The cryptocurrency hardware wallet firm Ledger was hacked last June and over a million emails were exposed, according to reports from the company at the time. Months later, the hackers who obtained the Ledger data emailed clients, sent texts to customers, and created phishing links for users to enter their seeds. One customer allegedly lost $50k and during the last week, the company has been getting inundated with complaints on social media.
Last Summer’s Ledger Wallet Data Breach Leads to Phishing Scams
The Ledger hackers who obtained roughly a million customer emails and possibly other data, have been harassing customers and allegedly stealing their money. On July 29, 2020, the French bitcoin hardware wallet manufacturer explained that hackers compromised about one million customer email addresses.
Additionally, around 9,500 customers had other information exposed including names, shipping addresses, and phone numbers. Ledger detailed that it recommended customers “exercise caution” and “always be mindful of phishing attempts by malicious scammers.” The company report also wrote in bold lettering that Ledger “will never ask you for the 24 words of your recovery phrase.”
If you have a Ledger, throw it away, change your email, and move your house. A malicious third party has your detials and knows you own a hw wallet. @Ledger, what’s your plan to protect thousands of users who are now walking with a target on their back?
Phishing emails 24/7 pic.twitter.com/r9Fo0FSfPx
— Craael (@TheCraael) December 9, 2020
Meanwhile, as time passed, customers have been getting phishing emails from hackers and allegedly a few people have lost their precious cryptocurrencies. For instance, the popular bitcoiner Brad Mills told his 19,000 Twitter followers about a person who ostensibly lost $50k in crypto.
“Hey Ledger you need to keep sending phishing warnings to all of your customers,” Mills tweeted. “People are losing their savings because of the hack. Get in front of it, continually send out purposeful emails to your customers *just* about the hack. Be a good steward. You need to do better,” Mills added.
Claims of Lost Funds and SMS Text Messages
Another user on Twitter said he was quitting crypto after getting his wallet emptied. “No way,” he wrote. “My Ledger wallet got emptied after I followed the instructions in the phishing email thinking it was the real Ledger, I can’t believe I fell for it. I’m done with crypto.”
Then another user said: “A good chunk of my bitcoin is gone through the Ledger phishing scam. Seriously. Someone I love had access to the seed phrase, got the text warning that our wallet was hacked and to enter seed to recover…, and entered the seed + passphrase. RIP.”
Many users have said the situation has been happening for months, but no one is certain to what extent. Last month, someone posted to the Reddit community dedicated to Ledger products and told people to file a complaint to their local Data Protection Authority (DPA). The post had a number of customers who said they were getting SMS text messages.
Man, I used to love Ledger. But after all My info leaked. I received text messages to my phone saying my [bitcoin] was being transferred and emails saying reset your password/ prove your identity. It was very convincing and I feel if it were not for the negligence of Ledger leaking all my info, I would have never been put in the situation to be phished for 5k on one of my devices.
Ledger Hackers Pretend to be Trezor
There are many social media posts about the Ledger situation from customers complaining. A variety of them have said they received an email or some kind of communication that tells the customer their funds may be compromised and the scammers act like the official company. The popular bitcoin evangelist Andreas Antonopoulos tweeted about the situation on Saturday, and said the hackers were also using Trezor’s brand name.
“PSA,” Antonopoulos said. “The Ledger database hackers are now trying a phishing attack mentioning TREZ0R (misspelled with a zero): ‘Your TREZ0R Wallet has been deactivated. You are required to pass verification due to the new KYC regulations: <phishing link removed>’” Antonopoulos added.
“To be clear, this new phishing attack seems to originate from the same database that was stolen from Ledger,” Antonopoulos further tweeted. “The same (fake) name and number appears for me. It seems to be unrelated to Trezor, other than the attackers using that name in their new phishing campaign.”
What do you think about the latest news about Ledger customers getting phished? Let us know what you think about this subject in the comments section below.
Image Credits: Shutterstock, Pixabay, Wiki Commons, Ledger Wallet Nano
Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.