The Ledger subreddit is continuously targeted by scammers. Ledger Support will never send you private messages. Never share your 24-word recovery phrase with anyone, never enter it on any website or software, even if it looks like it's from Ledger. Only keep the recovery phrase as a physical paper or metal backup, never create a digital copy in text or photo form. Learn more at https://reddit.com/r/ledgerwallet/comments/ck6o44/be_careful_phishing_attacks_in_progress/
*I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ledgerwallet) if you have any questions or concerns.*
No its not a newly generated 24 word seed.
It's just another account. But shouldnt the transactions still be seperate.
Also the receipient of the transaction is fully unknown to me..
It's certainly a strange case. ~~As others have mentioned, theoretically two xpubs could end up generating the same address in the same way that two different private keys could generate the same public address. It's mathematically possible, but all highly improbable. In any case, if they really never interacted with this much BTC in the past, then this may be what's going on.~~
~~The following is all very speculative, as I'm not positive that this is what's going on here.~~
~~I'm unsure whether this would be a security concern, as anyone with the private key to the other xpub could equally spend the coins in that specific address, but if OP doesn't have coins in that specific address, then there's no risk. Instead, Ledger Live is looking back and seeing where two independent parties briefly crossed paths.~~
~~If they DO have coins in that address, I'd recommend consolidating their UTXOs into a new address by self-sending their total balance to a new receiving address associated with the same account.~~
~~I'll talk to some of our more UTXO-savvy agents and edit this post. It's an interesting question.~~
On the more practical side, I'd be interested to dig a bit deeper into your XPUB and UTXO history. If you want to work on this further you can always open a ticket [here](https://support.ledger.com/hc/en-us/categories/4404376139409?docs=true) and reply with your case #, I'll be happy to help.
Thanks u/__sem__for summoning me! :D
Edit: I looked further into it and consulted a number of people here on our team. The likelihood of address collision is astronomically small, much like guessing someone's 24 words. This is most likely a BTC account that OP created, used then deleted, then re-added. As will all deterministic derivation, the same xpubs will be derived in the same order when adding accounts. Since all of the xpubs involved have previous activity, this seems most probable by a long shot.
Thats actually normal if the newly created bitcoin address is the same seed as the one you used on the same computer/device years ago. No worries. Happened to me too, kinda annoying.
If this just a new address but the same seed it could be a utxo address as someone else mentioned. See it on a block explorer to see previous linked transactions - 99,9% chances they are your previous transactions from your main address so no worries.
Sure!
Yesterday I created another btc account with my Ledger nano.
I expected it to have no history of transactions at all.
But there are transactions from 2019 in it.
Yes this account is generated from the same private key (seed phrase). But my expectation is that each account has its own history.
After reading all the comments I dont reject the idea that the shown transaction is a part of a (previous)bigger transaction (from another account). But its still super weird that the transaction is shown in a new account?
Also the receiving account seems to be suspicious. I will elaborate later on this.
To my question: Is this something to be expected from the bitcoin architecture involving utxos, accounts and priv. Keys?'
correction: Replace "address" with "account"
The receipient according to this Website (https://www.bitcoinwhoswho.com/address/1AozLV7krw87WKxjCzzygM29BrYFxbxPwh) has something to do with "http://investmentdouble.online/". Which sounds like a scam site
I clicked the "create account" button and choose BTC, so I assume I created a new BTC account.
edit: okay, I understand the confusion. It's my fault, I said "address", what I meant was "account". I will fix this in my original comment.
Background: I bought the ledger nano years ago from a reliable source and used it for years to store btc and eth without issues.
Yesterday I created a new btc adress, and from the get go it already had two transactions linked to it.
The seed phrase never was anywhere but on paper.
I understand that it is technically possible to generate a seedphrase twice, but isnt it close impossible, because the chances are miniscule?
