24 words that ruined Qld woman’s life, costing her $14k
A Queensland mum has had her crypto fortune stolen three times by hackers but is still determined to keep investing in the digital coins.
Business
Don't miss out on the headlines from Business. Followed categories will be added to My News.
A Queensland woman who has lost her crypto fortune three times to hackers is still determined to keep investing in the digital coins.
Shirley*, in her 50s, from Far North Queensland, is a full-time carer for her adult child with a disability.
“I was putting away a little bit of money each week” into cryptocurrency, she told news.com.au.
However, she’s been hit by terrible bad luck three times over.
The mum first invested money through New Zealand-based exchange Cryptopia in 2017. Unfortunately, Cryptopia suffered one of New Zealand’s biggest thefts two years later, after hackers stole about $24 million of the exchange’s $250 million worth of cryptocurrencies.
Earlier this year, the firm went into liquidation and creditors like Shirley aren’t expected to recover a cent.
Scarred by the experience, the mum decided to use a “cold” wallet, a secure offline way to store savings that doesn’t connect to any online network and so shouldn’t be able to be hacked.
And yet, in the last few months, both her accounts have been compromised in different ways.
“My faith is shattered,” she said, but added: “I still have faith in Ripple. It’s not what it’s worth now, what I believe it’s worth in the future.”
She believes Ripple XRP is going to explode in price the way bitcoin did and plans to keep investing.
Want to stream your news? Flash lets you stream 25+ news channels in 1 place. New to Flash? Try 1 month free. Offer ends 31 October, 2022 >
At first Shirley invested in bitcoin but then “we lost everything” so switched to Ripple XRP.
She estimates her losses form Cryptopia’s collapse were between $30,000 to $50,000 depending on what price is taken under consideration about Bitcoin at the time of the hack in January 2019.
“I was being strategic about where I wanted to invest,” she said. Investing in bitcoin was attractive because of “the fact I wasn’t locked into a long tern investment, but also an investment that would return a profit.
“At the time it was doing really quite well.”
Shirley’s nightmare deepened when she bought two hard wallets from French company Ledger called the Nano S and Nano X, described as secure hardware wallets for crypto assets.
The set-up required a passphrase of 24 words, and also comes with a physical USB-like contraption. She made two accounts and stores the devices in her wallet. The devices have never been stolen or left her wallet unless she opens the account.
Yet despite that, the mum was alarmed to discover in June she no longer had access to one of her accounts. The device was asking her for a passphrase for one of her accounts and her own passphrase wasn’t working.
“One day I tried to do a deposit as always, and I couldn’t. And it was telling me my recovery phrase wasn’t correct,” she explained.
Concerned, the mother contacted Ledger’s support team, but no help was immediately forthcoming.
“I had been going backwards and forth, the support wasn’t helpful,” she said.
So she took to Twitter to share her situation and tagged the Ledger support desk hoping they would resolve her issues.
Very quickly, Ledger’s Chief Information Security Officer (CISO) tagged her in a tweet to offer his support and provided her with a link to update her Ledger app. The account had 5000 followers and also tagged the official Ledger Twitter handle. The Ledger Twitter handle did not respond.
Clicking on the link, she found herself on the Ledger website and input her password.
But in a devastating blow, she soon learned that this account was impersonating the real Ledger CISO. What was in her remaining Ledger account was swiftly transferred out.
“My whole Ledger wallet was worth $14,000, which is a lot for me. I just can’t believe I’m even in this situation,” she said.
Her money was transferred to a cryptocurrency exchange called KuCoin. She flagged the transaction with them and it has been frozen ever since.
She has lodged a police report and although Queensland Police have contacted the exchange on her behalf, the money remains frozen.
News.com.au has contacted Ledger and KuCoin for comment but the deadline was missed.
In a previous conversation with news.com.au, the real CISO, Matt Johnson, explained how the first hack may have happened.
“The 24 words derive a combination which provides you with your private key. It stores the key in a very secure fashion, keeps it isolated from the internet,” he said.
“Those 24 words are the keys to the kingdom. If somebody else can get those 24 words, they don’t need the pin.
“You want to keep those 24 words safe. You never, ever, ever share them, never put it in a place where it could be discovered or seen.”
In the past, Mr Johnson said customers had lost all their money after writing down the passphrase in a draft email or putting it in the cloud which was later hacked.
Some cyber criminals immediately know the significance of finding a string of 24 words in someone’s private files.
Mr Johnson recommended storing your 24 words in a safe or a safety deposit box at a bank and has even heard of cases of people storing their Ledger Nano S key in flameproof material that cannot be burned down.
*Name withheld for privacy reasons
alex.turner-cohen@news.com.au
Originally published as 24 words that ruined Qld woman’s life, costing her $14k
Disgusting act after builder adds $100k to bill
Shocking pictures have revealed how a family’s “dream” has turned into a nightmare with harsh financial consequences.
‘Insidious’: Silent epidemic costing Aussies billions
This sneaky form of abuse costs Australians more than $5 billion, making it more prevalent and dangerous than scams. Now powerful voices say it’s time to ditch the taboo.