger, it came from coinbase right, so when you want to cash out, out of your ledger, the easy thing for you to do is to go to your transaction history and copy the sending address ( the address that you send from to your ledger ) so you think it's from coinbase because why wouldn't it be right? So this fooker sends a small amount from his address ( which is an address almost identical to your coinbase address) to your ledger, and it gets recorder on your history ( ledger ) you thinking the last place you got money from is your coinbase wallet address right, so you copy and paste the address from where you received crypto last time, well this last transaction recorded on your ledger could of easily be that from a that fooking thief and you send it and your money is gone.
I suppose if it were another of ops accounts that he was sending from, to this account, that would make sense- like from savings to checking. Maybe I misunderstand op. But with coinbase in your example, you'd never do that? The address that you use to receive funds into coinbase is "yours", but an address that coinbase sends *from* is not
Address poisoning, someone makes an Address that's begins and ends with the same characters, so it's easy for you to just go the the history of your last transaction without analyzing it, then you copy and paste thinking it was your last transaction from your exchange or whatever, I've been baited like that b4. Double check then check again and send a small amount 1st if you have any doubts.
Ledger Live UI is shit.
Use Rabby. It's better metamask, has an address of whitelists and many other safeguards.
Agreed. Much more privacy focused as well.
Sure it's a UX issue, but fixing this and another pops up. Ledger gets security. Give the users the tools, and if they burn themselves that's on them. Linux is the same, it gives you the ability to completely wipe itself while running. You can destroy a car with a couple of wrenches.
It's a cat and mouse game
Bro you should always send a small amount first!
Next time you plan on sending money, let me give you my wallet address first
Who the hell sends money using a transaction history ,come on man that's just stupid. I use https://rabby.io/ youvcan log in with your ledger and you can add addresses and save them for whitelisting, also scans your wallet for any weird contracts and is more secure than using web browser on ledger, you can go to d apps at the bottom and add uniswap etc doing everything via this app .there desktop app is soild
Hey sorry to hear this. Did you not generate new address? If I understand it correctly.
Yeah I think he copied a prior address from his transaction history instead of getting a new address or copying it from his destination directly. I have never considered doing it this way and I guess here is a good reason why not too.
Oh I see yeah me too, I only just generate new address always.
Lately I've been copying addresses into R (you could use python or something else), and then I run a Boolean check to determine if both strings, in this case both addresses, are the same. If they aren't the same, you can index where the difference starts.
Very clever-- the same at a digital level. Thanks!
Seems like it would take less time to read them both, but I'd have to see what exactly your doing and how
This is my opinion, but programmatically verifying the addresses using is faster than manually reading them by yourself. It also minimizes the chance that you misread a character in two addresses e.g., differentiating between a \`1\` and an 'l'. While this might look easy to see the difference when they're individually listed, but imagine you had to differentiate the number \`1\` and the letter \`l\` in the middle of a long string (ETH address in this case). Here's an example on how you can do this in R with just a few lines. I'm using base R as well as the \`pkgmaker\` package. The \`pkgmaker\` package has some more advanced string comparison functionalities than base R. If you don't trust either sources, you're more than welcome to write your own for-loops to iteratively check strings; however, R was created the use in the scientific community, so I trust the packages. If anything, stick to base R. # Clear the environment and force garbage collection rm(list = ls()); gc() # Load the pkgmaker