Ledger, founded in 2014 by Éric Larchevêque, Joel Pobeda, Thomas France and Nicolas Bacca, is in the spotlight, but not for the right reasons. Indeed, the French and world leader in crypto and Bitcoin (BTC) security, known for its products such as the Ledger Nano S or the Ledger Nano X, has been the victim of a hack from its customer base. Let’s come back to the elements of this attack, and the consequences for Ledger’s customers.
No crypto stolen, only personal data
Before going into the details of the attack, it is important to specify that all funds are safe ! #FundsAreSAFU
Indeed, the hack of which Ledger is a victim does not concern that customer data and in no case the products are in danger, nor your private keys. Besides, this is the whole point of going through a company like Ledger: your keys belong only to you, and therefore, even in the event of access to Ledger data, hackers cannot access your cryptos.
Nevertheless, hackers managed to gain access to the data of almost half of the company’s customers, or about 1 million people. Among the stolen data, we find:
- Mail address ;
- Last name First Name ;
- Address ;
- Purchase history.
You are affected by this hack if:
- You have bought a product directly on the merchant site ;
- You receive the newsletter of the start-up.
In these cases, we invite you to the greatest caution in the days and weeks to come. Hackers could not access your cryptos. Nevertheless, it is possible that they launch a phishing campaign by email to retrieve your private keys.
We never remember it enough but do not communicate under any circumstances the 24 word suite to secure your Ledger wallet (or even any other crypto wallet)!
A 2018 flaw that comes from the website
The flaw that allowed this attack has been present since 2018 on the Ledger website. On July 14, 2020, a cybersecurity researcher discovered the fault and traced it to Ledger through their bug hunting program.
Then, Ledger immediately corrected the site. It was also then that they realized that the flaw in question had been used on June 25 by the hackerss.
Two days after the discovery of this flaw, Ledger contacted the CNIL (the French data protection authority) in order to start legal procedures following the loss of customer data.
The crypto wallet firm also said work closely with Orange Cyberdéfense in order to determine the impacts of this attack, and better to estimate the scale of damage.
Ledger is recognized worldwide within the cryptocurrency sphere for its cybersecurity products and its keys allowing you to protect your cryptos away from exchanges. Nonetheless, and despite their undeniable competence, no one is safe from attack. It is important to note that Ledger chose to act quickly and in particular to communicate quickly on this matter, in full transparency. Indeed, a newsletter has been sent to all customers to warn them of this data theft and the precautions to be taken. Plus, ultimately, clients’ funds are safe. And this is the most important.
Bitcoin, cryptocurrency and Blockchain influencer and popularizer. My goal: to make these complex notions accessible with passion on a daily basis on my networks.