The Ledger developers team posted a warning on Monero’s (XMR) subreddit on March 4 advising users not to use the Nano S Monero app.
Apparently, a bug associated with the app had been discovered when, earlier today, user MoneroDontCheeseMe posted on Reddit a claim that he or she believes to “have just lost ~1680 Monero [around $80,000] due to a bug.” In the account, the user stated that after transferring about 0.000001 XMR from the Ledger to a view-only wallet, the user sent another 10, 200 and then 141.9 XMR.
According to the report, before sending the last transaction, MoneroDontCheeseMe had about 1,690 XMR in the wallet and 141.95 XMR in an unlocked balance, which is why he or she decided to send 141.9 XMR. Still, after the transaction, the user’s wallet is reportedly showing a balance of 0 XMR.
Furthermore, according to the Reddit user, the amounts sent and the transactions recorded on the blockchain “don’t line up.” MoneroDontCheeseMe wrote that the 200 XMR transaction actually deducted 1691.001 XMR from the Ledger Wallet, and also that the amounts reported for the 10 XMR transaction are incongruous.
In the comments to the post, Nicolas Bacca, chief technical officer at Ledger, stated that the most likely scenario — given how extensively the app has been tested — is a synchronization issue. Still, the warning issued later specifying a change address problem confirmed that this was not the case.
About two hours later, Ledger developers published the aforementioned warning on the Monero subreddit, and the official Monero Twitter account retweeted a tweet containing a link to the warning submitted by the official Ledger Twitter account. The warning post specifies that the problem presents itself when using the latest version of Monero client with application 1.1.3.
Monero team members have not answered Cointelegraph’s request for comment by press time.
Per CoinMarketCap data, Monero is the 13th biggest cryptocurrency by market cap, equivalent to over $800 million at press time. It is particularly known for his focus on privacy, as well as use by hackers in cryptojacking malware. In February, news broke that a new hacking tool is propagating throughout the online community of Windows’ users in an attempt to install cryptocurrency mining malware that mines XRP.
As Cointelegraph reported at the end of last year, researchers have reportedly shown how they were able to hack crypto wallets Trezor One, Ledger Nano S and Ledger Blue at the 35C3 Refreshing Memories conference. However, the next day, Ledger released an announcement stating that they regret that the researchers hadn’t disclosed the findings responsibly and that the discovered vulnerability is not critical.