An XRP community member, TallDallasGirl, recently took to X to report a significant loss of 17,000 XRP due to an alleged hack that affected her Ledger wallet.
Her narration revealed that the unfortunate incident began when she installed the latest Ledger firmware for desktop on Sept. 29. She claimed that her wallet got compromised, with her balance drained a day after she installed the update, at precisely 01:16 (CST) on Sept. 30.
HACKED! Installed @Ledger firmware on 9/29/23 who by the way has not responded!!
Hacked at 1:16 am CST 9/30/23– all XRP was drained. My device was NOT attached to my computer and my computer was not on!
THEIF’S ADDRESS! That it was sent to: r4kfNXYZm2sNQqtcNXLtQn3LMA7Nd6cqZx pic.twitter.com/B0kAZIX9HF— TallDallasGal (@TallDallasGal) October 1, 2023
She said her Ledger device was not connected to her computer, and her computer was off during the hack. According to her, Ledger had not responded to her at the time she took the case to X.
Data from Bithomp confirms that the address alleged to be involved in the hack did receive 17,495 XRP on Sept. 30 at 06:16 (UTC). The address sent the assets to Hitbtc less than 30 minutes later. Notably, the address was activated at the time the transaction occurred.
Community Reactions
When fellow community members inquired about the source of her Ledger device and how she stored her recovery phrase, TallDallasGirl revealed that she purchased the device directly from the Ledger website in November 2020.
I purchased from ledger website Nov, 2020, stored on printed paper
— TallDallasGal (@TallDallasGal) October 2, 2023
She further confirmed that she stored her seed phrase offline on printed paper. These responses raised questions about the possibility of a hack and some suggested scenarios, such as purchasing a used Ledger device or unknowingly exposing her private keys.
Prominent XRP community figure TheCrypticWolf entered the conversation, urging users to be cautious of fake Ledger support accounts.
He emphasized the importance of clicking only on official links through the Ledger website, using tools like PolySwarm to check for malicious downloads, and avoiding interactions with malicious smart contracts.
Interestingly, The Crypto Basic discovered that TallDallasGirl had responded to a fake Ledger support account. However, this interaction occurred after the supposed hack. While claims suggest a similar interaction in the past could have led to the incident, this is not confirmed.
The precise reason behind the hack remains undisclosed at the time of reporting, but TallDallasGirl has taken the matter up with Ledger, hoping for a resolution. She claimed she had not even looked at her seed phrase, much less shared it with a third party.
The Need for Security
Recall that, As reported by The Crypto basic, a similar case occurred in August, where another XRP investor claimed to have lost all her assets due to a Ledger hack. However, investigations later revealed that she had purchased her Ledger hardware wallet from a third-party retailer, not from Ledger themselves.
While hardware wallets like Ledger are generally regarded as one of the most secure ways to store cryptocurrency assets, these incidents highlight the importance of adhering to best practices for maximum security:
- Only purchase a hardware wallet directly from the original dealer.
- Never share your seed phrase, not even with supposed support teams.
- Download updates exclusively from the official website.
- Keep your recovery phrase securely offline.
Disclaimer: This content is informational and should not be considered financial advice. The views expressed in this article may include the author's personal opinions and do not reflect The Crypto Basic’s opinion. Readers are encouraged to do thorough research before making any investment decisions. The Crypto Basic is not responsible for any financial losses.