Ledger stated yesterday that they have been alerted to the dump of a customer database on Raidforum. The company said that it is still confirming the hack but early signs indicate it is from its e-commerce database from this past June.
Today we were alerted to the dump of the contents of a Ledger customer database on Raidforum. We are still confirming, but early signs tell us that this indeed could be the contents of our e-commerce database from June, 2020.
— Ledger (@Ledger) December 20, 2020
Ledger said it has contacted French law enforcement authorities while simultaneously dealing with an ongoing phishing attack – taking down 171 bogus sites since the breach. Ledger has launched a page on its website to warn users about potential phishing scams.
The security breach apparently has not imperiled any direct crypto-thefts and the company emphasizes that funds are safe but the hack has enabled scammers to attempt to con Ledger customers into handing over access to wallets. It was not quite clear as to when Ledger first became aware of the breach.
Below is an example of an email that one apparent Ledger user received tied to the data dump.
So I get an email from “unknown” stating my full name and physical address – because of your leak. What are you actually going to do about this@galgitron – anyone else had anything similar? pic.twitter.com/R9NslweFnk
— Lee Woodward (@_LeeWoodward) December 21, 2020
Somewhat ironically, a section of its website tracks crypto exchange hacks noting that $1.74 billion has been stolen from exchanges or $31 every second…
Ledger reports more than 1.5 million wallets have been sold since 2014.