this post was submitted on 01 Feb 2024
1 points (100.0% liked)

Monero

1662 readers
4 users here now

This is the lemmy community of Monero (XMR), a secure, private, untraceable currency that is open-source and freely available to all.

GitHub

StackExchange

Twitter

Wallets

Desktop (CLI, GUI)

Desktop (Feather)

Mac & Linux (Cake Wallet)

Web (MyMonero)

Android (Monerujo)

Android (MyMonero)

Android (Cake Wallet) / (Monero.com)

Android (Stack Wallet)

iOS (MyMonero)

iOS (Cake Wallet) / (Monero.com)

iOS (Stack Wallet)

iOS (Edge Wallet)

Instance tags for discoverability:

Monero, XMR, crypto, cryptocurrency

founded 1 year ago
MODERATORS
 

Hi, I've just paid for Mullvad VPN (personally recommend) with XMR. That looked like this:

  1. I copied the address (one time subaddress) and the amount, checked if everything matched (and it did) and pressed send.
  2. On my Ledger I checked the fee, accepted, checked the amount, accepted, checked the address... REJECTED, because the address was different.
  3. Repeated the step above probably 2 times, installed ClaimAV and started full scan of my machine for malware.
  4. Because the Monero Wallet GUI was freshly installed from official Arch Linux repo and it showed the right address I decided to still accept the transaction. Worst case I lose 10 €.
  5. While the transaction was pending I tried to prove payment using LocalMonero's block explorer and I got an error. So I basically got hacked and lost 10 € ...
  6. Checked Mullvad VPN app and... it was paid???

Can someone explain me what just happened? My ledger showed a different address than what I copied, but the transaction still went to the right person. I started using Ledger only a month ago and I haven't been paying with it much. If this is all good and right, how can I tell if I'm being scammed on my Ledger?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 0 points 9 months ago (1 children)

Good question. You didn't get hacked. You approved the payment to Mullvad.

When you send XMR to an "integrated address", Ledger does not display the integrated address on the device. It displays the raw Monero address. Mullvad probably uses integrated addresses.

SethForPrivacy said:

At present, the UX around integrated addresses can be confusing and even outright dangerous, like how the Ledger always displays the underlying address instead of the integrated address, making address verification difficult or impossible depending on the application.

I don't know if there are plans to fix this or if it can be fixed at all.

[–] [email protected] 0 points 9 months ago

Thank you, that explains quite a lot :)