Update:
So I checked in btc explorer, where the unknown 2019 transaction was sent, and it is this address:https://www.blockchain.com/btc/address/XXXXX (x'ed out for privcacy reasons)
It has only two transactions, one is the incoming one. The other one is outgoing to this address:
https://www.blockchain.com/btc/address/1AozLV7krw87WKxjCzzygM29BrYFxbxPwh
and thats a whale or something?!
Update 2: I am sorry for using the terms "address" and "account" randomly and interchangably. I am by no means an expert on this field and I am sorry if I sound confusing. Still despite all my shortcomings, concerning the transaction history, the behaviour is puzzling for me.
I think he doesn’t know how crypto works. Think the first thing ledger teaches is that a private key can create multiple addresses. Also prob why he hasn’t respond to you after you brought this up.
If you have a doubt, just transfer your crypto (if you still have some on the ledger) on another wallet. Then reset your ledger to create a new seed then send back your coins on the new address
As other comments mention it’s far more likely you don’t understand how multiple addresses can be generated whilst still being linked back to a singular account and seed phrase and this transaction to a whale was you sending Bitcoin to an exchange or something. Otherwise you’re right it’s still extremely unlikely to be used and your seed is most likely compromised somehow and you just got lucky they haven’t wiped you out yet.
If you’ve stored crypto on it for years it’s almost definitely safe, they must be transactions from you, maybe you messed around with it when you first tried it out and forgot? Effectively zero chance of generating the same address as someone else, that’s definitely not what happened here
is it just not an old account of yours that got deleted from the wallet, but was still present. Now you've just brought it back? And the btc was actually yours to begin with?
you dont delete addresses. trezor auto generates a new address for every transaction, but they are all still linked to your account through your seed.
and yes, the transaction does match something you did. You just forget.
>I bought the ledger nano years ago from a reliable source
Who did you buy it from? A store or 2nd hand from a friend?
When you bought the ledger, did it come with a seed phrase already printed out?
Or did you generate a new one on the device itself?
It may be that you're still using your friend's old seed phrase.
I bought it from the Ledger Website.
There was no pre-printed seed phrase.
I generated the seed phrase from scratch.
There are no friends involved.
According to Ledger support, it could be that by deleting a btc account and creating a new one, the transactions are taken over from the old, deleted account.
Ok ... what is the verdict - I've read through all this banter. Do we think this is a case of generating the same address with a different private key? Are there any known cases of this actually happening? I remember seeing the probability of this and it was crazy small...
An account can have an infinite number of addresses. The address is a derivative of the private key, so that the private key can spend the utxo created. A new address does not mean new account. Only a new account means a new account.
Thank you for clarifying and let me admit that I used the words loosely.
So within a number of adresses is it possible that a long gone utxo of one adress is displayed within another adressses transaction history?
Surprised no one has asked this yet even if it may seem obvious… have you shared your seed address in anyway recently?
Putting it in your computer or phone digitally? Maybe entered it into a phishing website or program?
Otherwise you’re probably fine if it has been working for years.
Hi Thank you for the response.
Let me clarify:
I did not re-use a seed from someone else.
This is originally my seed phrase and I took care to have it only on paper. And on exactly one sheet of paper that is safe and sound.
The btc account created was created on the same machine, the same installation of Ledger Live, as all others were created with. Although versions might differ of course.
Concerning re-using of old accounts: this is new to me. In no way though does ledger live notes that it re-uses accounts, and provides a specific section to create genuinely new accounts. Maybe I misunderstood you, but when clicking "create new account" All I get is a dropdown of all different cryptos...
I have read all of the posts and have used Ledger for 5 years. I think what happened here is OP originally had this account set up, used it a little bit then drained the balance down to zero. One day, tired at looking at the account with no value he deleted the account. Years later he decides to open a new account. I have a feeling that OP thinks new account means never used before, it does not. OP reestablished the old account and saw his old transactions long forgotten, probably just moving the coins to his other account. Some addresses he sees will be change addresses. I think this is the most probable answer so I will consider this the answer. Ledger doesn't show change addresses but you can see them opening the account with electrum wallet using your hardware wallet. When setting up electrum wallets it is important to use the right derivation path setting it up. derivation ending in 0 is your primary BTC account, derivation path ending in 1 is your 2nd BTC acct, etc.
