Tag: Ledger

Death Threats And Fake Emails: Ledger Users In Danger As Hackers Start Massive Attacks Following The Database Leak

Post author By José Oramas
Post date December 23, 2020

The Sim Swap attacks have begun following Ledger’s database leak, now that hackers have all the personal information of at least 270,000 users. Now scammers are sending apology messages on Ledger’s behalf, tricking users into installing the “latest version”.

Hackers are sending malicious links into tricking users to “Download the latest version” with a convincing letter. One of Ledger’s user fell into the trap and reported losing $4,000 thanks to a modified metatask extension.

SCAMMERS ARE GOING WILD

Sending fake emails pretending to be Ledger apologizing for the data leak and phishing you to install "latest version"

BEWARE!!
— Ivan on Tech (@IvanOnTech) December 21, 2020

Below is a screenshot uploaded by a Twitter user who received the message from the hackers. People on Twitter are alarmed by how compelling and convincing the message is, despite a minor spell error at the end.

But the outrage is even greater since the affected users have reported that Ledger has not commented nor provided assistance of any kind on these messages.

A user from Reddit that goes by the name u/goldcakes reported receiving several death threats over his ledger:

Taken from: Reddit

At least 1 million users were exposed on Raidforum since the attacks on Ledger began. According to the staff, the attack only leaked the personal data of 9,000 users. The company downplayed the issue, saying it was “old data.”

Now it turns out that those 9,000 users became 270,000 people which have all their personal info in hands of cyber-thieves, and are exposed to these types of messages. Likewise, Ledger could be in serious trouble if affected users take legal action, which might start soon.

Tags Ledger

Crypto Wallets Hackers

Ledger Crisis: Users May Pursue a Lawsuit as They Receive Threatening Emails

Post author By Ibiam Wayas
Post date December 22, 2020

The security breach on Ledger, which led to the exposure of customers’ contact information, is currently causing a heavy shake of the company’s long-built reputation as the leading and secured hard wallet maker. On December 20, a hacker(s) dumped a database containing email addresses and physical contact information of Ledger customers, making them even more vulnerable to threats and phishing attacks – to a greater extent.

While the company says they are working to investigate the matter, customers are already displaying signs of pushing a class-action lawsuit against the hardware wallet provider.

Ledger Users are Already Receiving Threatening Messages via Email

The recent development on the Ledger hack was spurred after a database – probably stolen in the June attack – was dumped on RaidForms, a marketplace for trading stolen information. This resulted in the exposure of over one million email addresses subscribed to Ledgers’ newsletter, including the Emails, Physical Addresses, Phone numbers, and other identifying information of 272,000 Ledger buyers.

ALERT: Threat actor just dumped @Ledger's database which have been circling around for the past few months.

The database contains information such as Emails, Physical Addresses, Phone numbers and more information on 272,000 Ledger buyers and Emails of 1,000,000 additional users. pic.twitter.com/Sv9cQwhuNy
— Alon Gal (Under the Breach) (@UnderTheBreach) December 20, 2020

With this information in the wrong hands, many people feared that this is only the beginning of threats and phishing attacks on the customers. Already, the customers are receiving messages of physical threats, if they don’t pay about $500 in Bitcoin ransom, according to a Reddit user, u/elephants. The message sent to him/her reads precisely:

Hello (my name), I have recently become aware of your Cryptocurrency holdings, I also live in (my city), and I also know that you live at (my address). I’m not afraid to invade your home, I don’t want to make this any harder than it has to be. I’m offering you $500 (shouldn’t be much to you considering the recent pump) to leave you alone.
If not, I’m not afraid to show up when you least expect it and see how my wrench works against your face, or maybe even wait for you to leave your home and take your belongings whilst you’re not there to call the police. I’ll be waiting for the money, and watching you until then.

Lawsuits hovering

As Ledger customers seem not to be satisfied with the company’s response to the development, they are raising talks on pushing a class-action lawsuit against the wallet maker.

If any lawyers want to start a class action suit, I’m sure many of us will jump on board. This has just gotten 10,000x worse now.
— Ryan Olah (@RyanOlah2) December 20, 2020

Tags Ledger

Scams

Someone Just Lost $50K Bitcoin to Ledger Phishing Scam

Post author By Ibiam Wayas
Post date December 10, 2020

Buying and holding Bitcoin (BTC) or any other cryptocurrency might be an easy thing to do, but it does require a great level of vigilance to ensure you don’t lose them to cyber-scams. Hackers are becoming a big threat to the growth and development of the crypto industry. Today, a Bitcoin investor reportedly lost about US$50,000 life saving to hackers in a recent Ledger wallet attack.

Hey @Ledger you need to keep sending phishing warnings to all of your customers!

People are losing their savings because of the hack!

Get in front of it, continually send out purposeful emails to your customers *just* about the hack!

Be a good steward! You need to do better. pic.twitter.com/AlNCMbIBST
— Brad Mills ✍️🔑 (@bradmillscan) December 9, 2020

Ledger Phishing Scam

Ledger is one of the biggest hardware wallet providers for storing cryptocurrencies offline. About a month ago, the company’s marketing/sales database was breached by hackers, exposing the customers’ contact information to the bad actors. This allowed the attackers to unauthorizedly send false and malicious messages to the wallets users’ who gave Ledger their contact details before the database was breached.

Part of the phishing message sent to Ledger users reads: “Our forensics team has found several of the Ledger Live administrative servers to be infected with malware.” While the message looked professional, the content was false. A few customers were able to spot the attack and raised an alarm. However, the attackers recently changed the content of the message, telling customers that their wallet has been disabled due to know-your-customer (KYC) regulation.

US$50,000 in Bitcoin Gone!

As Brad Mills tweeted on Tuesday, the recent message tricked the Bitcoin investor into sending his life savings to the Ledger phishing scammers. According to Mills, Bitcoin investors must be extra vigilant to overcome social engineering hacks, not just being your own bank. One other proven approach all crypto investors must know is not to input their wallet key phrase in any link or website if they must avoid losing their funds in crypto.

Those key phrases are to be directly entered on the wallets, in this case, the Ledger device.

Tags Ledger, Phishing, Scam