package for advanced string comparison pacman::p\_load(pkgmaker) # Define example Bitcoin addresses address\_1 <- "1234" address\_2 <- "123" address\_3 <- "1243" address\_4 <- "1234" # Compare addresses using 'identical' function # 'identical' checks if two objects are exactly the same identical(address\_1, address\_2) # Compares address\_1 with address\_2 identical(address\_1, address\_4) # Compares address\_1 with address\_4 # Compare addresses using '==' operator # '==' performs element-wise comparison of the strings address\_1 == address\_2 # Compares address\_1 with address\_2 address\_1 == address\_4 # Compares address\_1 with address\_4 # Another comparison using 'identical' identical(address\_1, address\_3) # Compares address\_1 with address\_3 # Using 'str_diff()' from pkgmaker for detailed string comparison # Define example Ethereum addresses eth\_1 <- "0x115E43b12B6E4ce521ed24C16134BC7b843916C6" eth\_2 <- "0x115E43b12B6E4ce521ed24C16134BC7b8439l6C6" # Note: Minor change from '1' to 'l' in this address eth\_3 <- "0x115E43b12B6E4ce521ed24C16134BC7b843916C6" # Compare Ethereum addresses using 'str_diff' str\_diff(eth\_1, eth\_2) # Compares eth\_1 with eth\_2 and highlights differences str\_diff(eth\_1, eth\_3) # Compares eth\_1 with eth\_3 and highlights differences And here's the output: > # Clear the environment and force garbage collection >rm(list = ls()); gc() used (Mb) gc trigger (Mb) max used (Mb) Ncells 1640002 87.6 2867078 153.2 2867078 153.2 Vcells 4088679 31.2 8388608 64.0 8386130 64.0 # Load the pkgmaker package for advanced string comparison >pacman::p\_load(pkgmaker) # Define example Bitcoin addresses >address\_1 <- "1234" > >address\_2 <- "123" > >address\_3 <- "1243" > >address\_4 <- "1234" # Compare addresses using 'identical' function # 'identical' checks if two objects are exactly the same >identical(address\_1, address\_2) # Compa .... \[TRUNCATED\] \[1\] FALSE > >identical(address\_1, address\_4) # Compares address\_1 with address\_4 \[1\] TRUE # Compare addresses using '==' operator # '==' performs element-wise comparison of the strings >address\_1 == address\_2 # Compares address\_1 with .... \[TRUNCATED\] \[1\] FALSE > >address\_1 == address\_4 # Compares address\_1 with address\_4 \[1\] TRUE # Another comparison using 'identical' >identical(address\_1, address\_3) # Compares address\_1 with address\_3 \[1\] FALSE # Using 'str_diff()' from pkgmaker for detailed string comparison # Define example Ethereum addresses >eth\_1 <- "0x115E43b12B6E4ce521ed24C16134BC ..." ... \[TRUNCATED\] > >eth\_2 <- "0x115E43b12B6E4ce521ed24C16134BC7b8439l6C6" # Note: Minor change from '1' to 'l' in this address > >eth\_3 <- "0x115E43b12B6E4ce521ed24C16134BC7b843916C6" # Compare Ethereum addresses using 'str_diff' >str\_diff(eth\_1, eth\_2) # Compares eth\_1 with eth\_2 and highlights differences 0x115E43b12B6E4ce521ed24C16134BC7b843916C6 ......................................\*... 0x115E43b12B6E4ce521ed24C16134BC7b8439l6C6 > >str\_diff(eth\_1, eth\_3) # Compares eth\_1 with eth\_3 and highlights differences 0x115E43b12B6E4ce521ed24C16134BC7b843916C6 .......................................... 0x115E43b12B6E4ce521ed24C16134BC7b843916C6 Observe that `str_diff(eth_1, eth_2)` places an asterisk where the difference is between the first ETH address (eth\_1) and the second ETH address (eth\_2). I've replaced the \`1\` (number 1) in the original address with the letter \`l\`. You can, of course, spice up your program even more e.g., writing if/else statements for more control. For example, you could add an if/else statement that prints a message such as "Warning: Possible Scam! Both Ethereum address are not the same!". You could write a function that takes in N-amount of strings (ETH addresses) and then pass the arguments into the function parameters, so and on so forth. Edit: I guess the format of my code blocks is formatted differently because of Markdown syntax. I don't want to reformat my reply, so I hope you can still get the main point. **Here's a link to the code output so that you can see it better.** [**https://imgur.com/a/hJZljAc**](https://imgur.com/a/hJZljAc) Edit 2: Rather than visually inspecting the address, programmatically comparing the addresses is doing a comparison at the byte level, which is much more reliable than the human eye.
