Part of the CustodyStress archive of observed Bitcoin custody incidents
CS-00950
The attacker used the captured PIN to drain the wallet remotely.
BlockedCase description
A Ledger user found in March 2021 that their hardware wallet had been targeted by a supply-chain attack. The device received had been modified before delivery to include a backdoor that transmitted any PIN entered to an external server. The attacker used the captured PIN to drain the wallet remotely. Ledger's post-investigation confirmed the attack vector was a compromised distribution chain.
Custody context
| Stress condition | Device loss |
| Custody system | Hardware wallet (single key) |
| Outcome | Blocked |
| Documentation | Unknown |
| Year observed | 2021 |
| Country | Unknown |
Structural dependencies observed
What this illustrates
Access ran through a third-party platform. When that platform became unavailable, so did the Bitcoin. Access was not recoverable.
Outcome interpretation
Access was not possible under the reported conditions.
Source
Publicly Reported
Evidence type
News article
Evidence link
Related cases involving device loss
188 cases involve device loss
274 cases involve hardware wallet (single key)
View archive statistics →
This archive documents observed custody survivability failures. It does not attempt to document all Bitcoin losses or security incidents.
Submit a case
← All cases
Framework references
Where Bitcoin Custody Intersects Legal and Fiduciary Authority
Where custody creates gaps in estate planning, fiduciary duty, and professional responsibility.
Professional Scope Boundary Matrix
What each professional or product covers, what they do not, and where gaps form between them.
The Independent Assessment Layer in Bitcoin Custody
How independent diagnostic layers emerge when multiple parties depend on shared infrastructure.
Translate