Ledger 1 Mln Users Data Under Attack

[Yey09]

Sometimes cold wallets could be even dangerous than software ones

[1715198168]

1715198168

[1715198168]

1715198168

[1715198168]

1715198168

[1715198168]

1715198168

[1715198168]

1715198168

[cryptomaniac_xxx]

And Trezor trolling, LOL,
[]

There is a saying that it is not nice to look forward to someone else's misfortune, because sooner or later the same thing (or something worse) can happen to you. But those who follow the relationship between the two companies know that business competition has long since become more than that. In any case, a good marketing move.

Yes, a good marketing and PR move from Trezor. Their competition really goes down deep, and it's pretty obvious that they are aiming at it.

Hahaha! Or another good security practice could also be, to back up e-shop database to an offline database, then purge their e-shop database after less than 90 days.

I think this kind of incident really open up another security practice that they need to change on their end.

[Debonaire217]

I have received an email regarding this, but they already confirmed that my funds are safe. I'm not sure what percentage of assurance they are pertaining to. But I somehow believe that what happened is focused on breach in their marketing and ecommerce database. I didn't use my ledger to buy anything online, so probably, this will not impact me too bad.

Good action for ledger to always update users and fix the issue right away before it cost huge damage. They also advise to visit Ledger Academy security to further increase our knowledge on how to secure our nanos.

[Lucius]

There is also another form of an old, public information source where criminals can take your name, address and phone no. and it is readily available.
This is a telephone directory. It never caused anyone to break into houses hehehe.

This is not a good comparison, the phone book can contain the name, surname and address and of course the phone number - but it will certainly not contain information that someone is a crypto user or that person has bought a hardware wallet. But the very title of this topic is very wrong, because the attack is long over, the data has been stolen and the damage has been done. Those whose names and physical addresses are compromised in this hack are definitely a cause for concern - of course if the data falls into the wrong hands - others can only fear spam in their email box.

[MCobian]

There is no need to panic too much about the Ledger users data under attack incident, because indeed all human creation does have weaknesses
and nothing is perfect. Make this incident a lesson, so it does not happen again. Even so I will not stop using Ledger as a Bitcoin and Altcoins
storage wallet that I have, because for me Ledger is still the best crypto wallet.

[travwill]

There is also another form of an old, public information source where criminals can take your name, address and phone no. and it is readily available.
This is a telephone directory. It never caused anyone to break into houses hehehe.

This is not a good comparison, the phone book can contain the name, surname and address and of course the phone number - but it will certainly not contain information that someone is a crypto user or that person has bought a hardware wallet. But the very title of this topic is very wrong, because the attack is long over, the data has been stolen and the damage has been done. Those whose names and physical addresses are compromised in this hack are definitely a cause for concern - of course if the data falls into the wrong hands - others can only fear spam in their email box.

I agree that the comparison is incorrect. The phone book is somewhat anonymous, because you need to know something about a person in order to find him and know what he possesses.
For example, you can find media personalities, but they are not difficult to find anyway. The rest of the people will be dark horses for you.
This is the same as breaking into every house in the hope of finding something very valuable.

[thesmallgod]

People have been saying "just buy a hardware wallet" for a long time, but it has always been less than a perfect solution, because some centralization and trust has always been involved, and now it was abused. Now potential burglars and kidnappers have a list of people who own some bitcoins, and something like this will never happen with a software wallet, because it doesn't ask you for your personal information during installation.

IMO and old PC with live OS like Tails is the best cold storage you can get.

people say that because it is safer than many other alternatives. private keys of their customers have not stored on their e-commerce wallet just detail information of the customers which I do not see how the hacker with such information can hack into such customers' hardware wallets except contact tracing and direct robbery.
Those that ordered for the hardware wallets will be subject of many spams and phishing emails from the hackers just to see if they can steal some bitcoin from them

[travwill]

There is no need to panic too much about the Ledger users data under attack incident, because indeed all human creation does have weaknesses
and nothing is perfect. Make this incident a lesson, so it does not happen again. Even so I will not stop using Ledger as a Bitcoin and Altcoins
storage wallet that I have, because for me Ledger is still the best crypto wallet.

I do not think that we can somehow influence the further occurrence of such incidents. Unless we all join the Ledger bounty program to find bugs and vulnerabilities.
In fact, nothing serious happened. It's unpleasant that someone will know your address and the fact that you have cryptocurrency.
I guess Ledger could make some compensation to those people whose data was leaked. There are not so many of them that the company would incur losses.

