Buy $100 worth of crypto and get a bonus $10

  • Trade crypto and digital assets
  • Significant sign-up bonuses
  • The most trusted finance platform

Disclaimer: eToro USA LLC; Investments are subject to market risk, including the possible loss of principal. Your capital is at risk. This ad promotes virtual cryptocurrency investing within the EU (by eToro Europe Ltd. and eToro UK Ltd.) &USA (by eToro USA LLC) which is highly volatile, unregulated in most EU countries, no EU protections & not supervised by the EU regulatory framework. Investments are subject to market risk, including the loss of principal.

  • Home
  • >News
  • >Ledger Hack May Have Unintended Side Effects for Victims

Ledger Hack May Have Unintended Side Effects for Victims

On June 25, an unknown party accessed Ledger’s e-commerce database and stole up to 1 million records. The types of records stolen were names and email addresses. At the time, the attack went unnoticed. It wasn’t until July 14, that a whitehat hacker made the bug known through a bug bounty. At this time, Ledger retroactively noticed the vulnerability had been exploited. Ledger immediately took action, and notified its customers through an email. A much smaller subset of customer data containing physical addresses and phone numbers was also stolen. While no hack is a good hack, losing customer postal addresses may have unintended side effects.

hacker sitting in the dark

The Implications of Losing Postal Addresses

In the event that the customer’s postal addresses make it into the hands of organized crime, they could face real danger. This is because a couple of things can be assumed about the individuals.

  1. They bought a ledger hardware wallet
  2. They are holding a non-zero balance of cryptocurrency

The one way to steal cryptocurrency from a hardware wallet is to access it directly. Hardware wallets are by far the safest way to hold cryptocurrency, as they are not connected to the internet. This fact significantly reduces your chances of having your cryptocurrency stolen. Unless someone knows where you and your device are, they are unable to steal your cryptocurrency.

This is precisely the problem with having customer postal information and phone numbers stolen. These two items are the ingredients for a wider scale attack on the subset of ledger users. With the phone number, attackers may try to break into exchanges or services that require 2FA (Two factors authentication). With the postal address, attackers may visit the homes of these individuals directly, and steal their cryptocurrency.

What Should Ledger Do?

In this situation, Ledger should notify the individuals whose postal addresses have been stolen. Just like they notified everyone who was compromised in the e-commerce hack, they should infuse greater awareness within the individuals who face greater risk. The second thing that should be done is notify the authorities, and make sure they are aware that this vulnerability could lead to additional action taken by the attackers. Ledger is based in France, and so they have begun to take the corrective action that is suggested above. On July 17, Ledger filed a report with France’s Data Protection Authority. On July 21, Ledger began working with Orange Cyberdefense to determine the best course of action for how to deal with this data breach.

In any reasonable persons estimation these are the best two steps that could have been taken by Ledger. It is always embarrassing when a company selling a secure device gets hacked. The very reputation of the company hinges on the belief that they can implement security properly across their platform. That being said, hackers are very intelligent, and crafty individuals. Hacks happen to some of the biggest, and best companies in the world. At the very least, when a hack does happen, we expect that the company owns up to it. We expect that they take the necessary actions required to remedy the situation and prevent unintended side effects. 

Article Tags
Keegan Francis Headshot

About the Author

Keegan Francis

Keegan Francis is a cryptocurrency knowledge expert and consultant. He recognized the opportunity in cryptocurrency early in his career and has been invested in it since 2014. His passion led him to start the Go Full Crypto, a project that documents his journey of totally opting out of traditional financial services. Keegan has been living entirely off of cryptocurrencies since 2019.

Latest News

Back To Top