The extent of Ledger customer email leaks remains unknown
The company has not yet named the nature of the leak
Users are unhappy with the silence of the Ledger
International consortium of news organizations developing transparency standards.
Users of the Ledger hardware wallet were victims of a massive phishing attack in which they were asked to install a fake update
Ledger users report massive phishing attack
Users of the popular Ledger hardware wallet have faced a phishing attack. At least this is signaled by mass tweets. In email newsletters that replicate Ledger’s design exactly, scammers claim that around 85,000 email addresses were leaked..
Join our telegram channel to keep abreast of the main trends in the crypto market.
To ensure the security of digital assets, scammers suggest installing an update for Ledger:
“To protect your assets, please download the latest Ledger Live and follow the instructions to create a new wallet PIN.”.
The key feature of scam emails is the wrong sender address, which mimics the official hardware wallet website: legder.com instead of ledger.com.
The company has already confirmed that the cybercriminals had contact with customers, but did not disclose the extent of the attack, as well as the source of the leak. Ledger urged not to disclose the wallet recovery mnemonic phrase under any pretext. However, some users believe that the leak occurred precisely on the side of the wallet developer.
Learn how to trade in the cryptocurrency market with BeInCrypto partner – cryptocurrency exchange StormGain
User Andreas Tash wrote on his Twitter page that the phishing attack is the result of insufficient security of Ledger services. According to Tash, the attackers were able to gain access to the databases of Ledger clients:
“I used the email exclusively for your [Ledger] store, and today I received a (very well prepared) phishing email offering to download ledgersupport_DOT_io. Why didn’t I receive any information that my email address was hacked? What data was stolen? Do they know my physical address? “.
It is noteworthy that back in late July, Ledger itself confirmed the fact of a hacked marketing database, as well as a leak of store customer data. Then the company said that “all affected” addresses leaked received notifications from Ledger.
However, according to Tash, he did not receive any notification from Ledger to his email address created specifically for Ledger, which was ultimately the target of a phishing attack..
“Does this mean that the hack [in July] was much bigger and affected more customers than anticipated, or there was a new leak. What is it? “, – wrote Tash.
Ledger Hack: How to Protect Against Phishing Attacks & Being Scammed
At the end of July, the BeInCrypto editorial office reported that the manufacturer of hardware crypto wallets Ledger was the victim of an attack by cybercriminals who managed to steal about 1 million email addresses. According to the official announcement, on July 14, 2020, an unknown auditor of the official Ledger website (www.ledger.com) was able to find an API flaw that violates data security.
Ledger said they fixed the flaw almost immediately, but later the company discovered that on June 25, someone was able to use the loophole, gaining access to the e-commerce and marketing database..
Hardware wallets have long attracted cybercriminals. In early April, the research department of the cryptocurrency exchange Kraken Security Labs identified a critical vulnerability in a wallet from CoolBitX called CoolWallet S.
Then the experts discovered that the CoolWallet S version of the Android application stores the wallet PIN, the pairing password, and the mnemonic phrase in the form of clear text, which allowed the attacker to easily gain access to the assets..
What bitcoin wallets exist on the cryptocurrency market – read the special material of the BeInCrypto editorial office.
What do you think? Share your thoughts with us in the comments and join the discussion in our Telegram channel.
All information contained on our website is published in good faith and objectivity, and for informational purposes only. The reader is solely responsible for any actions he takes based on the information received on our website..