Public address has changed using Ledger Nano + Mew **($20k funds LOST)**

[numero41]

Hello,

**Here is an issue that has not been fixed for 7 months now, and that many users encountered while using Ledger Nano + Mew (or Mew alone, or Ledger + other wallets).
I've made many threads on Reddit, the main one being this one :

https://www.reddit.com/r/ledgerwallet/comments/7rd798/should_we_be_concerned_about_the_ledger/

I have been very active for many months, spent hundreds of hours to find a solution (I'm a software programmer, so I understand a few things).
I was in direct contact with @EricLarch during all this time, starting with a good feeling, ending with a get away from any responsibility from their side with absolutely no empathy for all the people that lost their saving.

Eventually, I ended giving up 3 months ago as my personal life was getting completely fucked up consequently and was about to lose my job, girlfriend, and mind.

I decided to open a new ticket following the advice of @jmacwhyte because the previous one was one kilometer long, and I understand it's a mess to go through all the comments.**

Here's a resume of what happened back in January, there are much more details on the reddit thread :

1/ I opened the ledger's eth / bitcoin apps on chrome, and had a look at the uis.
Saw on Ledger website that for custom erc20 tokens I had to go thru mew.
I opened a new tab in chrome.
(I am not sure I closed the eth app in the background.)

2/ I created / deleted a wallet with mew cx extension (to avoid confusion, I was able to recover it the day after, and it was not the address involved).

3/ I connected my Ledger via the Mew interface, selected the Ledger eth derivation path, ## checked the first address on the list

4/ I added my custom tokens (Qash/Ven/Nas) at the bottom-right with contract addresses/decimals/name

5/ I test-sent a very little amount of each coin to see if it was working fine. - I didn't tried to send them back. -
I was able to see them after about 30-45 minutes

6/ I sent all the remaining amount of the coins as for me everything was working fine.

7/ I was able to see the transactions were successful and to see all my tokens in the custom tokens section at the bottom-right.

8/ I unplugged the Ledger and had lunch

9/ By the end of the day, I re-plugged the Ledger, and I wasn't able to see my tokens again.
By having a deeper look, I was able to see that the first address in the list was not the same anymore.

**I tried many things to avoid any user error, starting with trying all the different derivation paths provided (even if I am 100% sure I checked the Ledger one).

I have a full image of my hard drive made 1 hour after the issue, and a dump of my RAM.
These have been very useful to find all the wallets I created/deleted previously in Mew without using the Ledger (I managed to recover all those wallets by finding the content - dictionaries - of the keystore files).
I am also 100% sure I NEVER set up a passphrase on my device.
I tried to re-initialize it from the start with my 24 words, I always end up with the new "wrong" address, same with the bip39 tool from Ian Coleman.**

I recently tried the Ledger Live application, and I was surprised to see my public address was different again from the 2 previous ones, but I just saw on a forum that Ledger decided to change their derivation path in order to use the account field of the BIP44 protocol.

Thanks a lot for your reading and time.

David

PS : here's the account where you can see my funds that I can't access anymore (which have decreased by 600% in value since)
https://etherscan.io/address/0xbBeC195bA2AD7197e280A682c185af1a3e9c9D29

[kvhnuke]

please refer to the answers on reddit