Hotel-Safe Evil Maid Attack: When 4.2 BTC Walked Away

The hotel-room break-in that didn't take the device

April 2025. A holder in San Diego travels to a conference in Las Vegas. He leaves his Ledger Nano S Plus in the hotel safe along with his passport. On the second day, the safe shows signs of being opened — the device is still there, slightly out of position. He continues the trip, returns home, uses the device normally. Six weeks later, an unrecognized address drains 4.2 BTC during a routine transaction.

What "evil maid" actually means in crypto

The term comes from computer security: a "maid" with brief physical access to a hotel room can modify a laptop's firmware in 5–10 minutes, then disappear. For hardware wallets, the variant is: physical access to a sealed device gives the attacker time to replace the device with a visually identical one running tampered firmware, install a hardware key-logger in the cable, or — for older devices with weak secure elements — extract the seed directly.

The five travel rules

• Never travel with the high-value hardware wallet. Leave it at home, in a fire-rated safe, or in a bank deposit box. Travel with a low-balance "spending wallet" only.
• If you must travel, carry the device on your person. Hotel safes are not security devices — they are convenience furniture. Hotel staff have master codes. The TSA may need to inspect contents.
• Use a passphrase. Even if the device is physically tampered or its seed is extracted, the passphrase protects derived addresses. The passphrase is in your head, not on the device.
• Tamper-check on return. Compare the device against a high-resolution photo you took before traveling. Check the USB port, the screen, the buttons, the back panel. Any visible difference is the proof.
• Move funds to a fresh device after any potential physical compromise. If you suspect the device was accessed — out of place, scratched, off-position — assume the seed is compromised. Generate a new seed on a verified-fresh device, move funds within the hour.

The threat model question

Most US holders are not high-value targets for physical attacks. The threat is real but rare. The defense — passphrase, travel with low-value wallet, store high-value at home — costs nothing to maintain and prevents an entire class of failure.

Where to actually store the high-value device

For most US holders: a fire-rated home safe (cost $200–400, weight 50+ lbs so it cannot be carried out in a burglary). For higher value: bank deposit box. For multi-million: 2-of-3 multisig across home, deposit box, and a trusted family member's home. Each upgrade adds complexity; pick the level that matches the portfolio.