GrosWesh (OP)
Legendary
 Offline
Activity: 2268
Merit: 1434
|
 |
October 27, 2020, 07:47:04 PM Merited by suchmoon (4), Welsh (4), Halab (3), ibminer (3), vapourminer (2), Daniel91 (2), LoyceV (2), nutildah (2), Vod (1), BitMaxz (1), jackg (1), Pmalek (1), DdmrDdmr (1), Heisenberg_Hunter (1), friends1980 (1) |
|
@Theymos, @everyone reading Hi there, I momentarily got out of my local board (french) to come and share an idea with you : In the same way you warned the users of this forum a few months ago about a security breach affecting electrum, I humbly think that it might be good to inform the community of the dangers incurred following the receiption of phishing emails targeting ledger wallet owners. Unfortunately this scam is rather well thought out and some people on this forum have already been tricked. My 2 sats !  https://www.theblockcrypto.com/linked/82336/ledger-is-investigating-phishing-scam-that-targets-wallet-usersThank you for reading. |
|
|
|
|
|
|
|
|
|
|
|
|
|
"I'm sure that in 20 years there will either be very large transaction volume or no volume." -- Satoshi
|
|
|
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
|
|
|
|
|
|
|
jackg
Copper Member
Legendary
Offline
Activity: 2856
Merit: 3071
https://bit.ly/387FXHi lightning theory
|
|
October 27, 2020, 07:50:15 PM |
|
Can you send a pm to Theymos about this? It might be something we could do with them responding to fairly fast, I saw a thread on it yesterday and it seems up to 1 million people have had their information leaked...
It might not reach them all but it'll hopefully reach some...
|
|
|
|
|
GrosWesh (OP)
Legendary
Offline
Activity: 2268
Merit: 1434
|
|
October 27, 2020, 08:54:05 PM |
|
Can you send a pm to Theymos about this? It might be something we could do with them responding to fairly fast, I saw a thread on it yesterday and it seems up to 1 million people have had their information leaked...
It might not reach them all but it'll hopefully reach some...
I'll pm Theymos now. Danger has been around for latest few days already, but if something were put in place (as simple as a disclaimer) it might save some people from falling into the trap (especially since Ledger wallets are among the most used in the world). |
|
|
|
|
Saint-loup
Legendary
Offline
Activity: 2604
Merit: 2353
|
|
October 27, 2020, 09:26:45 PM |
|
A Ledger spokesperson told The Block the company has experienced "continuous phishing scams" that often involve "malicious false actors trying to compromise Ledger's integrity and customer information." The spokesperson said the company has deployed an internal task force to investigate the latest attack.
"The investigation is ongoing and at this time we cannot give any additional information but one thing is for certain Ledger will never ask you for your 24-word recovery phrase, which is a blatant sign of a phishing scam," the spokesperson told The Block. I don't understand why Ledger doesn't sign its mails (and even its messages on other media) with a PGP key. It should be a standard in the crypto industry for all this kind of companies.  |
|
|
|
mk4
Legendary
Offline
Activity: 2758
Merit: 3830
Paldo.io 🤖
|
|
October 28, 2020, 06:56:41 AM |
|
Weirdly enough, I haven't received such an email even if I bought twice from Ledger's website in the past. Change your email addresses from time to time ladies and gents!
|
|
|
|
hugeblack
Legendary
Offline
Activity: 2506
Merit: 3645
Buy/Sell crypto at BestChange
|
|
October 28, 2020, 07:12:19 AM |
|
I don't think that a high percentage of users use hardware wallets, let alone Ledger, so the comparison with electrum wallet seems wrong. It is also the responsibility of the company to try according to such violations. I don't understand why Ledger doesn't sign its mails (and even its messages on other media) with a PGP key. It should be a standard in the crypto industry for all this kind of companies. Most hardware wallets users are people who care more about profits than privacy and security, so it is natural that most of them do not understand how to sign a message and other things. |
|
|
|
Poker Player
Legendary
Offline
Activity: 1372
Merit: 2015
|
|
October 28, 2020, 09:10:34 AM |
|
This is only the consequence of what happened last July. The Ledger database was hacked and the hackers got 1 million emails. https://decrypt.co/37063/bitcoin-wallet-ledgers-database-hacked-for-1-million-emailsLedger warned us by email and since then, the amount of spam I receive has increased a lot. Phishing attempts are just one more step. Now they are not going to leave us alone. Good initiative, OP, there can always be someone who's off track, although I think most of us are aware. |
|
|
|
Lucius
Legendary
Offline
Activity: 3234
Merit: 5636
Blackjack.fun-Free Raffle-Join&Win $50🎲
|
|
October 28, 2020, 12:01:03 PM |
|
Personally, I did not receive such an e-mail, but a week ago I received an e-mail from Ledger that something like this was happening. I believe all other Ledger users have received (or will receive such a warning) and it is up to them just to read it. Various phishing attacks on Ledger users last constantly for months or even years, and anyone who does not know that the seed should not be entered anywhere but in the device itself (HW), will become a victim regardless of all possible warnings.  In the same way you warned the users of this forum a few months ago about a security breach affecting electrum..
