this post was submitted on 01 Feb 2024
11 points (100.0% liked)

Monero

1671 readers
9 users here now

This is the lemmy community of Monero (XMR), a secure, private, untraceable currency that is open-source and freely available to all.

GitHub

StackExchange

Twitter

Wallets

Desktop (CLI, GUI)

Desktop (Feather)

Mac & Linux (Cake Wallet)

Web (MyMonero)

Android (Monerujo)

Android (MyMonero)

Android (Cake Wallet) / (Monero.com)

Android (Stack Wallet)

iOS (MyMonero)

iOS (Cake Wallet) / (Monero.com)

iOS (Stack Wallet)

iOS (Edge Wallet)

Instance tags for discoverability:

Monero, XMR, crypto, cryptocurrency

founded 1 year ago
MODERATORS
 

Hi, I've just paid for Mullvad VPN (personally recommend) with XMR. That looked like this:

  1. I copied the address (one time subaddress) and the amount, checked if everything matched (and it did) and pressed send.
  2. On my Ledger I checked the fee, accepted, checked the amount, accepted, checked the address... REJECTED, because the address was different.
  3. Repeated the step above probably 2 times, installed ClaimAV and started full scan of my machine for malware.
  4. Because the Monero Wallet GUI was freshly installed from official Arch Linux repo and it showed the right address I decided to still accept the transaction. Worst case I lose 10 €.
  5. While the transaction was pending I tried to prove payment using LocalMonero's block explorer and I got an error. So I basically got hacked and lost 10 € ...
  6. Checked Mullvad VPN app and... it was paid???

Can someone explain me what just happened? My ledger showed a different address than what I copied, but the transaction still went to the right person. I started using Ledger only a month ago and I haven't been paying with it much. If this is all good and right, how can I tell if I'm being scammed on my Ledger?

top 4 comments
sorted by: hot top controversial new old
[–] [email protected] 8 points 9 months ago (1 children)

Good question. You didn't get hacked. You approved the payment to Mullvad.

When you send XMR to an "integrated address", Ledger does not display the integrated address on the device. It displays the raw Monero address. Mullvad probably uses integrated addresses.

SethForPrivacy said:

At present, the UX around integrated addresses can be confusing and even outright dangerous, like how the Ledger always displays the underlying address instead of the integrated address, making address verification difficult or impossible depending on the application.

I don't know if there are plans to fix this or if it can be fixed at all.

[–] [email protected] 3 points 9 months ago

Thank you, that explains quite a lot :)

[–] [email protected] 4 points 9 months ago (1 children)

Tell ledger you found a bug and see what they say

[–] [email protected] 1 points 9 months ago

I checked for already opened issues on github for monero ledger app and there are already 4 issues about this bug, 2 of which are still open, one since 2020!

https://github.com/LedgerHQ/app-monero/issues/66