Ledger, a cryptocurrency wallet provider has encountered a data breach. The official Twitter account of the hardware wallet tweeted that they have been alerted to the dump of a client database on Raidforum. The firm stated that it is still verifying the hack but initial clues intimate it is from its e-commerce database from this past June.
Today we were alerted to the dump of the contents of a Ledger customer database on Raidforum. We are still confirming, but early signs tell us that this indeed could be the contents of our e-commerce database from June, 2020.
Ledger Data Breach And The Phishing Scams
Ledger was first hacked in July 2020, but new reports now unveil the full length of the data breach. The leaked data, which was distributed on Raidforums, also contains names, addresses, and phone numbers of Ledger clients.
According to the official post, On July 14, a researcher reached out to Ledger via its bounty program to notify them about the data breach on its e-commerce and marketing database. The official post further stated that the firm quickly fixed the data breach and started internal probes and found that the leaked data was because of unauthorized access and the clients’ funds are safe.
Leak is legit.
Over 1,000,000 email addresses
Over 250,000 physical addresses and phone numbershttps://t.co/hLoXv3BATk
It appears that the Ledger wallet clients have been targeted by a phishing campaign that utilized a fraudulent data breach warning to steal cryptocurrency. Below is an example of an email that one Ledger user received bound to the data leak.
So I get an email from "unknown" stating my full name and physical address – because of your leak. What are you actually going to do about this@galgitron – anyone else had anything similar? pic.twitter.com/R9NslweFnk
It appears that the Ledger wallet clients have been targeted by a phishing campaign that utilized a fraudulent data breach warning to steal cryptocurrency. Below is an example of an email that one Ledger user received bound to the data leak.
Here is the page of its website that tracks crypto exchange hacks saying that $1.74 billion has been stolen from exchanges or $31 every second.
Ledger also stated the data breach did not generate any immediate threat to funds safety of users. But security experts say that many clients’ security is in danger.
If you have a Ledger, throw it away, change your email, and move your house. A malicious third party has your detials and knows you own a hw wallet. @Ledger, what’s your plan to protect thousands of users who are now walking with a target on their back?
Phishing emails 24/7 pic.twitter.com/r9Fo0FSfPx
According to cybersecurity site haveibeenpwned.com, it had registered almost 69% of the compromised addresses.
New breach: Ledger had over 1M email addresses breached in June, sold, then dumped publicly today. Data also included names, physical addresses and phone numbers. 69% were already in @haveibeenpwned. Read more: https://t.co/F44bBWzioQ
Alon Gal, Co-Founder & CTO at security company Hudson Rock tweeted:
This leak holds major risk to the people affected by it!
Individuals who purchased a Ledger tend to have high net worth in cryptocurrencies and will now be subject to both cyber harassments as well as physical harassments in a larger scale than experienced before.
He also stated that “Other forum members are not appreciating the leaker taking away their potential 6 figure sales for this database”.