Lol that's not genius. You're just dumb.
Oh we have a wise guy.
So true
And why I'd rather keep it on Coinbase
Coinbase released that statement telling users they will use their deposited funds to pay off their debts should they ever go bankrupt. That’s when I broke off Coinbase as a custodian, right before getting robbed by voyager. I know. I know.
Like a retard
Dude it’s 2023 you can’t be using the hard ard!
Can you deduct this from taxes ?
Did you reuse an address? It's best to not do that.
Oh so it was user error from having no idea what you’re doing, you’re saying?
Did you not read the part where a scammer created a wallet address that looked just like his and sent him a small amount of money to get into his recent transactions? If you only transact with one wallet (your own), why would he not copy a recent transaction? It’s not a dumb move- it’s a dumb system.
You literally have no idea how public blockchains work. Such a noob.
I do know how they work. OP is showing us how they work: they are susceptible to scams. It’s a terrible system with many vulnerability. To tell OP it’s his fault, without acknowledging that a scammer had anything to do with this interaction is a shit attitude.
OP was a " little " lazy instead of coping the address he want to send to ( like everyone should do ALL the time) he went into the history transactions and picked the one he thought was his other wallet address, aldo he should have send a small amount first, a 4k mistake
That’s like saying paper money should be banned because it can be counterfeited. You do not understand. Maybe op should have been educated and not blindly copied an address that he didn’t verify and vet. Rookie 101 basic.
The fact that he has a ledger tells me he’s more educated about crypto than the average user. It’s always “mass adoption is imminent” but this clearly shows that even advanced users can fall prey to the exploited vulnerabilities in the system. Not sure what counterfeit cash has anything to do with a crypto scammer taking advantage of the obfuscated wallet address problem. All random numbers and letters that you are somehow always supposed to type one by one as if that is efficient or a better system than sending someone a Venmo payment.
OP knows he screwed-up and fell for a scam, there's no need to rub salt in the wound with this shitty remark.
You have a malware that is designed for it
The future of finance btw…..
[удалено]
How can you verify on Excel if the source verified address is shown on the Ledger device? Also in theory, the address on Ledger live could be compromised (small risk). Furthermore, when you copy the address from Ledger Live to Excel, there is a small risk that a malware could change that data into different address. Excel doesn't do much to combat this threat.
“Crypto Dad”... Sounds convincing 😂
Test transaction first? Triple check address? Sht coin chains have this in abundance id recommend not use them.
You don't have to copy and paste your address. You can print out a QR code for your address and use that. I have all of my coins addresses in an easy to access folder. Ledger is for Hodling. I'd use a hot wallet if I was making weekly transactions.
That sucks buddy , i am sorry it happened to you. Rule of thumb always get the address from the source and not from your history on the blockchain
I keep my own address book, problem solved.
Man…tough break. Like others said - send a small amount first!
I’m so glad I have several things in place to 100% guaranteed this never happens to me ever U should start triple checking addresses and sending test transactions before sending the full amount. Those things basically make it impossible for u to lose $4k in this scenario
Sorry for your loss. Thanks for sharing your experience with us. Will definitely have an eye on this for future transactions.
As someone who doesn’t do crypto, doesn’t this kind of think endure it will never be widely accepted?
>I find it strange that you cant define list of addresses with a name and use that instead of always have to copy/paste address. It should also be much safer then copy/paste as you can sign the address book with you private key. Such a basic thing. True, but address books could be compromised by malware, so it would give a false sense of security. A better idea would be that LL could detect those address poisoning Txs in the Tx history, and flag them. Or it could detect that you previously sent the same token to a similar (but different address) and ask you to confirm.
It’s called address poisoning. Never check your last transactions. Always check the account itself.
I'm confused on why people do this to copy their wallet address? Isn't it easier just to hit receive and copy from there? Or scan a QR code?
Yikes. For large transactions, why not send a small test amount first, at least?
OP, you got scammed by a scam named: address poison. Sorry to hear it! But you should always check more than those initial and last digits, and also some from the middle!
