I Upgraded Ledger Software, and Lost 21 BTC worth over $600,000

Maryanne Chisholm
4 min readApr 7, 2023

--

This is a story about my friend, Nick.

Nick worked for close to 9 years to acquire 21 Bitcoin. As he earned the many small amounts he invested steadily into his savings account. He wanted the safest and most secure wallet he could find, and chose Ledger.

In September of 21 Nick transferred his bitcoin to his Ledger wallet:

39EyxRKomQK9PnCTzJHA7hTDzEqV6C4D2d

He would check every few months, because he wanted it to be safe and removed from everything else on the internet. He and his partner knew where the seed phrase was locked up. No one else had access, no one else to this day have seen it.

“Your balance is $0.00”

On March 2nd, 2023 Nick realized his wallet was empty, and had multiple errors. At that moment his wallet couldn’t be accessed at all. He had verified his seed phrase, and in the Ledger, all applications had been removed, and the device was in need of an entire install for the applications. Nick reinstalled, reloaded his account — and it was empty.

We know the money didn’t vanish from the Blockchain. We believe It went out in approximately 54 to 113 transactions, immediately following a software upgrade back in January, to wallets that then sent out transfers in bursts amounting to over a million.

https://blockstream.info/address/39EyxRKomQK9PnCTzJHA7hTDzEqV6C4D2d

I’m not a blockchain expert, but I do see too many coincidences, and I do not believe in that many coincidences. I have seen the absolute disbelief and bafflement in their eyes as I speak with them. I sympathize with these people, so with an amazing team of researchers and friends, we began to search.

I met Nick & Irina through a mutual friend, and we formed up a team to work together to solve this. I spoke with them on Zoom, a conversation you can read here, that outlines what happened. The text is unedited:

https://drive.google.com/drive/folders/1FNtcl5JfuSaXawnOm2_gc30Tu2ZpG60G?usp=sharing

As discussed, there was the day of confusion, where Ledger had mentioned a prior update to their software that Nick had not recalled. That was because it was back in early winter, on January 1st.

Following the upgrade, Nick did not review his balance, as he had just done it. Later, on March 2nd, this would change. In researching the missing funds, we discovered the date of the first outbound transaction from his savings account, occurred immediately after he had upgraded.

From there it was chaos, flurries of transactions that largely went down endless rabbit holes. At the instruction of Ledger support, our team worked on the multiple requests for a total of more than 28 hours this week alone before I began to suspect…the money isn’t missing from the blockchain. It’s been stolen.

But how?

How could funds be taken from an account on a device that had never been on his computer, with the exception of utilizing the acclaimed and secure software for Ledger Live?

The more we researched, the more we found indications of serious problems.

https://cointelegraph.com/news/ledger-cto-discusses-wallet-s-safety-after-multiple-security-setbacks

“Ledger, one of the crypto industry’s most popular hardware wallet providers, has faced multiple difficulties in recent weeks, including a breach in the company’s customer contact database and a wallet vulnerability putting users’ Bitcoin (BTC) at risk. Are the recent events simply a summation of a few difficult weeks, or is a larger unraveling at play?”

And other Bitcoin related discrepancies: https://decrypt.co/37651/ledger-exploit-makes-you-spend-bitcoin-instead-of-altcoins

R/ledgerwalletleak on Reddit: https://tinyurl.com/ledger-wallet-leak

We found strikingly similar people describing the same events on Reddit:

https://www.reddit.com/r/ledgerwallet/comments/e0t3ax/the_full_story_of_a_ledger_robbing_post_ledger/

Many, many comments of identical stories on Reddit, so many that I’m going to dedicate time to build a database. If this continues to be ignored, it may require becoming a class action. To the individuals effected, the disregard Ledger has is bordering on apathetic.

This situation, however, is not indifferent to Irina; who told me about their plans to build a home for her dying mother. You can read this discussion here:

https://drive.google.com/file/d/1seDVfUm8jat_FWFewp1tiCYrrJA8UWNL/view?usp=sharing

What we want to know now is, how many more people out there have lost their savings?

Large, or small, amounts add up quickly.

What can we do? Who should we be speaking to?

Please share your stories with us.

--

--

Maryanne Chisholm
Maryanne Chisholm

Written by Maryanne Chisholm

IR Partner, Consultant, Award winning Artist, Web3 Spaces Host, and Community Builder.

No responses yet