Welcome Bonus: Sign Up & Get Up to $150 in BTC

Get Started

Ledger data leak leaves crypto community furious, here’s what to do next

Ledger, the popular hardware wallet, said today that data belonging to over 1 million customers was leaked on a hacker forum.

Ledger data leak leaves crypto community furious, here’s what to do next

Cover art/illustration via CryptoSlate

Ledger, the popular hardware wallet, said today that data belonging to over 1 million customers was leaked on a hacker forum.

Ledger users endure data leak

Hardware wallet Ledger said today that details of a database compromised in June were dumped on RaidForums, an infamous online hacking forum, over the weekend. The information has been made available for free, meaning anyone can access the data.

Ledger first announced the leak back in July. It said at the time that only 9,500 particulars were leaked and that the firm was working with French authorities to prevent further vulnerabilities.

But the efforts have fallen short. Todayโ€™s data dump comprises over 1 million email addresses (attached to individual wallets that can be checked over a block explorer), as well as personal information of the victims (such as home addresses and mobile phone numbers).

It said in a statement on Twitter, โ€œIt is a massive understatement to say we sincerely regret this situation.โ€ Ledger added in further tweets that French authorities were still working on the case to prevent proliferation, claiming that the efforts took down 170 phishing sites where the database details were first put up.

Ledger said it โ€œwould learn from this instanceโ€ to make the service even more secure for users. However, the broader crypto community was not convinced by the tweetstorm. Much of the consensus was around how to avoid Ledger products entirely in the future, apart from immediate actions to protect oneโ€™s identity.

Ruben Merre, the CEO and founder of theย  NGRAVE ZERO crypto wallet, remarked on the incident to CryptoSlate:

“First and foremost, we hope this data leak is something that everyone in the industry will learn from. As for us, our message has always been that security needs to be an end-to-end story. A hardware wallet is great, but you also need a strong backup solution, compliance with data privacy rules and in the case of a security company, well-thought-out customer data protection (and deletion). End-to-End. Your peace of mind will always be our mission.”

What next for crypto users?

One of the main questions doing the rounds was why did Ledger store all that data in the first place? As a hardware wallet, the firm did need personal information to help deliver the wallet, but storing customer information was, in the views of some, a massive breach of trust.

Popular crypto influencer โ€œnotsofastโ€ said Ledger users whose data was compromised in the leak should get a new contact number and email id at the earliest to prevent any possible phishing.

They addedโ€”arguably for users holding large amounts of cryptoโ€”that multisig keys and recovery codes should now be kept at a different address than the residence, as the latter was now compromised.

Meanwhile, some users on Ledgerโ€™s tweet thread said they would take legal action against the breach and the alleged storage of personal information without permissionless.

Ledger did not respond to a mail by CryptoSlate at press time.

Posted In: , Hacks, Privacy