Skip to content
- The trader reports 30,000 USDC drained from a Ledger wallet despite strict isolation steps.
- The community is split, as some cite Solana authority risks while others question Ledger security.
- Ledger says on-chain data shows a signed transaction, pointing to a likely blind-signing attack.
A crypto trader has reported the sudden loss of 30,000 USDC from his Ledger-secured wallet on the Solana blockchain, claiming no activity on his part. He stated that he followed strict security rules, used a dedicated device for Ledger only, and did not access the wallet for weeks before discovering the drain.
The trader, known as Canissolan, posted the details on X. He described precautions that included never storing, sharing, or digitizing his recovery phrase. He said the Ledger device connected only to a clean MacBook with no browsing or app history.
Trader Denies Any Action as USDC Transfer Appears on Solscan
He stressed that no one accessed the hardware wallet or computer. He inspected blockchain activity on Solscan and noticed that the missing USDC had been transferred to Bitget, a major crypto exchange. His wallet also held about 2,000 SOL, which remained untouched until he moved it manually.
The trader insisted he did not trigger any transaction. He said he did not sign, confirm, or authorize a transfer and expressed certainty that no physical breach occurred. He added that he had not used the Ledger wallet for several weeks before the loss.
The trader tagged Ledger Support and investigator ZachXBT. He posted screenshots of his setup, the transaction, and related details. He requested an explanation for how the transfer happened despite what he described as strict isolation of both the hardware wallet and laptop.
Community responses were divided. Some users supported him and demanded clarity from Ledger. Others pointed to a known Solana issue involving authority changes. In that case, attackers exploit a prior approval to drain token accounts such as USDC later, without needing a new signature.
Also Read: South Korea Crypto Scandal Deepens After Wallet Leak Shock
Critics noted that a single malicious approval in the past may allow hidden changes to token authority. Supporters argued that his security steps made such a scenario unlikely. The disagreement led to heavy discussion across Solana and Ledger communities.
Ledger’s Analysis Points to Blind Signing Attack
Ledger replied to this situation on X, stating that their team analyzed the on-chain data carefully. Ledger stated that the transaction was cryptographically signed using the private keys. This proved that the transaction was approved on the Ledger device itself.
However, the Ledger team eliminated the possibility of a hack from a remote source, recovery phrase leaks, or Ledger device vulnerabilities. Ledger concluded that the transaction was caused by a blind signing attack.
This occurs when a user unwittingly approves a transaction that includes hidden commands. However, this usually occurs via phishing pages that masquerade as airdrops, NFT mints, or verification requests.
Ledger stated that this recovery phrase was leaked. This indicates that the transaction was approved at one point. Ledger asked the trader to continue working with their support team to investigate this matter further.
Ledger advised their users to carefully examine every detail on their Ledger device using Clear Signing. While they urged their users to refrain from approving any prompt that seems suspicious or unfamiliar.
Also Read: USAT Reserve Reveal Sparks Fresh Stablecoin Power Shift in US