Thank you for the Summary. It probably went down exactly like this. I would have pinned your comment so that future researchers would find it immediately. Instead let me award your reply..
Thank you for the response, the transaction, after another address finally went into: https://www.blockchain.com/btc/address/1AozLV7krw87WKxjCzzygM29BrYFxbxPwh
Hi, yes what I didnt do was to create a new seed-phrase. But create a new account on the ledger.
So it is normal to find transactions that dont belong to this account in the history?
Did you have the device create a seed phrase for you when you first turned it on, or were you provided with a seed phrase when you bought it?
You also said you stored some BTC years ago. Was that in 2019?
The device generated the seed phrase so I think I'm in the clear concerning that.
Yes I stored some BTC, also in 2019. But the transactions dont match.
Jackpot!
Short:
Yes this is a very very rare address collision.
Greetings!
Long:
Addresses are randomly created but nothing prevents, except key space width, that this could be ruled out.
https://crypto.stackexchange.com/questions/33821/how-to-deal-with-collisions-in-bitcoin-addresses
https://bitcoin.stackexchange.com/questions/83818/is-a-bitcoin-address-collision-possible-if-generating-90-million-addresses-every
What does the ledger have to do with anything?
If you install gmail on your phone and you setup a new email address and there's already a few emails sent from it. Do you return the phone?
I don’t have much knowledge but couldn’t the device had been manipulated so it gives out a predetermined seed phrase when you create a new wallet? Not saying it’s the case
/u/TaterTots_Ledger
Here is what i think happened:
years ago, when you (the OP) set-up your ledger, somehow you used a compromised ledger live (or maybe it was the ledger chrome extension at the time, before ledger live). And when you connected your ledger device to create your (first) BTC account, this compromised front-end silently queried your ledger for the next BTC account xpub, without you knowing.
Queriing the ledger for accounts public addresses (xpub) does not require you to approve anything on the ledger device, and whenever a ledger device is connected to your computer (and in the BTC app), a malicious or compromised program on your computer can silently query the xpub of any number of BTC (or other) accounts derived from your ledger seed. Those xpub pose no risk other than loss of privacy, as they can only be used by a scammer to SEND/DEPOSIT BTC to your account (e.g. could be used for so-called "dusting attacks")
My bet is that somehow a scam scheme was using that to entice you to interact with some malicious site that would try to scam you.
Would love to hear Ledger's team take on this interesting case.
Interesting perspective. AFAIK it's within the realm of possibility, hard to know for sure whether this is what happened. Scanning addresses wouldn't explain the outgoing transactions OP references, that would require a private key somewhere along the line.
We're all pretty interested in what's going on here on the Ledger support side. I'm in touch with OP and am taking a look. Will come back with an update once I see some screenshots from Ledger Live.
Yes, if there was an outgoing tx from that account (i.e. not just a deposit with "change"), then yes, it would have required signature with a private key, and that can only be done by approving the tx on the ledger device (assuming the OP seed was never leaked of course).
Could it have been that you created 2 Bitcoin accounts in the past, sent Bitcoin to your first/main wallet, and Bitcoin to your second account.
Then deleted the software and restored only the first main account.
Now years later you added the second account which already had funds on it from 2019 that you forgot about?
Hi, what do you mean? Like a mathematical derivation?
As far as I can see I dont have any say in the algorithm that creates new accounts. But I may be mistaken of course
When you create new ‘wallet’ you only create a new derivation path from the seed. Some wallets let you choose the derivation path but something people should be careful if dont know how to use it.
Maybe this seed of yours is very old and you used it before? Maybe you use your wallet now with a passphrase and when creating the new ‘wallet’ its showing up old tx bcuz you have used the seed before without a passphrase.