It would have been more accurate a few years ago, but the fact is that there were still dozens of those who were completely unaware that there was any kind of phishing attack at all. Important Announcements not a very popular board, and only 3171 clicks in almost 2 years for that thread speaks for itself. |
.
.BLACKJACK ♠ FUN. | | | ███▄██████
██████████████▀
████████████
█████████████████
████████████████▄▄
░█████████████▀░▀▀
██████████████████
░██████████████
█████████████████▄
░██████████████▀
████████████
███████████████░██
██████████ | | CRYPTO CASINO &
SPORTS BETTING | | │ | | │ | ▄▄███████▄▄
▄███████████████▄
███████████████████
█████████████████████
███████████████████████
█████████████████████████
█████████████████████████
█████████████████████████
███████████████████████
█████████████████████
███████████████████
▀███████████████▀
███████████████████ | | .
|
|
|
|
|
|
|
jademaxsuy
|
|
October 28, 2020, 12:57:24 PM |
|
Probably there is no breach that has happen to ledger live system and they only got the email of ledger user to different site which has been breach. Why not others are not receiving the said email? Probably scammers uses this phishing method as mention by @erikoy in his post. Dragnet Method - This method involves the use of spammed emails, bearing falsified corporate identification (e.g Trademarks, logos, and corporate names), that are addressed to a large class of people (e.g., customers of a particular financial institution or members of a particular auction site) to websites or pop-up windows where they are requested to enter bank or credit card account data or other personal data. High chances that scammers are only using this method to scam other people. Well, of course let's wait and see the official announcement coming from ledger team. |
|
|
|
|
|
Insanerman
|
|
October 28, 2020, 01:19:58 PM |
|
Weirdly enough, I haven't received such an email even if I bought twice from Ledger's website in the past. Change your email addresses from time to time ladies and gents!
Maybe you haven't received because you gradually change your email address, in which almost 0.1 out of 10 people do, as many uses their emails in various platforms and businesses/jobs as well. Though it's a bit tiring and security really depends on your precautionary measures in your accounts, changing it would just simply make track of you with your previous email accounts. Also, phishing do only involves when a user visits a certain link. One thing that we must do is to both use this safety precaution: or just don't visit external links at all, especially those that are attached within emails. |
|
|
|
|
mk4
Legendary
Offline
Activity: 2758
Merit: 3830
Paldo.io 🤖
|
|
October 28, 2020, 02:12:18 PM |
|
Maybe you haven't received because you gradually change your email address, in which almost 0.1 out of 10 people do, as many uses their emails in various platforms and businesses/jobs as well.
I still have access to that old email that I used though. Also, phishing do only involves when a user visits a certain link.
Not in this case. The topic is about hackers/scammers taking advantage of the Ledger database that's been leaked. |
|
|
|
eddie13
Legendary
Offline
Activity: 2296
Merit: 2262
BTC or BUST
|
|
October 28, 2020, 03:01:04 PM |
|
Most hardware wallets users are people who care more about profits than privacy and security, so it is natural that most of them do not understand how to sign a message and other things.
What? Lol What is more secure than a ledger exactly? Short of having a dedicated airgapped machine to make cold wallets with, what’s better? I don’t consider my computers very safe to store coins in with electrum or such.. Ledger it is for me.. Pretty easy to sign messages from a ledger also..And probably more secure than what 90% of users are signing messages from.. Think I bought mine on amazon so I don’t think they have my email.. |
Chancellor on Brink of Second Bailout for Banks
|
|
|
Saint-loup
Legendary
Offline
Activity: 2604
Merit: 2353
|
|
October 28, 2020, 04:34:26 PM |
|
I don't understand why Ledger doesn't sign its mails (and even its messages on other media) with a PGP key. It should be a standard in the crypto industry for all this kind of companies. Most hardware wallets users are people who care more about profits than privacy and security, so it is natural that most of them do not understand how to sign a message and other things. They don't need to know how to sign an email, they just need to know how to check a mail PGP signature. It's not very complicated with gpg, moreover several email clients and even webmails(like proton mail for example) are doing it almost automatically. But the main goal is to dissuade scammers from trying to do it.
