Last year, hardware wallet provider Ledger suffered an internal breach of security resulting in the exposure of 250,000 to 1,000,000 customer email addresses. In some cases, the information leaked included full names and addresses. A class action is under way, but the after-effects linger.
Initial Concern Regarding Bad Actors
Since self-custody and privacy remain crypto’s greatest drawcards, the initial concern was that the information would be used by malicious actors to separate users from their crypto holdings.
Within a short space of time, Reddit users described various phishing attempts (such as links to the “latest software upgrade”) and death threats (so-called “$5 wrench attacks”). At the time, users quite reasonably began asking questions as to whether or not Ledger was a secure hardware wallet.
Unsurprisingly, once leaked private information becomes available in the public domain, the consequences are likely to linger. Ledger’s 2020 data breach is no different as the ramifications persist.
Latest Fraudster Activity
Recently, Ledger customers have revealed a new and sophisticated effort by fraudsters involving fake hardware wallets being sent to exposed Ledger customers’ addresses.
Overlooking the fact that Ledger is unlikely to ever send a “new” unsolicited hardware device to its users (much less one that is unsealed/damaged), the clear giveaway in this instance was a single use of slang in the letter:
… For this reason, we have changed our device structure. We now guarantee that this kinda [emphasis intentionally added] breach will never happen again.
Extract from fake Ledger letter
In addition to examples such as that outlined above, some users have also described fake hardware being sent with a pre-installed recovery seed:
How to Avoid Getting Scammed
Unfortunately, scammers continue to thrive and innovate within the crypto space. In 2020 alone, Australians lost $26 million in Bitcoin to scams.
The good news, however, is that there are some basic principles within the domain of hardware wallets that dramatically reduce the prospects of being scammed:
- Only buy hardware directly from the manufacturer or authorised reseller
- Never buy a used device
- Make sure the packaging has not been tampered with
- When starting the device up, make sure there aren’t any error messages that could be evidence of tampering
- Remember that no hardware wallet comes pre-installed with a 24-word recovery phrase.
.
Disclaimer:
The content and views expressed in the articles are those of the original authors own and are not necessarily the views of Crypto News. We do actively check all our content for accuracy to help protect our readers. This article content and links to external third-parties is included for information and entertainment purposes. It is not financial advice. Please do your own research before participating.
Credit: Source link