While the security of Ledger products is unparalleled – Ledger Nano products are the only hardware wallets independently certified on the market – and remains uncompromised, criminals are attacking Ledger customers with phishing attempts using different attack types. Recently, Shopify discovered Ledger customers were impacted by the Shopify data theft disclosed by Shopify here, and notified Ledger.
Focused adversaries will always try different angles to access Ledger data and we must continue to strengthen our security posture. This is an industry-wide problem we need to fight together, and Ledger is doubling-down on our commitment to do our part in this fight.
In this blog post we are updating our users on our ongoing actions to strengthen our security practices and pursue justice in our 2020 data theft:
- We are announcing changes in the way Ledger will handle customer data: Our goal is to completely delete your personal data such as name, address, and phone number as soon as possible. We are challenging ourselves and third party providers to keep this data for as short a period of time as necessary to fulfill our obligations to our customers (such as fulfilling your order) and the law (such as accounting and legal obligations). Data which needs to be kept will be put in a further segregated environment.
- We will implement a messaging model where proactive important security and technical information will be conveyed through Ledger Live. Email and social media will ONLY be used for broadcasting product messages and announcements.
- Ledger is committing numerous additional resources to identifying and prosecuting those responsible for the attacks on Ledger and Ledger customers including a bounty fund of 10 BTC for information leading to successful arrest and prosecution. We hope other companies will join the bounty program and help make the crypto community a safer place.
Security reminder: NEVER give your 24 words to ANYONE. Ledger will NEVER ask you for your 24 words. If someone posing as Ledger asks for your 24 words, that is a criminal, not Ledger. The ONLY place where the 24 words of your recovery seed must be input is in your Ledger Nano – NEVER IN LEDGER LIVE.
In this post we will recap the events related to our data breach in the most transparent way possible. The entire Ledger team is working extremely hard to solve these challenges. This post is long but we want to give you as much information as possible regarding the direction Ledger is taking to keep your data safe and catch and prosecute the criminals perpetrating these crimes.
1- What happened
First, to recap the situation briefly: On July 14th, 2020 a researcher contacted us through our bounty program to inform us of a data breach on our e-commerce and marketing database. We immediately fixed the data breach and launched internal investigations. We discovered a malicious attacker had gained unauthorized access to our e-commerce and marketing database via a third party’s API key. Through forensics conducted by Ledger as well as third party forensics company Orange Cyberdefense we were able to identify that more than one million email addresses and approximately 9500 customer records including name, address, product(s) ordered and phone number were also stolen. We immediately (July 29th, 2020) notified our customers and shared the forensic information with the relevant authorities.
On December 20th, 2020 the full contents of the stolen databases were made publicly available in a forum. Once we saw these full databases, we could see that approximately 272,000 customer records including name, address and phone number were stolen in addition to the more than 1M email addresses. As soon as this was discovered we warned affected customers via email (December 21st, 2020).
Now, we have new information to share: on December 23rd, 2020 we received a notification from our e-commerce service provider, Shopify, regarding an incident involving merchant data in which rogue member(s) of their support team obtained customer transactional records, including Ledger’s. The agent(s) illegally exported customer transactional records in April and June 2020. According to Shopify, this is related to the incident reported September 2020, which concerns more than 200 merchants, but until December 21st, 2020, Shopify had not discovered that Ledger was also targeted in this attack. Shopify tells us they engaged digital forensics experts and counsel to continue their investigation on the matter and have reported the matter to law enforcement in both Canada and the USA.
Along with forensic firm Orange Cyberdefense we were able to establish that it affects approximately 292,000 customers. While the database is 93% similar to those exposed in the previous attack there were approximately 20,000 new customer records including, email, name, postal address, product(s) ordered and phone number included in this breach.
If you purchased a Ledger product after the end of June, 2020, or if you purchased your product outside of Ledger.com, your data was not exposed in these incidents.
For answers to frequently asked questions on both these attacks please visit the FAQ. To educate yourself on the kinds of phishing attacks being perpetrated, or to report a phishing attack to our team, see this page.
Throughout these attacks, Ledger hardware wallets remain uncompromised and your cryptocurrency secure SO LONG AS YOU NEVER SHARE YOUR 24 WORDS WITH ANYONE (especially someone pretending to be Ledger — Ledger will never ask you for this information).
2- Actions taken by Ledger
Concerning the data breach discovered on July 14th
We patched the breach on July 14th, 2020. On July 17th, 2020 we notified the French Data Protection Authority. We began conducting forensics with Orange Cyberdefense on July 20th, 2020. It was necessary and prudent to complete the investigation with Orange Cyberdefense and gather as many facts as possible before communicating the data breach to our customers.
As soon as we had the final report we sent an email to our entire email database on July 29th, 2020. We informed the media about the situation via a press release the same day. We filed a complaint with the French public prosecutor on August 5th, 2020.
