Stake pool ID isn't matching on my Ledger device

Hi,

I got hacked a few days ago and the hacker took all my crypto from my Metamask and Exodus (been DCAing since last 3 years!). They got into my system and somehow were able to get into the above wallets. They did try to get into my Yoroi and tried to steal my ADA as well but seems like they weren’t able to break the password to do the transfer. Surprisingly, bits of my crypto on exchanges are still there.

Lesson learned - bought Ledger wallet (not sure whether it is fully secure but should be better than having crypto on hot wallets).

I am now trying to stake my ADA using Ledger but the pool ID that I am seeing on my Ledger device is different to the ID it’s showing up on my system. I have tried directly on the mobile app (Ledger Live), computer (Ledger Live), then using Yoroi hard wallet connection (Using Chrome Extension). I am not able to fully verify the address. It’s usually last 5-6 numbers/alphabets that are different.

My concern is whether my Ledger is already compromised or is it something I am missing?

I have attached the images. It is happening with any pool I choose.

Any help would be much appreciated.

Thanks.

1 Like

Oh, that is interesting (but nothing to worry about as far as I can see). I can reproduce that the Ledger shows me a different pool ID than any wallet app or blockchain explorer if I try to change delegation.

The last six characters of a Bech32 address (the addr1…, stake1…, and also pool1… addresses used in Cardano) are a checksum of the information encoded in the characters before that. As far as I can see, the Ledger does not get these addresses during the communication with the wallet app, but rather the binary form that is in the transaction to be signed. And it then recalculates this Bech32 representation of the pool ID to ask confirmation from the user.

There seems to be a bug in that checksum calculation in the Ledger Cardano app, so that the last six characters are different than they should be.

So, no, that’s not a sign of your Ledger being corrupted and it cannot happen that you are delegating to a different pool than you want to. And delegation does not send away or lock your assets at all, so risk is rather minimal anyway. You can confirm that delegation transaction.

But it’s a bug that should be fixed, anyway.

1 Like

I think I have found the bug and I submitted an issue for the Ledger Cardano app:
https://github.com/vacuumlabs/ledger-app-cardano-shelley/issues/216

2 Likes

@HeptaSean Thank you for looking into this and getting back to me. Gives me some peace of mind. I have also raised a ticket with Ledger to fix this bug.

1 Like

Well done!

1 Like

目前,ledger上依然存在这个问题,希望能尽快修复,谢谢!