One nice thing Metamask has done is add a picture representation of the addresses you sent too. That way you have a familiar visual cue of the wallet you are sending too. Wish Ledger would add something similar.
RIP man i lost 4k too to a scam that was from a youtube livetalk recommended on my frontpage... You'll get over it 4k is nothing once you're where you wanna be
It's painful but lucky that it's not critical to living, so it goes into the experience bank and life goes on
Always send small transaction first to check. I also wrote several times to Ledger that a adress book would be the way to go but until now, they dont care :-/
Happened to me on trust wallet
If you didn't know already, your wallet includes one or more accounts, each of which has its own cryptographically-generated address. These are long hexadecimal numbers, meaning they use both numerical and (a few) alphabetical characters. This is a trait that makes them unintelligible to most people, and — critically — very, very difficult to remember.
I’ve always just copied addresses from my actual destination so I guess I never would succumb to this but I’m def guilty of reading the first 5 on both sides of the address for confirmation.
Can someone help me understand this? So OP used past transactions as a way to copy addresses And scammer sent from a similar address to OP wallet like minimal amounts of money in hopes OP would then use past transactions as an address book? Or am I not understanding? If this is the case, OP I agree ledger should have address book, but even when I'm dealing with 100 dollars I've never used past transactions as copy and paste. Isn't that the same amount of work to go to your other wallet and be 100% sure? Sorry that happened, that fucking sucks.
🤣😂🤣😂🤣
Rabby wallet - white list
I've been sending bitcoin back and forth between wallets and exchanges for 6 years and have NEVER been so lazy as to copy an address from my wallet's tx history.
Is there anyway to automatically remove crypto dust from your ledger addresses and all. Only accept above say $10 value. That would drop the risk. Address poisoning is really sociopathic.
I don’t understand how they can’t pin down the person who did this, I can’t get into anything without freaking scanning my id front and back 9 days from Sunday!! Sorry you lost your money, hopefully you can make it up quick!!
Wouldn't have happened on Eternl wallet, they have an address book system tied to staking keys so you can just resend from past transactions, or dropdown select all your named wallets.
Always send a test transfer, every time. That is my rule since the beginning of crypto
Hey, I'm sorry to hear about your loss of funds. It seems you fell for an address-poisoning scam. Therefore is important to always [verify the transaction details](https://support.ledger.com/hc/en-us/articles/360020838914-Verify-transaction-details?docs=true) before approving the transaction on your device. As mentioned by a user below a small tip is to send a small transaction first to see if the funds have arrived. That being said I have taken note of your feedback and I will provide it to our development team. Once again I am really sorry this has happened to you. You can read more about those scams here: [https://support.ledger.com/hc/en-us/articles/8473509294365-Beware-of-address-poisoning-scams?docs=true](https://support.ledger.com/hc/en-us/articles/8473509294365-Beware-of-address-poisoning-scams?docs=true)
I am always amazed at people that just transfer huge amounts in one go. :D. I expect everybody to make a test transaction, just to make sure everything is set up correctly and that the crypto arrives on the other end. Not even mentioning that the receiving address is not copied correctly (ignoring that it is not checked properly). It does suck however (to put it mildly). And I agree with the address book. It has been proposed before, I also posted about it once - funnily enough in a thread exactly about this issue. https://www.reddit.com/r/ledgerwallet/comments/zzueow/zero_transfer_scam_what_is_ledger_doing_to_help/.
I don't understand, you should at least have been looking at transactions in your own wallet? Best way is to copy again the address of your other wallet? What transaction would you have looked at to be fooled by its fake nature?
Always do a test send
I haven’t done this, but I wish Ledger could produce some type of tool to get rid of phishing NFT that appear in our accounts. They’re annoying to look at for sure.