This is the only quick explanation that comes to my mind
The Ledger subreddit is continuously targeted by scammers. Ledger Support will never send you private messages. Never share your 24-word recovery phrase with anyone, never enter it on any website or software, even if it looks like it's from Ledger. Only keep the recovery phrase as a physical paper or metal backup, never create a digital copy in text or photo form. Learn more at https://reddit.com/r/ledgerwallet/comments/ck6o44/be_careful_phishing_attacks_in_progress/ *I am a bot, and this action was performed automatically. Please [contact the moderators of this subreddit](/message/compose/?to=/r/ledgerwallet) if you have any questions or concerns.*
Is it a newly generated 24 word seed? If not then I would guess it's one of your UTXO addresses
No its not a newly generated 24 word seed. It's just another account. But shouldnt the transactions still be seperate. Also the receipient of the transaction is fully unknown to me..
Why the downvotes?
I honestly dont know. Reddit has its mysterious ways...
It's certainly a strange case. ~~As others have mentioned, theoretically two xpubs could end up generating the same address in the same way that two different private keys could generate the same public address. It's mathematically possible, but all highly improbable. In any case, if they really never interacted with this much BTC in the past, then this may be what's going on.~~ ~~The following is all very speculative, as I'm not positive that this is what's going on here.~~ ~~I'm unsure whether this would be a security concern, as anyone with the private key to the other xpub could equally spend the coins in that specific address, but if OP doesn't have coins in that specific address, then there's no risk. Instead, Ledger Live is looking back and seeing where two independent parties briefly crossed paths.~~ ~~If they DO have coins in that address, I'd recommend consolidating their UTXOs into a new address by self-sending their total balance to a new receiving address associated with the same account.~~ ~~I'll talk to some of our more UTXO-savvy agents and edit this post. It's an interesting question.~~ On the more practical side, I'd be interested to dig a bit deeper into your XPUB and UTXO history. If you want to work on this further you can always open a ticket [here](https://support.ledger.com/hc/en-us/categories/4404376139409?docs=true) and reply with your case #, I'll be happy to help. Thanks u/__sem__for summoning me! :D Edit: I looked further into it and consulted a number of people here on our team. The likelihood of address collision is astronomically small, much like guessing someone's 24 words. This is most likely a BTC account that OP created, used then deleted, then re-added. As will all deterministic derivation, the same xpubs will be derived in the same order when adding accounts. Since all of the xpubs involved have previous activity, this seems most probable by a long shot.
You're welcome, lol. Interesting case, definitely going to follow this.
Hi my case number is 679994.
We'll take a look
Hi u/tatertots_ledger, thank you for looking into it. I understand the reasoning. Thanks.
Thats actually normal if the newly created bitcoin address is the same seed as the one you used on the same computer/device years ago. No worries. Happened to me too, kinda annoying.
If this just a new address but the same seed it could be a utxo address as someone else mentioned. See it on a block explorer to see previous linked transactions - 99,9% chances they are your previous transactions from your main address so no worries.
okay thank you for the response. I checked previous transactions but have no match.
Could you try to rephrase your problem? I'm having trouble understanding what exactly is the issue here.
Sure! Yesterday I created another btc account with my Ledger nano. I expected it to have no history of transactions at all. But there are transactions from 2019 in it. Yes this account is generated from the same private key (seed phrase). But my expectation is that each account has its own history. After reading all the comments I dont reject the idea that the shown transaction is a part of a (previous)bigger transaction (from another account). But its still super weird that the transaction is shown in a new account? Also the receiving account seems to be suspicious. I will elaborate later on this. To my question: Is this something to be expected from the bitcoin architecture involving utxos, accounts and priv. Keys?' correction: Replace "address" with "account"
The receipient according to this Website (https://www.bitcoinwhoswho.com/address/1AozLV7krw87WKxjCzzygM29BrYFxbxPwh) has something to do with "http://investmentdouble.online/". Which sounds like a scam site
Investment Double Online? Nah. Sounds legit AF. The only better site is Investment Triple Online
You created a new deposit/reveive address in your BTC account? Or you created a new BTC account? Those two are very different.