Most hardware wallets users are people who care more about profits than privacy and security, so it is natural that most of them do not understand how to sign a message and other things.
What? Lol What is more secure than a ledger exactly? Short of having a dedicated airgapped machine to make cold wallets with, what’s better? I don’t consider my computers very safe to store coins in with electrum or such.. Ledger it is for me.. Pretty easy to sign messages from a ledger also..And probably more secure than what 90% of users are signing messages from.. Think I bought mine on amazon so I don’t think they have my email.. Using multisig wallets(one on your PC, another one on your smartphone) is also a pretty safe solution IMO. |
|
|
|
GrosWesh (OP)
Legendary
Offline
Activity: 2268
Merit: 1434
|
|
October 28, 2020, 06:06:13 PM |
|
Weirdly enough, I haven't received such an email ...
Personally, I did not receive such an e-mail...
According to that kind of thread, lot of people did not receive any mail from Ledger when the leak occured in July. https://www.reddit.com/r/ledgerwallet/comments/jhm12n/lets_talk_about_the_recent_fake_mail_from_ledger/Coming back to the thread, I do not agree with the person who said a few posts ago that only greedy people use this kind of wallet and that true tech enthusiasts do not. One does not preclude the other and until proven otherwise, a cold wallet remains an excellent way to store assets. |
|
|
|
|
hilariousetc
Legendary
Offline
Activity: 2786
Merit: 3029
Join the world-leading crypto sportsbook NOW!
|
|
October 29, 2020, 09:53:49 AM |
|
I got one and it does look very convincing if you don't pay attention. I actually assumed it was legit at first but don't have any money in my ledger wallet so I wasn't that bothered by it and didn't take any action. It's pretty annoying that businesses like this can't keep your details safe, especially when having them leaked could cause major thefts or much worse if your home addresses were leaked as well. I wonder if there can or will be lawsuits over stuff like this? It seems it's not that uncommon for exchanges to get compromised and people's KYC details are leaked and will always find their way onto the internet somehow which is very dangerous. If companies can't be trusted to keep this stuff safe then I think they should start to face consequences.
|
|
|
|
bob123
Legendary
Offline
Activity: 1624
Merit: 2481
|
|
October 29, 2020, 11:23:43 AM |
|
In the same way you warned the users of this forum a few months ago about a security breach affecting electrum, I humbly think that it might be good to inform the community of the dangers incurred following the receiption of phishing emails targeting ledger wallet owners.
Electrum had a (admittedly not severe at all) vulnerability. But there is no new ledger hardware wallet vulnerability. The only risk lies in getting phishing mails, which people receive anyways. I don't get why a forum should warn its user about phishing mails from a completely different company. In fact, it could even lead to a perceived security, in times where there is no such warning. But those phishing mails are still being sent. 24 hours a day, 7 days a week and 52 weeks a year. IMO unnecessary. |
|
|
|
Poker Player
Legendary
Offline
Activity: 1372
Merit: 2015
|
|
October 29, 2020, 07:11:06 PM |
|
I got one and it does look very convincing if you don't pay attention.
Indeed. I've just received two, identically the same. I don't know why they have sent me two. But I've checked to see what was happening and I've realized that the phishing ones come from support@ledger. cam while the one I got warning me of the phishing scam attempts came from noreply@ledger.com. |
|
|
|
|
btcltcdigger
|
|
October 29, 2020, 08:03:46 PM |
|
I've received this email also, actually 2 of them.
In the first one they had a typo and wrote " malware. malware" and few minutes later another one arrived witht the mistake corrected.
|
|
|
|
|
GrosWesh (OP)
Legendary
Offline
Activity: 2268
Merit: 1434
|
|
October 29, 2020, 08:42:16 PM |
|
I don't get why a forum should warn its user about phishing mails from a completely different company.
In fact, it could even lead to a perceived security, in times where there is no such warning. But those phishing mails are still being sent. 24 hours a day, 7 days a week and 52 weeks a year.
IMO unnecessary.
I understand and respect your point of view. However i thought (probably a little naively) that highlighting such an information would be a little service (at no cost to the forum) that possibly could avoid big disappointments for some members. Basically a form of mutual aid... But I also think bitcointalk is probably too big (so less in a family state of mind) for that. |
|
|
|
|
|
