Hi, I’ve just paid for Mullvad VPN (personally recommend) with XMR. That looked like this:
- I copied the address (one time subaddress) and the amount, checked if everything matched (and it did) and pressed send.
- On my Ledger I checked the fee, accepted, checked the amount, accepted, checked the address… REJECTED, because the address was different.
- Repeated the step above probably 2 times, installed ClaimAV and started full scan of my machine for malware.
- Because the Monero Wallet GUI was freshly installed from official Arch Linux repo and it showed the right address I decided to still accept the transaction. Worst case I lose 10 €.
- While the transaction was pending I tried to prove payment using LocalMonero’s block explorer and I got an error. So I basically got hacked and lost 10 € …
- Checked Mullvad VPN app and… it was paid???
Can someone explain me what just happened? My ledger showed a different address than what I copied, but the transaction still went to the right person. I started using Ledger only a month ago and I haven’t been paying with it much. If this is all good and right, how can I tell if I’m being scammed on my Ledger?
I checked for already opened issues on github for monero ledger app and there are already 4 issues about this bug, 2 of which are still open, one since 2020!
https://github.com/LedgerHQ/app-monero/issues/66