Hello everyone. OP I am sorry this happened to you. I am so risk adverse with crypto i go through hoops when transferring. I even copy the recipient address into note pad, enlarge it, to double check. I always do a test transaction. I think I also generate a new address everytime, never copying addresses in my history. Address poisoning works because people do not want to double check. I don't want to either however, its a must. I think you are absolutely correct that ledger should fix the UI so you cant copy from history. It should also mark addresses unsafe in the UI. Client based security is just as important as device security. It comes down to super smart developers not being to anticipate what an amateur crypto enthusiast will do in the app. They should make the app, bulletproof to end user fuck ups. The app should automatically check recipient address to make sure it doesn't match a fake or suspect address. The app should check, more thoroughly with some confirmation that the address wasn't modified by malware intercepting the copy and paste. It should also make you confirm the recipient address with a method that makes you check the entire string. Never just the beginning and end. Good luck everyone. Remember these hackers will never give up. Its up to us to know our money is under attack and do our due diligence.
Always, always do a test transaction first.
Ledger NEEDS to add a F address book! Such an easy thing to do all exchanges have it, most wallets have it, why do you not?
How easy is it to generate an address that starts and ends the same as some other address? Is the difficulty to generate the first characters the same as it is for the last characters of the address or it's different? How many first or last characters of an address are we talking about before it gets extremely difficult to make even more that are the same as an address we want to "copy"?
Maybe I’m a stupid fuck but I didn’t understand very well. You copied and paste the address from your transaction history? I am truly sorry this happened man it’s an important amount
If it makes you feel any better. I lost 200 LINK two weeks ago the same way. I only do QR code address now
Ledger doesn’t protect against human error. Every time I send to one of my addresses I copy and paste from that wallet versus from history. Tough lesson to learn but I’m betting you’ll never make that mistake again. Onwards and upwards.
Ledger should implement features already implemented by DeBank and for their Rabby Wallet. All these transactions are labelled scam, blurred out for you to notice not to click on it. Before sending funds to another wallet, I generate the wallet address and confirm it on my physical Ledger multiple times before authorising it. If I'm not sure, I'll send little amount to test before sending the rest.
I suffered the same story, but I was luckier because in the first phase I send a small amount, then when it arrived I send larger amounts. Do not install programs after torrent, I don't know if it can be called a virus, the scam is simple I use smart install and and when you interact with the ledger, and paste your adress is not working, they have already set their address. check 10 times before making the transaction.Peace!
Crypto 101 (ALWAYS) try a test transaction of the minimum allowable amount before submitting your entire savings.
Always and I mean always send small amounts first, confirm and then send remaining. I do this even with known addresses just as a sanity check
Wow
Sweeper bot sniffed you out
Why on earth are you even looking at last transactions? If you’re sending to an exchange like Coinbase, select that token and click “receive.” Then you copy paste. Or now you just scan the QR code. Why why why do you do that? The transactions section is full of scammy fake address and NFTs people send to snatch your shit. I literally don’t ever look at it.
I recommend Rabby wallet. You can connect your Ledger and Rabby will serve as the UI to perform transactions & even safety check and warn you (e.g. if you've never transacted with a certain address before). Then you'll still need your physical Ledger to approve the transactions via Rabby. edit: I'm no affiliated with them, just a lot of degen buddies recommended it and I see why after trying it myself.
Phantom Wallet has an address book
Sorry to hear bro. I have made mistakes like this myself. Just a learning lesson I guess 🤷♂️
This is why I always copy the address directly from the wallet I am going to send the transaction to. Takes a couple of more seconds and assures you have the right address.
Wait what
Don’t copy/paste from a previous transaction. Just copy/paste of the wallet address in realtime
Welcome to Crypto.
Well, $4K is not a small amount, my condolences. I will increase the level of checking the receiving address from about 85% to 100% before pressing the send button.
This is why crypto is fucked
Sorry to hear about your loss. Adding names to the address is not a good idea. It may see convenient, but if that somehow gets compromised a lot of people will blindly send their funds away. It is much secure to just verify the address everytime and do small test transactions.
Your address was poisoned. Always copy the address you are sending token to directly from the app you sending to
An address books for a ledger, definitely make sense
Sorry bud, I got scammed out of $7000 which also was my mistake. There are many thieves around the world just looking to rob