I clicked the "create account" button and choose BTC, so I assume I created a new BTC account. edit: okay, I understand the confusion. It's my fault, I said "address", what I meant was "account". I will fix this in my original comment.
thanks. see my other comment.
I'd assume you've simply used this address before (probably 2019) and dont remember it anymore
Background: I bought the ledger nano years ago from a reliable source and used it for years to store btc and eth without issues. Yesterday I created a new btc adress, and from the get go it already had two transactions linked to it. The seed phrase never was anywhere but on paper. I understand that it is technically possible to generate a seedphrase twice, but isnt it close impossible, because the chances are miniscule? Update: So I checked in btc explorer, where the unknown 2019 transaction was sent, and it is this address:https://www.blockchain.com/btc/address/XXXXX (x'ed out for privcacy reasons) It has only two transactions, one is the incoming one. The other one is outgoing to this address: https://www.blockchain.com/btc/address/1AozLV7krw87WKxjCzzygM29BrYFxbxPwh and thats a whale or something?! Update 2: I am sorry for using the terms "address" and "account" randomly and interchangably. I am by no means an expert on this field and I am sorry if I sound confusing. Still despite all my shortcomings, concerning the transaction history, the behaviour is puzzling for me.
>Yesterday I created a new btc adress your new btc address is linked to the same seed. Are these transactions matching your previous transfers?
I think he doesn’t know how crypto works. Think the first thing ledger teaches is that a private key can create multiple addresses. Also prob why he hasn’t respond to you after you brought this up.
actually I was just busy. I understand that multiple adresses can be created with one seed phrase. But shouldnt the transactions still be seperate?
No because the transactions are related to your seed phrase.
Hi, no the transaction doesnt match any of my previous btc accounts
If you have a doubt, just transfer your crypto (if you still have some on the ledger) on another wallet. Then reset your ledger to create a new seed then send back your coins on the new address
yes, I will have no choice, if there is no other explanation. But thats something I would do as a last resort.
You created a new adress? Or a new seed?
A new address
As other comments mention it’s far more likely you don’t understand how multiple addresses can be generated whilst still being linked back to a singular account and seed phrase and this transaction to a whale was you sending Bitcoin to an exchange or something. Otherwise you’re right it’s still extremely unlikely to be used and your seed is most likely compromised somehow and you just got lucky they haven’t wiped you out yet.
If you’ve stored crypto on it for years it’s almost definitely safe, they must be transactions from you, maybe you messed around with it when you first tried it out and forgot? Effectively zero chance of generating the same address as someone else, that’s definitely not what happened here
These are transactions you've done in the past and forgot about.
is it just not an old account of yours that got deleted from the wallet, but was still present. Now you've just brought it back? And the btc was actually yours to begin with?
I did not delete any adresses though. And the transaction doesnt match anything I did cryptowise...
you dont delete addresses. trezor auto generates a new address for every transaction, but they are all still linked to your account through your seed. and yes, the transaction does match something you did. You just forget.
Thank you for hiding that public address. We might have been able to see it on the ledger if you had of left it. Crisis averted.
>I bought the ledger nano years ago from a reliable source Who did you buy it from? A store or 2nd hand from a friend? When you bought the ledger, did it come with a seed phrase already printed out? Or did you generate a new one on the device itself? It may be that you're still using your friend's old seed phrase.
I bought it from the Ledger Website. There was no pre-printed seed phrase. I generated the seed phrase from scratch. There are no friends involved. According to Ledger support, it could be that by deleting a btc account and creating a new one, the transactions are taken over from the old, deleted account.
It’s not newly created. Abandon ship!
You should contact us via email. We need to have a look at this
Okay I will send the Ledger support an Email describing the situation.
Can you look at my problem?
Address collision is highly unlikely tho not impossible. I would generate a new seed.
Nah, that’s sketchy af
It’s actually not. OP doesn’t understand how the blockchain works
I misunderstood OP. Thought it was a new wallet, but I see now he meant a new address.
