Crypto hardware wallet provider Ledger had thousands of its users’ sensitive information leaked to the public this weekend.
The data breach that occurred in June was brought to light after a public hacker shared the stolen data on leaking site Raidforum, after months of it supposedly ‘selling for six figures’ on dark marketplaces. The proprietary documents contained physical addresses, emails and phone numbers of 270k+ Ledger customers.
While personal information was leaked, Ledger said “payment information, credentials (passwords), or crypto funds were not impacted. This data breach has no link nor impact on our hardware wallets and the Ledger Live application. Your crypto assets are safe and are not in peril.”
Ledger is now scrambling to keep users’ trust by releasing a suit of apologies, including in most notably an email to those affected and a series of Tweets.
The hack highlights crypto users’ are in a catch-22 type of situation where decentralized wallets which don’t require disclosing any information, are easier to breach as they are online. Meanwhile, hardware wallets like Ledger provide “cold” or offline storage, but because it’s a physical object that needs to be delivered, a centralized company will store client’s information.
Not a Laughing Matter
In typical crypto twitter fashion, many accounts are now memeing the leak, posting all sorts of plays on crypto security.
I am no longer a Ledger customer and will only be using Trezors now. Good luck finding me now you dumb hackers. 😤 pic.twitter.com/RwnEOV1YkQ— Steven (@Dogetoshi) December 21, 2020
But for those getting emails with threats of having their house broken into if they don’t send over money, it’s no laughing matter. Ledger CEO Paul Gauthier said in an interview with Decrypt those threats are “just an online scam to scare you with these tactics.” He added users with leaked data will not be reimbursed as that would “kill the company.”
The leak goes to show that even a company that’s focused on security can still suffer from major vulnerabilities and highlights just how crucial it is for crypto users to protect their sensitive information.