How money is stolen from cryptocurrency wallets

On Friday, the owner of cryptocurrencies under the pseudonym Anchor Drops told about the loss of a substantial amount of digital assets, the private keys to the address with which were inside the hardware wallet Ledger Nano S.

We’re talking about 10 bitcoins equivalent to about a million dollars at today’s exchange rate, as well as an NFT collection worth 1.5 million. Here’s the relevant quote on the incident, as quoted by Cointelegraph.

Hey Ledger. Today I lost 10 BTC and approximately $1.5 million in NFTs that were stored with my Ledger Nano S.

I purchased the device directly from you. The sydphrase was stored in a secure location, and I never entered it online. I’ve never signed a malicious transaction and everything is physically accessible. On top of that, I haven’t touched this Ledger in two months.

Can you explain what happened?

In this way, the user hinted that he does not think he is to blame for what happened, but instead is trying to blame Ledger for what happened.

However, as noted by a user under the nickname KDean in the comments of the original post after examining the noted blockchain address, it was the victim of the scam who made the mistake of interacting with the hardware wallet. It turns out that in February 2022, Anchor Drops fell victim to phishing and signed a malicious transaction that is already marked as Fake_Phishing5443 on the blockchain.

Here is the corresponding screenshot of the transaction at the time it took place.

The archived transaction that led to the current cryptocurrency and NFT thefts

In other words, the user fell victim to the scammers’ attack and provided them with the appropriate authorisations to withdraw assets almost three years ago, but the scammers did nothing all this time. As a result, they have now decided to conduct an operation to withdraw digital assets from the user’s address.

NFT withdrawal from a hacked cryptocurrency wallet

Ledger’s representatives confirmed to reporters that it “tentatively fell victim to phishing and malicious transactions several years ago.”

Hakan Unal, a senior researcher at blockchain security platform Cyvers, also noted that it was the said transaction that caused the current issues. Here is a quote on the matter.

Evidence in the blockchain confirms that the owner signed the malicious transaction almost three years ago and provided the necessary permissions to the hacker without realising it himself. The hacker did nothing for several years before emptying that wallet.

According to Unal, hardware wallet manufacturer Ledger is in no way to blame for the incident, as the user essentially granted permission to withdraw coins from his address on his own.

With this in mind, the Cyvers representative reminded to periodically check the authorisations granted. He continues.

We strongly recommend that users follow the recommendations and regularly check the token approvals granted to ensure the safety of their assets.


As a reminder, the revoke.cash platform allows you to check approved approvals and revoke them if necessary. Be sure to check it out if you haven't done so already. Still, as the current situation shows, it is possible to become a victim of hacking and not instantaneously.


Revoke Cash platform home page

At the same time, analysts noted that the question here is the theft of bitcoins, which in fact have nothing to do with the earlier malicious transaction on the Etherium network. Here’s a comment from Fuzzland’s lead security researcher Tony Ke on the matter.

Regarding the NFT, KDean’s comment explains everything. However, I don’t understand how the bitcoins were stolen.

😈 MORE INTERESTING STUFF CAN BE FOUND AT US AT YANDEX.ZEN!

Ledger Flex hardware cryptocurrency wallet

Cyvers and Ledger representatives have suggested that a malicious transaction in Efirium could sort of move to other blockchains within the same wallet.

Here’s a comment from the already mentioned Hakan Unal.

If the phishing attempt also captured the user’s recovery phrase, the attacker could gain access to the wallet across all supported chains, including Bitcoin.


Ledger's hardware wallets don't shine the cid-phrase online, however, as it's stored on a separate chip that operates in an offline environment.


Ledger representatives admitted that a similar mistake could have been made with the Bitcoin address. Here’s the rejoinder.

As we know, the user was phished in the case of the ETH wallet. We can also assume that the user made a mistake when interacting with BTC as well.

Cryptocurrency hacker

Fuzzland employee Tony Ke reminded the importance of verifying transactions before signing them. Still, it is this rule that can save an investor from a possible loss of funds.

While the use of hardware wallets is crucial in terms of improving security, it is equally important to understand every interaction with the wallet and make informed decisions.

As a reminder, the golden rule for coin security boils down to using a hardware wallet as cold storage. This means that the device should only be used to send and receive coins, but not to interact with smart contracts.

This way, the risks of storing crypto can be significantly reduced and similar situations can be avoided. Still, in this case, the victim was essentially hacked for over two years, but didn’t realise it.


Obviously, it will not be possible to return the crypto and tokens in this case. Therefore, crypto investors should draw conclusions from the situation and take appropriate measures to protect their coins. In this way it will be possible to make the most out of the current bullrun.


Come to our crypto chat. There we will talk about the most relevant topics from the world of blockchain and decentralised platforms.

SUBSCRIBE TO OUR CHANNEL IN TELEGRAM TO KEEP UP TO DATE.