1

Case beyond my knowledge. There is a wallet on Ledger. Etherscan.io reports a successful transaction of some fake coin FROM this wallet. The amount of coins is non-zero. No action has been taken with the Ledger hardware wallet at this time. My knowledge is clearly not enough to understand how this can happen. How is it possible to successfully withdraw coins (even fake ones) in a non-zero amount without private keys? More precisely: How could such a transaction get the status “Success” in etherscan.io?

Rohan Nero
  • 1,562
  • 2
  • 7
  • 27
abb
  • 11
  • 3

2 Answers2

1

The only way for a user to take funds from an account without the private key would be if the account has signed a transaction that does so.

After looking at the Etherscan link you provided, I can see that the contract that took the funds is known as Fake_Phishing, this leads me to believe that you may have accidently signed a malicious transaction at some point that allowed another user to steal your funds.
enter image description here

The extension I am using that references the contract as Fake_Phishing, is called MetaDock. It adds new features to block explorers to help users understand contract structure and layout easily.

Rohan Nero
  • 1,562
  • 2
  • 7
  • 27
0

If the token contract has a transferFrom function that doesn't do any sort of allowance check, they could just call transferFrom.

Was a recent example of a token like that, pond0x enter image description here

Where people were just repeatedly transferring from each others accounts.

Tokens usually carry a check. Like this from weth9: enter image description here

If the token has a check like that and they are still removed from a wallet, the signer at some point signed an allowance for that to happen. Possibly to a contract that was exploited after the fact, as in the case of the multichain hack.

Maka
  • 773
  • 3
  • 11