- Users received phishing emails containing software that led to a loss of funds.
- The hack is linked to a customer data leak from June of 2020.
- The company has warned its users to stay vigilant and verify incoming requests.
Customers raised the alarm on October 24th, when several users reported a suspicious e-mail bearing the company’s logo. The e-mail claimed that there had been a security breach, placing customer’s money in danger. The e-mail then provided a link for customers to update their Ledger firmware. The link took customers to a fraudulent copy of the company website, containing malware that gave the phishers access to the users’ Ledger wallets.
To its credit, Ledger was quick to act against the phishers, taking the malicious site down. Unfortunately, it may be a case of damage done. The hackers still made off with an unspecified amount of cryptocurrency and still hold the customer data from the July attack. It means that they can continue to recycle that stolen data for a new scheme, placing Ledger’s customers at risk.
Trust But Verify
This latest breach of the company’s systems is a cautionary tale for other wallet companies and customers. There will now be pressure placed upon it and other Wallet providers to use more secure systems to prevent future breaches. As for customers, this will serve as a careful reminder to remain cautious of and to verify e-mails that they feel are suspicious. There are numerous resources on the Internet to help less-savvy users identify phishing scams, and one would hope that they are used with greater frequency going forward.
Confidence in Ledger Damaged
As for the company, greater security measures alone will not be enough going forward. This is the second significant cyberattack on the platform in the space of six months. This will not only damage Ledger’s reputation, but it will also undermine customer confidence in their services. An undisclosed amount of Cryptocurrency was lost due to this security fault, but any customer money lost is too much. Ledger now has to work that much harder to prove to its customers that it can be a safe and secure platform in the future.