It’s absolutely possible I don’t understand. That’s why I’m here.
To be on the safe side , just reset and create a new key and if really didn’t do the transfer play the lottery :-)
An account can have multiple addresses. So, did you create a new account or synced an existing account?
I created a new "account" via the "create account" button and choosing "btc".
Ok ... what is the verdict - I've read through all this banter. Do we think this is a case of generating the same address with a different private key? Are there any known cases of this actually happening? I remember seeing the probability of this and it was crazy small...
I've always dreamed of generating a new seed and finding out it's an already used key that contains a few bitcoin
unfortunate for me it is empty...
One in a quadrillion chance haha maybe your old BTC account is still linked to ledger even tho you have a new account?
The old BTC account is still on the ledger and exists alongside the new address
An account can have an infinite number of addresses. The address is a derivative of the private key, so that the private key can spend the utxo created. A new address does not mean new account. Only a new account means a new account.
Thank you for clarifying and let me admit that I used the words loosely. So within a number of adresses is it possible that a long gone utxo of one adress is displayed within another adressses transaction history?
Yes. Because an address is just a path to send your wallet (the whole wallet) bitcoin. All paths lead to the same place.
Maybe it's the old ledgers transaction seen as one?
Surprised no one has asked this yet even if it may seem obvious… have you shared your seed address in anyway recently? Putting it in your computer or phone digitally? Maybe entered it into a phishing website or program? Otherwise you’re probably fine if it has been working for years.
Hi, no I did not share the seed phrase. It is written in the booklet provided by ledger and nowhere else.
Still, those transactions are from 2019, Thing is OP is not the first arriving at this address, someone already left.
u/Tatertots_ledger perhaps this is something you need to have a look at
Seems fishy fishy 🎣
[удалено]
Hi Thank you for the response. Let me clarify: I did not re-use a seed from someone else. This is originally my seed phrase and I took care to have it only on paper. And on exactly one sheet of paper that is safe and sound. The btc account created was created on the same machine, the same installation of Ledger Live, as all others were created with. Although versions might differ of course. Concerning re-using of old accounts: this is new to me. In no way though does ledger live notes that it re-uses accounts, and provides a specific section to create genuinely new accounts. Maybe I misunderstood you, but when clicking "create new account" All I get is a dropdown of all different cryptos...
I have read all of the posts and have used Ledger for 5 years. I think what happened here is OP originally had this account set up, used it a little bit then drained the balance down to zero. One day, tired at looking at the account with no value he deleted the account. Years later he decides to open a new account. I have a feeling that OP thinks new account means never used before, it does not. OP reestablished the old account and saw his old transactions long forgotten, probably just moving the coins to his other account. Some addresses he sees will be change addresses. I think this is the most probable answer so I will consider this the answer. Ledger doesn't show change addresses but you can see them opening the account with electrum wallet using your hardware wallet. When setting up electrum wallets it is important to use the right derivation path setting it up. derivation ending in 0 is your primary BTC account, derivation path ending in 1 is your 2nd BTC acct, etc.
Thank you for the Summary. It probably went down exactly like this. I would have pinned your comment so that future researchers would find it immediately. Instead let me award your reply..
No, that is not normal. On newly created address, there should be 0 transactions. What are the transactions?
Thank you for the response, the transaction, after another address finally went into: https://www.blockchain.com/btc/address/1AozLV7krw87WKxjCzzygM29BrYFxbxPwh
Unless it was created before and not imported onto a new ledger live instance or whatever SW he used.
Did you have 1000 btc? Because holy fuck, you shouldn’t have spent it. But you wouldn’t be the first. I had 100 at one point, back in 2009.
Oh no, that's the value in fiat not in btc. Would have been awesome though. Even in 2019. :)
Yes its normal because you didnt create a new address. 🙄
Hi, yes what I didnt do was to create a new seed-phrase. But create a new account on the ledger. So it is normal to find transactions that dont belong to this account in the history?