[Ucy]

People have been saying "just buy a hardware wallet" for a long time, but it has always been less than a perfect solution, because some centralization and trust has always been involved, and now it was abused. Now potential burglars and kidnappers have a list of people who own some bitcoins, and something like this will never happen with a software wallet, because it doesn't ask you for your personal information during installation.

IMO and old PC with live OS like Tails is the best cold storage you can get.

What do you think about using very secure old mobile phones that can easily be updated with special/custom operating system designed specifically for storing important private data of crypto-based assets? I guess you'll have to somehow restrict internet usage on such devices ...or maybe make them automatically super-secure before connecting to the internet?

[20kevin20]

What do you think about using very secure old mobile phones that can easily be updated with special/custom operating system designed specifically for storing important private data of crypto-based assets? I guess you'll have to somehow restrict internet usage on such devices ...or maybe make them automatically super-secure before connecting to the internet?

You could get Replicant, GrapheneOS or deGoogled LineageOS on a compatible older phone and use use that as a hardware wallet for sure, with Orbot active. Restricting internet on smartphones is kinda harder though, as your phone could still receive and send data even if Airplane Mode is active (remember, it's just a graphical button, not a physical hardware disconnection). Now the "super-secure" part is quite difficult to accomplish. With every new software update, new vulnerabilities appear.

But hardware wallets help you avoid most of the possible mistakes you can make with such a phone and you are physically assured there is no external connection that could take place. To be honest, I barely trust even a brand new smartphone anymore since I have my HW. My personal preference is Tails OS in combination with a hardware wallet.

[posi]

There is no need to panic too much about the Ledger users data under attack incident, because indeed all human creation does have weaknesses
and nothing is perfect. Make this incident a lesson, so it does not happen again. Even so I will not stop using Ledger as a Bitcoin and Altcoins
storage wallet that I have, because for me Ledger is still the best crypto wallet.

Concern the incident, I don't see any reason to be panic because the attack was not about Ledger wallet but their online store user information. However, the news need to spread so that all their customers would be more careful cause sooner or later the attackers will use the information they stole to attack ledger customers.

[squatter]

The safest option is by far a paper wallet, if you have a clean OS that is never connected to the Internet and a dumb printer then you could print your wallets with no issue, the problem is that they are very impractical for daily use but you could always have a wallet with some funds for your daily expenses.

PSA: Not all paper wallets are created equally.

Securely generating and writing down a 12 or 24-word seed is a good way to do cold storage. Third party paper wallet software, printers, using raw private keys, etc. -- these are not.

Hardware wallets were supposed to be the best of both worlds, a device that was completely secure and that you could use whenever you want ...

I never thought that was a realistic way to characterize things. To me, hardware wallets always occupied a niche between desktop wallets and cold storage. They come with their own set of security trade-offs and risks. Hardware wallets are useful for new users who would otherwise get their bitcoins stolen, but I think most users who are serious about security are using general purpose hardware to secure their bitcoins -- at least for their long term cold storage.

[rexxarofmoknathal]

I guess that's the problem with these hardware wallet providers. They're so focused on keeping their hardware wallets and custody solutions safe, that they forget that hackers often target other types of data—including customer personal info.

I highly doubt any of it will be used to successfully scam anyone. After all, Ledger has just sent out an email explaining the situation. Though I wouldn't be surprised if the attacker tries to send out a phishing email under the guise of Ledger to scam victims. The fact they haven't done this already indicates they didn't intend to use the data for nefarious purposes.

[TrevorS]

I guess that's the problem with these hardware wallet providers. They're so focused on keeping their hardware wallets and custody solutions safe, that they forget that hackers often target other types of data—including customer personal info.

I highly doubt any of it will be used to successfully scam anyone. After all, Ledger has just sent out an email explaining the situation. Though I wouldn't be surprised if the attacker tries to send out a phishing email under the guise of Ledger to scam victims. The fact they haven't done this already indicates they didn't intend to use the data for nefarious purposes.

Hackers are not idiots. They perfectly understand that everyone is now expecting an attack. They can wait a year, two, three. And then carry out a planned attack on users whose data is leaked, or with their help to gain access to something else. Users must be prepared for everyone throughout their future lives. After all, knowing the necessary information, you can prepare a very sophisticated attack that even the most critical will believe in.

[hatshepsut93]

people say that because it is safer than many other alternatives. private keys of their customers have not stored on their e-commerce wallet just detail information of the customers which I do not see how the hacker with such information can hack into such customers' hardware wallets except contact tracing and direct robbery.
Those that ordered for the hardware wallets will be subject of many spams and phishing emails from the hackers just to see if they can steal some bitcoin from them

Yeah, hardware wallet is better than something like an online wallet, but like I said - it's not perfect. It's a tradeoff between some little bit of trust and ease of use with decent security. But making your own cold storage isn't hard, and most people should have access to some old PCs or laptops, everyone is doing upgrades every few years.

