A cryptocurrency hardware wallet user has reportedly lost 10 Bitcoin, worth over $1 million, in what has been identified as a phishing attack. The victim, known as "Anchor Drops" on social media platform X, revealed the loss on December 13, stating that the stolen assets were stored on a Ledger Nano S wallet. Adding to the devastation, Anchor Drops also reported losing $1.5 million in non-fungible tokens (NFTs) stored on the same device.

The incident has been traced back to a phishing hack that occurred years ago but remained dormant until recently. Blockchain security experts confirmed that a malicious Ethereum transaction, signed unknowingly in 2022, granted access to the victim’s wallet. This transaction, flagged as “Fake_Phishing5443,” allowed the hacker to drain assets across multiple blockchains.

Ledger, the wallet manufacturer, emphasized that the attack stemmed from user error, not a flaw in their hardware. They pointed to evidence that the victim's recovery phrase might have been compromised during the phishing attempt, granting the attacker access to all wallet-supported chains, including Bitcoin.

While the Ethereum-based NFT losses were linked to the phishing attack, the method by which the Bitcoin holdings were stolen remains unclear. Experts speculate that the phishing attempt could have also captured sensitive information enabling cross-chain theft.

In response, Ledger has urged users to exercise extreme caution when approving transactions and to regularly review token approvals. Blockchain security professionals have echoed this advice, warning that hackers often bide their time before exploiting stolen credentials.

This incident serves as a stark reminder of the importance of vigilance in the crypto space, particularly during market surges when phishing attempts become more prevalent. Users are encouraged to double-check transactions and avoid sharing recovery phrases to safeguard their assets.