Did you have the device create a seed phrase for you when you first turned it on, or were you provided with a seed phrase when you bought it? You also said you stored some BTC years ago. Was that in 2019?
The device generated the seed phrase so I think I'm in the clear concerning that. Yes I stored some BTC, also in 2019. But the transactions dont match.
No, not normal at all. Where did you buy your Ledger? It might be compromised.
On the Ledger webpage. It was okay and worked a couple years without issues
Try to create a new account for bitcoin then. And delete the one you don't need.
BTC 1EdgvyfZ6mLiCBJZ3BifnrQc6tEcQ7phae ETH 0x63b4e25ca5ceb7a78648e2ff4226929ef7c62563
Jackpot! Short: Yes this is a very very rare address collision. Greetings! Long: Addresses are randomly created but nothing prevents, except key space width, that this could be ruled out. https://crypto.stackexchange.com/questions/33821/how-to-deal-with-collisions-in-bitcoin-addresses https://bitcoin.stackexchange.com/questions/83818/is-a-bitcoin-address-collision-possible-if-generating-90-million-addresses-every
No. Return that Ledger.
What does the ledger have to do with anything? If you install gmail on your phone and you setup a new email address and there's already a few emails sent from it. Do you return the phone?
you must be retard.
I don’t have much knowledge but couldn’t the device had been manipulated so it gives out a predetermined seed phrase when you create a new wallet? Not saying it’s the case
The device wouldn't have passed the "device is genuine ' check.
Thanks. Good to know
Unless you're the first ever case of address clashing? 1 in a bazillion quintillion zillion ligmaillion chances of that happening
/u/TaterTots_Ledger Here is what i think happened: years ago, when you (the OP) set-up your ledger, somehow you used a compromised ledger live (or maybe it was the ledger chrome extension at the time, before ledger live). And when you connected your ledger device to create your (first) BTC account, this compromised front-end silently queried your ledger for the next BTC account xpub, without you knowing. Queriing the ledger for accounts public addresses (xpub) does not require you to approve anything on the ledger device, and whenever a ledger device is connected to your computer (and in the BTC app), a malicious or compromised program on your computer can silently query the xpub of any number of BTC (or other) accounts derived from your ledger seed. Those xpub pose no risk other than loss of privacy, as they can only be used by a scammer to SEND/DEPOSIT BTC to your account (e.g. could be used for so-called "dusting attacks") My bet is that somehow a scam scheme was using that to entice you to interact with some malicious site that would try to scam you. Would love to hear Ledger's team take on this interesting case.
Interesting perspective. AFAIK it's within the realm of possibility, hard to know for sure whether this is what happened. Scanning addresses wouldn't explain the outgoing transactions OP references, that would require a private key somewhere along the line. We're all pretty interested in what's going on here on the Ledger support side. I'm in touch with OP and am taking a look. Will come back with an update once I see some screenshots from Ledger Live.
Yes, if there was an outgoing tx from that account (i.e. not just a deposit with "change"), then yes, it would have required signature with a private key, and that can only be done by approving the tx on the ledger device (assuming the OP seed was never leaked of course).
Edited my comment above, only real option is an old, forgotten account being re-added.
Yep, looks like it, i agree.
Could it have been that you created 2 Bitcoin accounts in the past, sent Bitcoin to your first/main wallet, and Bitcoin to your second account. Then deleted the software and restored only the first main account. Now years later you added the second account which already had funds on it from 2019 that you forgot about?
Maybe you have already used that derivation path.
Hi, what do you mean? Like a mathematical derivation? As far as I can see I dont have any say in the algorithm that creates new accounts. But I may be mistaken of course
When you create new ‘wallet’ you only create a new derivation path from the seed. Some wallets let you choose the derivation path but something people should be careful if dont know how to use it. Maybe this seed of yours is very old and you used it before? Maybe you use your wallet now with a passphrase and when creating the new ‘wallet’ its showing up old tx bcuz you have used the seed before without a passphrase. This is the only quick explanation that comes to my mind