Ledger owners report chilling threats after 20K more records leaked

Published at: Jan. 15, 2021

Ledger users are receiving threatening emails in the wake of the hardware wallet manufacturer reporting that 20,000 more of its customers have been affected by another massive data breach.

One or more extortionists using the names Darrin Burlew and Denni Hornig have reportedly sent emails to users who say their personal information was released as a result of the data breach at Ledger in June and July of last year.

Reddit user Crypthomie, a former flight attendant based in the United Arab Emirates, said his Ledger owning father received a message today. The email included his name, home address, and phone number and demanded 0.3 Bitcoin (BTC) or 10 Ether (ETH) — worth roughly $12,000 — or he'd face physical violence. Crypthomie made headlines in the crypto space last by being unable to pay back a $100,000 loan to buy BTC at the height of the 2017 bull run.

“I am taking this very seriously and Ledger has made a very big mistake,” said the Redditor. “I know that those scammers sending emails by hundreds are just trying their luck by creating fear, but when it comes to the safety of your family it's another story.”

“Don't be fooled people, no one will come to your home to kill you but this feeling of insecurity is a scandal and Ledger has to do something about it.”

Other Ledger users report receiving similar emails with demands for a crypto ransom to be paid within 24 hours or they will face “horrifying” consequences.

“Are you able to imagine all the possible consequences that can occur to you and your loved ones?” said the scammer in another email. "I hope you do not ruin every little thing for yourself by making the wrong choice.”

F**k sake! This is my actual home address in the email.I don't even know what to say, but @Ledger you absolutely useless waste of space.Stay safe everyone $VET #VeChain #VeFam #VTHO #VET #CryptoFam pic.twitter.com/T3gLuU7gsg

— Saleh Ahmed Ⓥ (@SalehAhmedd_) January 14, 2021

While real world attacks to steal cryptocurrency are much rarer than hacks or scams, they do occur. Bitcoin engineer Jameson Lopp (who lives off the grid) maintains a list of news articles reporting attacks in “meatspace” to steal cryptocurrency.

The threats came a day after Ledger announced that data from roughly 20,000 more users had been leaked via Shopify, blaming “rogue members” the platform’s support team.

The original data breach in June and July 2020 included 1,075,382 email addresses from users subscribed to the Ledger newsletter, and the personal information (including home addresses) of 272,853 hardware wallet orders. Cointelegraph reported last month that the hackers responsible for the breach had made all the Ledger customers’ information publicly available, increasing the risk of phishing attacks, blackmail, and kidnapping.

In response to these attacks, Ledger stated it would be working with analytics firm Chainalysis and others to keep track of the scammers’ wallets. Ledger said it will report any illicit transactions to law enforcement, at which time it may be able to “freeze the crypto assets should they land on exchanges.” Ledger has also arranged a bounty of 10 BTC — roughly $390,000 at the time of publication — ”for information leading to successful arrest and prosecution” of the scammers.

However, some Ledger users who believe they are still at risk seem unsatisfied with the firm’s response, expressing incredulity over the lack of security and demanding compensation.

“That 10 BTC bounty fund should be given to the affected customers and not the bounty hunter,” said Twitter user CryptoPilot2.

Others pointed out the irony in a firm offering high-end crypto security suffering such a massive data breach. "I was about to buy your wallet and saw the news the next day,” said user illtech8.

“Your entire brand is based upon trust, and now nobody trusts you. There isn't a recovery from this.”
Tags
Business
Hacks
Hackers
Cybersecurity
Security
Ledger
Related Posts
Poly Network offers to on board 'Mr. White Hat' as chief security advisor
Decentralized finance protocol Poly Network has offered the person behind a $610 million hack an advisery position and $500,000 — whether they like it or not. In a Tuesday update, the Poly Network team said, in a seeming attempt to gain access to the hacker’s expertise, that it would be inviting them to the position of chief security adviser. In addition, the project will be sending a $500,000 bounty for the attacker, whom Poly dubbed "Mr. White Hat," despite the fact they have previously refused any payment. “Poly Network has no intention of holding Mr. White Hat legally responsible, as …
Business / Aug. 17, 2021
Hotbit crypto exchange shuts down for maintenance after attempted hack
Cryptocurrency exchange platform Hotbit has shut down all of its services after an attempted cyberattack on Thursday. “Hotbit just suffered a serious cyber-attack starting around 08:00 PM UTC, April 29, 2021, which led to the paralyzation of a number of some basic services,” a notice on the platform’s website reads. The hackers were reportedly unsuccessful in gaining access to Hotbit’s wallets but did manage to compromise the platform’s user database. Thus, the Hotbit team has advised customers to disregard any communication from entities claiming to be representatives of the exchange. With all normal operations currently paused during the ongoing maintenance, …
Business / April 30, 2021
Crypto app targeting SharkBot malware resurfaces on Google app store
A newly upgraded version of a banking and crypto app targeting malware has recently resurfaced on the Google Play store, now with the capability to steal cookies from account logins and bypass fingerprint or authentication requirements. A warning about the new version of the malware was shared by malware analyst Alberto Segura and treat intelligence analyst Mike Stokkel on Twitter accounts on Sept. 2, sharing their co-authored article on Fox IT’s blog. We discovered a new version of #SharkbotDropper in Google Play used to download and install #Sharkbot! The found droppers were used in a campaign targeting UK and IT! …
Blockchain / Sept. 5, 2022
Coinbase discloses recent cyberattack targeting employees
Crypto exchange Coinbase experienced a cybersecurity attack targeting its employees on Feb. 5. The attack came through SMS scams and involved impersonations of IT staff, according to a recent report from the company's engineering team. No customers' funds or information were impacted, the firm said. As per the report, on a late Sunday several Coinbase employees received SMS messages requiring them to urgently log in via the link provided to access an important message. Acting in a good faith, one employee followed the exploiter' instructions: "While the majority ignore this unprompted message - one employee, believing that it’s an important …
Technology / Feb. 22, 2023
Top 7 cybersecurity jobs in high demand
In today’s digital age, cybersecurity has become a critical aspect of almost every business. Cyber threats are increasing daily, and businesses must take proactive measures to protect their networks and data. As a result, the demand for cybersecurity professionals has skyrocketed. Little Friday humour #meme #cybersecurity @hackurityio pic.twitter.com/MArEpCh03k — Harold De Vries (@devries_harold) February 17, 2023 In this article, we will discuss the top seven cybersecurity jobs that are in high demand. Cybersecurity analyst A cybersecurity analyst is responsible for identifying and mitigating cyber threats to an organization’s network and data. They examine system logs and network traffic to find …
Technology / Feb. 26, 2023