Ledger data leak leaves crypto community furious, here’s what to do next Ledger data leak leaves crypto community furious, here’s what to do next
🚨 This article is 4 years old...

Ledger data leak leaves crypto community furious, here’s what to do next

Ledger data leak leaves crypto community furious, here’s what to do next

Cover art/illustration via CryptoSlate. Image includes combined content which may include AI-generated content.

Ledger, the popular hardware wallet, said today that data belonging to over 1 million customers was leaked on a hacker forum.

Ledger users endure data leak

Hardware wallet Ledger said today that details of a database compromised in June were dumped on RaidForums, an infamous online hacking forum, over the weekend. The information has been made available for free, meaning anyone can access the data.

Ledger first announced the leak back in July. It said at the time that only 9,500 particulars were leaked and that the firm was working with French authorities to prevent further vulnerabilities.

But the efforts have fallen short. Today’s data dump comprises over 1 million email addresses (attached to individual wallets that can be checked over a block explorer), as well as personal information of the victims (such as home addresses and mobile phone numbers).

It said in a statement on Twitter, “It is a massive understatement to say we sincerely regret this situation.” Ledger added in further tweets that French authorities were still working on the case to prevent proliferation, claiming that the efforts took down 170 phishing sites where the database details were first put up.

Ledger said it “would learn from this instance” to make the service even more secure for users. However, the broader crypto community was not convinced by the tweetstorm. Much of the consensus was around how to avoid Ledger products entirely in the future, apart from immediate actions to protect one’s identity.

Ruben Merre, the CEO and founder of the  NGRAVE ZERO crypto wallet, remarked on the incident to CryptoSlate:

“First and foremost, we hope this data leak is something that everyone in the industry will learn from. As for us, our message has always been that security needs to be an end-to-end story. A hardware wallet is great, but you also need a strong backup solution, compliance with data privacy rules and in the case of a security company, well-thought-out customer data protection (and deletion). End-to-End. Your peace of mind will always be our mission.”

What next for crypto users?

One of the main questions doing the rounds was why did Ledger store all that data in the first place? As a hardware wallet, the firm did need personal information to help deliver the wallet, but storing customer information was, in the views of some, a massive breach of trust.

Popular crypto influencer “notsofast” said Ledger users whose data was compromised in the leak should get a new contact number and email id at the earliest to prevent any possible phishing.

They added—arguably for users holding large amounts of crypto—that multisig keys and recovery codes should now be kept at a different address than the residence, as the latter was now compromised.

Meanwhile, some users on Ledger’s tweet thread said they would take legal action against the breach and the alleged storage of personal information without permissionless.

Ledger did not respond to a mail by CryptoSlate at press time.

Mentioned in this article
Posted In: , Hacks, Privacy