In July, Ledger became the victim of a hacker attack, during which information about hundreds of thousands of its customers fell into the hands of cybercriminals.
Now the latter may become new victims of the ongoing phishing attacks, the frequency of which has grown significantly in recent years. In addition, scammers are now not even afraid to make phone calls to “leaked” numbers from compromised databases. We will tell you what is happening.
First, a little explanation: Ledger is one of the most popular manufacturers of hardware wallets, that is, special devices that help to securely store cryptocurrency. When placing an order on the manufacturer’s website – which is the most reliable option, because strangers can interfere with the operation of the device before selling it – customers indicate their first and last name, place of residence and phone numbers. This information was leaked to the public.
We checked the databases and found information about ourselves there. This means that the scale of the leak is really huge.
Since the scammers have the personal data of people who bought hardware wallets and are clearly familiar with how cryptocurrencies work, they are trying to use them to their advantage. Someone sends threats by e-mail demanding to pay the ransom, and someone is trying to get into trust and get a combination to access the coins. This is exactly what the company’s clients are facing now.
Ledger users and scammers
It looks like the problem is getting bigger and bigger. On the eve of it, a well-known fan of cryptocurrencies Andreas Antonopoulos told about it, having published a series of messages on his Twitter. Here is one of these tweets, in which an expert shares the details of what is happening. The cue is from Decrypt.
This is a new and more complex attack that requires more effort. It is very similar to the “Windows tech support” scam, which is very common in countries with low labor costs. I have previously heard of social engineering attacks using email and SMS rather than voice calls. Many seem to have received them for weeks.
Note that the hardware wallets themselves still work fine. They keep a private key within themselves – that is, a universal combination for accessing cryptocurrencies – and allow users to dispose of coins without revealing the private owner. This makes the storage of cryptocurrency safe.
Following the hack, Ledger CEO Pascal Gaultier said in an interview with reporters that users who are involved in leaked addresses do not need to change their home address or take other drastic measures. According to him, scammers are said to be more likely to resort to inexpensive phishing attacks such as sending emails. He also noted that the company will not provide compensation to those who are in the “leaked” information.
There is logic in such recommendations. Yet the criminals do not have any evidence that the buyer of such a device holds large reserves of cryptocurrency. He could buy a device for a gift or he wanted to start investing in coins, but in the end he never did. Or it keeps a small amount of crypt, which will definitely not recoup the costs of criminals for breaking into an apartment and the prospect of being behind bars. Therefore, the prospect of experiencing physical impact in clients with leaked personal data is really tiny.
According to Antonopoulos, the number of people receiving calls from scammers is growing rapidly. In addition, there are reports of similar voice calls from all over Europe, including the UK, Sweden and Germany. For example, here is a comment from a user named Wojciech Krawczyk, who was targeted by the attackers.
I can only confirm. Several calls every day from January 8th. At first, mainly from Sweden, they wanted to help invest in cryptocurrency (“we will help you buy when it’s cheap and sell when it’s expensive”). The last two days there are calls from Austria, and another call that I don’t remember.
Naturally, in this case, the scammers do not want to help the victim make money. They are only interested in one thing – the seed phrase, that is, a combination of 24 words that allows you to restore access to the hardware wallet and gain access to the contents of the cryptocurrency address. Usually they are asked to enter Ledger on fake sites, which is supposedly needed in order to “secure funds”. In fact, the money is sent to scammers, so you cannot share the seed with anyone – and under any pretext.
Another comment from a user under the pseudonym The matrix.
After hacking Ledger, I received about 10 calls. Twice I answered the phone, and one Englishman spoke to me as if he knew me. Then I hung up without saying anything. Blocked phone numbers. But they call at least once a month.
Unfortunately, due to a security hole in Ledger, many of the company’s customers are now forced to suffer from scammers, which does not have a very good effect on the reputation of the manufacturer of hardware crypto wallets. In the comments to the tweets, someone advised just not to pick up the phone, and someone recommended to change the number. However, the last piece of advice is not so simple: before changing the number, a potential victim needs to make sure that he is definitely not stolen and will not be used to impersonate her.
We think the Ledger customer database leak has really hurt the manufacturer’s reputation. Hardware wallet buyers love cryptocurrencies, which means they respect privacy and want to stay undisclosed whenever possible. Here, information about them turned out to be at the hands of hackers, which somehow puts them at risk.
Be that as it may, it will no longer be possible to cancel the hacking, which means that the company’s customers will have to endure the increased attention of scammers. As a little consolation, you can recall that now Ledger will delete the data of its customers three months after the shipment of the goods.