Ledger data leak leaves crypto community furious, here’s what to do next

Ledger, the popular hardware wallet, said today that data belonging to over 1 million customers was leaked on a hacker forum.

Ledger users endure data leak

Hardware wallet Ledger said today that details of a database compromised in June were dumped on RaidForums, an infamous online hacking forum, over the weekend. The information has been made available for free, meaning anyone can access the data.

Ledger first announced the leak back in July. It said at the time that only 9,500 particulars were leaked and that the firm was working with French authorities to prevent further vulnerabilities.

But the efforts have fallen short. Today’s data dump comprises over 1 million email addresses (attached to individual wallets that can be checked over a block explorer), as well as personal information of the victims (such as home addresses and mobile phone numbers).

We executed penetration tests and forensic analysis with external security firms to test these and find any additional vulnerabilities on our e-commerce systems.

— Ledger (@Ledger) December 20, 2020

It said in a statement on Twitter, “It is a massive understatement to say we sincerely regret this situation.” Ledger added in further tweets that French authorities were still working on the case to prevent proliferation, claiming that the efforts took down 170 phishing sites where the database details were first put up.

Ledger said it “would learn from this instance” to make the service even more secure for users. However, the broader crypto community was not convinced by the tweetstorm. Much of the consensus was around how to avoid Ledger products entirely in the future, apart from immediate actions to protect one’s identity.

Ruben Merre, the CEO and founder of the  NGRAVE ZERO crypto wallet, remarked on the incident to CryptoSlate:

“First and foremost, we hope this data leak is something that everyone in the industry will learn from. As for us, our message has always been that security needs to be an end-to-end story. A hardware wallet is great, but you also need a strong backup solution, compliance with data privacy rules and in the case of a security company, well-thought-out customer data protection (and deletion). End-to-End. Your peace of mind will always be our mission.”

What next for crypto users?

One of the main questions doing the rounds was why did Ledger store all that data in the first place? As a hardware wallet, the firm did need personal information to help deliver the wallet, but storing customer information was, in the views of some, a massive breach of trust.

Friends don't let friends buy or use a @Ledger. ?‍♂️https://t.co/AgblCjSg2w

— WhalePanda (@WhalePanda) December 21, 2020

Popular crypto influencer “notsofast” said Ledger users whose data was compromised in the leak should get a new contact number and email id at the earliest to prevent any possible phishing.

They added—arguably for users holding large amounts of crypto—that multisig keys and recovery codes should now be kept at a different address than the residence, as the latter was now compromised.

3. Your home is no longer a safe place to store hard copies of seed phrases, or hardware wallets. You may now only store 1-of-n multisig here safely.

Find a new place that is safe, secure, friendly, offline, and accessible to you on the occasions you require.

— notsofast (@notsofast) December 20, 2020

Meanwhile, some users on Ledger’s tweet thread said they would take legal action against the breach and the alleged storage of personal information without permissionless.

How the hell is a company associated with the blockchain space unable to keep our data secure? The entire point of the industry you serve is privacy and and security and you failed at both.

Class action lawsuit inbound….

— Janus (@PinnaclePrimate) December 20, 2020

Ledger did not respond to a mail by CryptoSlate at press time.

Mentioned in this article

Ledger Ledger Blue Ledger Nano S

Ad

Nansen Collaborates with TRON DAO to Empower Developers and Users with Advanced Blockchain Insights

Ad

CryptoSlate on Substack cryptoslate.substack.com

Essential crypto updates and analyses. Straight to your inbox, every day.

Join 90k+ subscribers

Latest France Stories

France considering Polymarket ban after local trader makes $80 million on Trump win

Regulation 2 weeks ago

National Gaming Authority may block Polymarket, citing gambling concerns despite platform's blockchain appeal.

$30 million international crypto fraud from 2018 kicks off trial in France

Crime 1 month ago

Fraudsters impersonated agents to con professional football clubs, totaling €60,000 in redirected salaries to their accounts.

Toncoin bucks market slump as Telegram’s Durov addresses arrest in France

Analysis 3 months ago

Telegram also quietly updated its content policies during the past day.

Telegram CEO Pavel Durov freed on €5 million bail, placed under judicial supervision

Crime 3 months ago

Durov is also prohibited from leaving the French territory and must report to the police station twice a week.

Latest Press Releases

View All

DegenLayer Introduces The First Memecoin Focused Blockchain

Chainwire 1 hour ago

Arcana Network Launches the First Ever Chain Abstraction Wallet, Ushering a New Era of Multi-Chain Transactions

Chainwire 3 hours ago

GMT DAO Launches Groundbreaking Burn Initiative with a Target of Up to 600 Million GMT

Chainwire 6 hours ago