Hackers stole 1 million addresses from Ledger

Kataryna Kovtun July 29, 2020


Image for post
Image for post

Table of Contents [hide]

Hackers stole 1 million email addresses from crypto wallet manufacturer Ledger

Ledger is facing the largest leak in company history. The company expects the leaking of the database on the Internet. Contact details and email addresses leaked, but cryptocurrencies themselves are safe, says Ledger

Image for post
Image for post

The company urges not to forget about phishing attempts by cybercriminals, and also not to transfer the mnemonic code from the wallet under any pretext.

The popular manufacturer of hardware crypto wallets Ledger fell victim to an attack by cybercriminals who managed to steal about 1 million email addresses. The company announced this on its official website.

According to the official announcement, on July 14, 2020, an unknown tester of the official Ledger website (www.ledger.com) was able to detect an API flaw that violates data security.

Ledger claims to have fixed the flaw almost immediately, but the company later discovered that on June 25, someone took advantage of the flaw by gaining access to an e-commerce and marketing database.

Slow action leak

Image for post
Image for post

The compromised database, according to Ledger, consisted mainly of e-mail addresses, as well as background information in the form of contact details, name, postal addresses, and phone number. Payment information and cryptocurrencies are safe, Ledger points out.

Presumably, the attacker was able to gain access to at least 1 million email addresses, as well as background information of 9,500 Ledger clients.

Concerning your e-commerce data, this data breach did not concern billing information, credentials (passwords). This only affected the contact details of our customers.

The company also claims that it is actively monitoring the possible sale of the stolen database on the Internet, but “has not yet found one.”

Risk group

This is not the first time that hardware cryptocurrency wallet manufacturers have been at the center of a product tech vulnerability scandal.

In early July, a study by ZenGo revealed a new threat to cryptocurrency wallets, which is associated with double-spending. At-risk were Ledger Live wallets, BRD wallet, and Edge wallet.

However, the cryptocurrency community then said that the problem is not so much with wallets, but with bitcoin itself and the method of distributing assets over the blockchain network.

However, there are times when it is manufacturers who become the primary cause of vulnerabilities.

The research department of the cryptocurrency exchange Kraken Security Labs previously identified a critical vulnerability in a wallet from CoolBitX called CoolWallet S.

Then the experts discovered that the CoolWallet S version of the Android application stores the wallet PIN, pairing password, and a mnemonic phrase in plaintext, allowing an attacker to easily gain access to assets.

We remind all traders that bxmi.io continues to sell BXMI tokens at the lowest price.

Read about all the benefits of buying BXMI here

Join Bitxmi Exchange and get $10 worth of BXMI token after your first trade

Written by

🔗| Secure & Fast Crypto💰 Exchange🧮. ⚡| Low Trading & Withdrawal Fees. 🔥 |100+ Coins & 144+ Pairs.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store