The bug appears to incorrectly process change transactions. One user appears to claim they’ve lost 1600 Monero, worth nearly $83,000 at press time.
No proof of this claim was offered, but the user says:
I didn’t get it back. I restored my seed on another Ledger and the balance was still 0.
A user flaired as a “ledger crypto developer” warned users:
Do not use Ledger Nano S with client 0.14 until more information is provided.
Understanding Crypto Change
There are a few primary transaction models in cryptocurrency. Ethereum and others use the “account” model, where a single address simply deducts and credits other addresses. Bitcoin, Monero, and many others use “unspent transaction outputs” (UTXO), which credit new transactions.
Say you’ve received 2 deposits of 1 BTC each, and you want to send 1.25 BTC to an exchange. Bitcoin will deduct one whole UTXO and .25 from the other. The remainder moves to a “change” address within the same transaction.
Unless otherwise specified, the change address will be generated based on the private keys of your wallet. Most wallets generate with a hundred or more addresses, and one of these will be randomly chosen to receive the “change.” Your wallet balance will be .75 BTC, minus the transaction fee to send the 1.25.
Monero works the same way. As one Redditor explains, a single unspent output of 1600 would create two transactions unless the whole balance was sent: 1 “outbound” and one “inbound.”
If that 1600 XMR is there as a single output, there is no other way than to split it and put most of it into change: You try to transfer out 0.001 XMR, all 1600 XMR will go out, and a change tx of 1599.999 should come back to you. […] That’s not a Monero problem by the way, that’s just the way most cryptocurrencies work in general, so if this freaks you out, maybe it’s back to PayPal :)
Ledger Wallet Sends Change — But Where?
Most wallets don’t make it clear where the change address will be, as it can be confusing to users. While it’s normally an address they control (again, you can specify in some wallets where you want the change to go), the user might wonder why the majority of their coin goes somewhere else. The bug in the Ledger Nano S appears to be related to the generation of change addresses.
At press time, it’s unclear if the coins are actually “lost” or just not syncing properly.
In Bitcoin, you can “burn” coins. You use an “impossible” address. An example is 1CounterpartyXXXXXXXXXXXXXXXUWLpVr. Basically, it would take an impossible amount of computing power to generate this exact address and extract its private key. Therefore, the more than 2000 BTC sent there is “burned.”
If the Ledger Nano S generates a real Monero address, but not one associated with the wallet or accessible with the associated private key, the coins could very likely be lost.
Hence, the warning not to use Ledger Nano S with Monero’s current version until the bug is worked out.