fbpx
Ledger Hack Data Breach

Ledger Hack: How to Protect Against Phishing Scams

Written by LouiseElizabeth

23rd December 2020

Subscribe to Every Bit Helps

If you’re a Ledger user, you might find that you’re receiving more spam than ever. In this post, we’ll discuss the data dump of Ledger customers’ personal data following the Ledger hack in July 2020. Plus how to prevent yourself from being scammed when the hackers come after you.

Ledger Live Coinify

Ledger Hack

In July 2020, Ledger revealed a data breach that exposed over a million customers’ emails. The breach was found during a bug bounty program and even though the Ledger fixed the issue immediately, unfortunately, it was too late. 

As during this time, hackers manage to gain access to a database containing the personal contact details of Ledger’s e-commerce clients such as their email addresses, first and last names, home addresses and phone numbers.

Ledger Data Breach at Crypto Wallet

At the time, Ledger reported that hackers had only stolen the personal data of 9,500 customers.  However, unfortunately, this wasn’t quite correct. As since the breach, hackers have now published the hacked data and exposed phone numbers and home addresses of more than 270,000 Ledger users. Plus, more than a million customer email addresses.

Ledger Wallet Data Leak Dumped

Phishing Attempts

Since the breach, there’s been a host of phishing attempts released to Ledger customers, and even some threats to customers demanding money or physical violence.

Although it’s unlikely that (due to the breach) hackers will be able to siphon tokens from your hardware wallet, you could compromise your own funds by falling for one of their many phishing attempts.

This isn’t just isolated to Ledger, Trezor has recently tweeted that’s there’s a malicious app in Google Play in an attempt to scam their users. Even though it looks legitimate and has 238 reviews this is not the official app.

Plus, Hugh Karp (founder of Nexus Mutual) also recently got hacked with a compromised version of MetaMask that tricked him into signing a transaction that redirected all his NXM tokens to an attacker-controlled address.

NXM owner hacked

In light of all of this, how can you prevent yourself from being scammed?

Well, Ledger has created a handy page and article advising their users on what to look out for and some tips for stopping the scammers.

How to protect from scammers

Stay Calm

Stay calm and try not to panic. Panic is what hackers pray on by users making rash decisions. Be aware that your funds are safe as they are stored offline and the data breach under no circumstances affects the security of your device.

Never Share Recovery Phrase/Private Keys

Not just with Ledger, but in crypto anywhere, never share your recovery phrase or private keys, with anyone, ever. With access to this phrase, someone would have full control over your funds. 

Ledger Hack

Strengthen Your Security

If your email has been compromised, change your password and make sure you use strong secure passwords. Also, enable 2-factor authentication wherever possible with products like Google Authenticator. 

You can also add an extra layer of protection by adding a second back up like a pass phrase on your device.

Consider splitting up your recovery phrase into 3 sheets, to store in 3 different locations. Then bring these together to form your recovery phrase. Or arrange the recovery so that you can just bring just 2 together to form the recovery, incase 1 gets damaged or lost.

How to store your Recovery Phrase

Never Pay Ransoms

As I mentioned there have been threats of violence to users with hackers claiming to have personal addresses etc. However scammers will always try the easiest possible way to steal money . Therefore will send out emails to a high number of customers without risking physical contact. 

There also hasn’t been a report (that I’m aware of that anyone has been attacked). So these appear to just be scams. If you have large amounts of crypto on your device it’s advised to keep it away from your home. Just as you would if you had millions in cash instead.

Explore Yubico

Don’t Validate Transactions Unless You Authored Them

Don’t validate a transaction on your device, unless you are certain it was you. Scammers can get you to download a fake Ledger Live manager that could trigger a transaction on your Nano, which you must reject.

Only Interact with Ledger’s Official Channels

As part of one of the phishing attempts I’ve personally seen, emails were sent out with the domain that contained “Legder” as opposed to “Ledger.” These subtle mistakes are a sure-fire way to detect a scam. 

Authentic Ledger domain names are:
@ledger.fr
@ledger.com
@ledgerwallet.com
@ledger.zendesk.com

Ledger Phishing Email

With more spam and phishing emails ahead of Ledger customers,  always expect the worse and assume it’s a phishing attempt. Never click on any links, or download and check out Ledger official social media channels such as;

   twitter.com/ledger
   twitter.com/ledger_support
   facebook.com/ledger
   instagram.com/ledgerhq

Ongoing Phishing Campaigns

You can keep track of the ongoing Ledger phishing attacks or report it to Ledger support here.

ledger phishing

BITCOIN PRICE

Categories

Want to be Notified of New Content?

Ledger Nano X - The secure hardware wallet

Related Posts

0 Comments

Submit a Comment

Your email address will not be published. Required fields are marked *