In June of 2020, Ledger, the most popular hardware wallet for storing digital assets, was the subject of a data breach. At the time, it was surmised that over 1 million clients were affected, with identifying data being stolen. Fast forward to the present, and it would appear as though the situation is rearing its ugly head again, as the hacker responsible for the breach released all of the stolen data to the public.
Ledger Data Breach
Understandably, those affected by the breach are not happy. This has led to a growing number of individuals calling for a class action suit to be filed against Ledger.
As stated, the breach saw various pieces of identifying data stolen. This included,
- Hardware wallet order forms with associated emails
- Residential addresses
- Phone numbers
- Email addressed of those subscribed to the Ledger newsletter
As a result of this leaked data, those with crypto holdings have had a target painted on their backs. Thieves are now working diligently to concoct schemes in which they can trick people into losing their holdings.
One of the more common means of attack are for these thieves to generate emails, which look as though they have come from Ledger itself, requiring the holder to take certain actions which would allow the thieves access to their hardware wallets. Why try to hack a hardware wallet when you can manipulate its owner into giving unfettered access unknowingly?
Perhaps the scariest scenario would see thieves tracking down holders in the real world, with the leaked residential addresses. Although this may sound farfetched, there are various instances over the years of people being held hostage in an attempt to coerce holders to hand over their digital assets.
A Sad Reality
Unfortunately, in our increasingly digital world, we are also increasingly susceptible to such data breaches. Regardless of how hard security specialists work to protect our information, there will always be those which push the boundaries, looking for ways to circumvent safeguards.
This is not just a case of a small company like Ledger becoming a victim. Data breaches happen regularly on a much larger scale. This was most recently on display when the U.S. Treasury was the victim of a breach. This event, which is believed to have involved over 50 corporations from around the world, is suspected to be the work of Russian intelligence officers.
If this storyline sounds somewhat familiar, it unfortunately is. Only months ago, various Russian intelligence officers were indicted in the United States for ‘Conspiracy to Commit an Offense Against the United States’. In this particular hack, those responsible were found to have used Bitcoin to obscure purchases associated with their actions, allowing them to hack political campaigns, power grids, and more.
Bitcoin is Hack Free
With regards to the breach involving the U.S. Treasury, Bitcoin advocates have taken the opportunity to highlight the fact that ‘Bitcoin has never been hacked’.
While this may be a catchy statement, it is unfortunately a flawed one. Hackers do not need to hack Bitcoin to steal your assets – they simply need to hack one of the many companies providing services surrounding the sector – such as Ledger. Bitcoin itself may not have any glaring security weaknesses, but it is surrounded by companies that do.