A Reddit user under the nickname MoneroDontCheeseMe said that he had lost 1680 Monero (about $80,000 at current exchange rates) in the transfer of funds using a client Monero version 0.14 and hardware wallet Ledger Nano’s version 1.1.3.
According to him, he made several transfers of cryptocurrency Monero device with Ledger wallet “for viewing only” in the amount of 0,000001, 10, 200, and 141,9 XMR.
Before sending the last transaction on the wallet MoneroDontCheeseMe were about 1690 XMR, and unlocked-balance — 141,95 XMR. However, after the operation is complete, the user’s wallet was showing zero balance.
“I noticed that the amount sent and the transaction recorded in the blockchain do not match. In fact, the transaction 200 XMR removed from my Ledger wallet 1691,001 XMR. In addition, the amounts specified for the transaction 10 XMR not match each other”, — writes MoneroDontCheeseMe.
In comments to the user’s message technical Director Ledger of Nicolas bacca said was the most likely cause of the incident to the timing issue.
However, it later emerged that this is not so. According to the developers of the Ledger, the bug manifests itself when using the client Monero version 0.14 with a private client to the company version 1.1.3.
Warning: do not use Monero Ledger HW app with latest Monero client v0.14. Support issues have been reported on it, we are investigating. See more here https://t.co/yOV2b09QaG
— Ledger (@Ledger) March 4, 2019.
“There seems to be a bug associated with the return address of the purse. The refund, apparently, is incorrect. Unwanted effect is the combination of a specific version of Monero client with a specific version of the purse”, they said.
To avoid problems, the developers recommended that the owners of the Ledger Nano’s don’t use the client version 0.14 until further notice from the company. Users who will not carry out transactions with, presumably, vulnerable, no risk.
We will remind, in February, the Ledger developers discovered a problem in version 1.5.5 for the purse model Nano S — improvements in the security context of the affected memory device.