What do you think about using very secure old mobile phones that can easily be updated with special/custom operating system designed specifically for storing important private data of crypto-based assets? I guess you'll have to somehow restrict internet usage on such devices ...or maybe make them automatically super-secure before connecting to the internet?

I trust Tails or other Linux distributions more than "super secure mobile OSs". And Internet connection is a problem, you can never be sure if your phone is truly disconnected or not.

[bbc.reporter]

There is also another form of an old, public information source where criminals can take your name, address and phone no. and it is readily available.
This is a telephone directory. It never caused anyone to break into houses hehehe.

This is not a good comparison, the phone book can contain the name, surname and address and of course the phone number - but it will certainly not contain information that someone is a crypto user or that person has bought a hardware wallet. But the very title of this topic is very wrong, because the attack is long over, the data has been stolen and the damage has been done. Those whose names and physical addresses are compromised in this hack are definitely a cause for concern - of course if the data falls into the wrong hands - others can only fear spam in their email box.

I agree that the comparison is incorrect. The phone book is somewhat anonymous, because you need to know something about a person in order to find him and know what he possesses.
For example, you can find media personalities, but they are not difficult to find anyway. The rest of the people will be dark horses for you.
This is the same as breaking into every house in the hope of finding something very valuable.

However, the argument was that the public information available about everyone never prompted on someone breaking into a person's house similar to the hacked information from Ledger will not cause criminals breaking into those people's homes.

Is the telephone directory a danger to society?

[michellee]

I guess that's the problem with these hardware wallet providers. They're so focused on keeping their hardware wallets and custody solutions safe, that they forget that hackers often target other types of data—including customer personal info.

I highly doubt any of it will be used to successfully scam anyone. After all, Ledger has just sent out an email explaining the situation. Though I wouldn't be surprised if the attacker tries to send out a phishing email under the guise of Ledger to scam victims. The fact they haven't done this already indicates they didn't intend to use the data for nefarious purposes.

Hackers are not idiots. They perfectly understand that everyone is now expecting an attack. They can wait a year, two, three. And then carry out a planned attack on users whose data is leaked, or with their help to gain access to something else. Users must be prepared for everyone throughout their future lives. After all, knowing the necessary information, you can prepare a very sophisticated attack that even the most critical will believe in.

The hackers will find a way to penetrate the source to get inside, and they will try and not give up until they can get what they want. Maybe it will need days to find that way, but they will not stop it before they succeed in getting the data. The easy of the way will be by sending the phishing email to the victims, and if people are not careful to read the email, they will get scam easily. The hardware wallet providers need to upgrade or check their security because it's related to the customer data.

[Lucius]

However, the argument was that the public information available about everyone never prompted on someone breaking into a person's house similar to the hacked information from Ledger will not cause criminals breaking into those people's homes.

Is the telephone directory a danger to society?

You cannot compare publicly available data with the fact that someone stole data (name, surname, address, phone number) of 9500 people who are crypto users and who bought a hardware wallet. These people are indeed in potential danger of physical assault, but of course no one will just go and break into someone's house or apartment if there is no information that that person has a significant amount in crypto. Stolen data can be the basis for analysis and social engineering towards these users.

Criminals break into homes for much less value than finding out someone has 1+ BTC worth over $10k, and it's not clear to me that you can even draw parallels between the phone book and the data stolen from Ledger.

[AakZaki]

Do not worry !!!   Your BitCoins are absolutely safe, nothing to see here     Yes, they know EXACTLY what the hackers got, and are being TOTALLY HONEST about it  

Everyone can sleep well and not worry, they will take good care of you !!!

Hard Facts

But this hack is also related to privacy issues that are owned by customers who buy ledger devices. hackers will use data owned by ledger customers to commit other crimes. Even though they are not the private key, the ledger user or the customer who bought the ledger will also be a centralized victim who will be targeted for several ways to get the private key such as phishing methods via email and other methods. There will be many investment offers and the like that will go to customer emails that are successfully hacked, and the offer will contain phishing, malware and other sites that try to steal data on the user's device. Must stay alert.

[TopExchanger]

Are hardware wallets still the safest ones? Hackers got an access to users' info like emails and etc, but the funds weren't stolen. Now I don't know if I should buy Ledger wallet.