Concerning the phishing campaigns against our customers
In recent months we’ve seen high activity of phishing attacks on our customers. We have communicated heavily to warn our customers about these attacks via email, on our Website, within Ledger Live, and on Twitter, Reddit and other third-party platforms. We sent an email to our entire database regarding these phishing attempts on October 22nd, 2020. We partnered with Webdrone, a company specialized in business intelligence and cybercrime, to identify the author(s) of phishing websites. We have an on-going program with Corsearch to shutdown phishing websites expeditiously through registrars and to date have shut down 216 sites and counting.
Our internal brand protection team has been exclusively dedicated to the phishing attacks since they started. Corsearch is collaborating with international investigative organisations on our behalf. On December 16th, 2020 we launched a specific page sharing the anatomy of these phishing attacks to help you identify them and report any new attacks you receive.
We are working with Chainalysis and other organisations to track the cryptocurrency wallets used by the scammers. If/when discovered, we will report them to law enforcement for action (for example to freeze the crypto assets should they land on exchanges).
We continue to work with several private investigators to find and track the individuals responsible for these attacks. All clues and information gathered are shared with the relevant authorities (if you have new information for us, please see the bounty program below). For the phishing campaigns, Ledger has also filed a complaint with the French prosecutor and shares information gathered by Ledger and the investigators on a regular basis.
Due to these incidents, Ledger has experienced an exponential increase in requests for information compared to this time last year. Every communication with our customers is important to us and we want to respond to every one with precise information. To accommodate to this demand we hired more resources in 2020 and are continuing to hire in 2021. We are sincerely sorry if you are experiencing delays with our customer support and we are working hard to answer everyone as quickly as we can. We hope this blog post and the FAQ immediately help you find the answers you are looking for.
Concerning the Shopify data breach
The investigation into the incident involving Shopify is ongoing and we will continue to update you as the situation unfolds. As of today: We notified the French Data Protection Authority on December 26th, 2020. After completing forensics with Orange Cyberdefense we informed all customers affected by this breach via email on January 13th, 2021. We continue to work with Shopify and prosecutors on the case; an investigation is already underway, led by the FBI and the RCMP. Ledger also reported the events to the French Public Prosecutor and filed a complaint against the rogue agent(s). We are continuing to work with Shopify using new internal processes to ensure enhanced security.
3- Next steps
Data breaches and phishing attacks are an industry-wide problem. We continue working on this problem every single day, and today we want to share with you the beginning of our new plan that is aiming to increase the protection of our customers.
FIRST of all, we would prefer not to have your data; your trust is worth much more to us than holding your data. When you order your product directly from Ledger we collect your information so we can ship you your order. Accounting regulations and legal obligations require that we keep e-commerce purchase data for a certain period of time. Still, we are changing the way we handle this data, to go above and beyond GDPR principles and take a best-in-class approach:
- Our goal is to completely delete your personal data such as name, address, and phone number as soon as possible. We are challenging ourselves and third party providers to keep this data for as short a period of time as necessary to fulfill our obligations to our customers (such as fulfilling your order) and the law (such as accounting and legal obligations). Data which needs to be kept will be put in a further segregated environment. For instance, we aim to put your e-commerce order information such as name, address, phone number in a segregated environment three months after the shipping of your product.
- We will reduce the locations at which your personal information is displayed. For example, we will be deleting the name, address, and phone number from the order confirmation emails we send to you so this data does not pass through our ecommerce email provider.
- We will implement a messaging model where proactive important security and technical information will be solely conveyed through Ledger Live. Email and social media will ONLY be used for broadcasting product messages and announcements.
- We will be conducting a detailed re-assessment of all our suppliers and partners to ensure that they continue to meet the highest standards.
SECOND, thefts and attacks such as this cannot go uninvestigated or unprosecuted. For cryptocurrency to thrive there must be a price to pay for committing cryptocurrency theft. We continue to work with law enforcement as well as private investigators on these cases, and we are adding more firepower:
- We are hiring additional private investigation capacity, adding experience and different approaches to finding those responsible for these data thefts. We will continue to work in concert with global law enforcement to find, arrest, and prosecute those responsible wherever possible.
- We are creating a bounty for new information, obtained legally, leading to the identification, arrest and successful prosecution of those responsible for attacks against Ledger and our customers. Ledger has seeded a wallet with 10 BTC (address: bc1qappeev2uut3md3622wtmxllwtn7ctqdhwv0xsc) as the initial bounty reserve. This will be disbursed at the discretion of Ledger and will consider factors such as – has the information been obtained legally? Is it new? How substantial is the information and how far will it help progress the investigation and result in a direct ability to prosecute individual(s)? Has that prosecution been successful? More generally, it will be subject to the terms of our bounty program available here.
- We are announcing our intention to collaborate with others in the industry on this initiative. We are reaching out to other companies and individuals in the space about ongoing funding of this bounty program for crimes committed against the crypto community. CEOs of other companies in the crypto space, if you would like to join us on this project, please get in touch ASAP.
We are deeply sorry that these incidents occurred and for any pain or stress they’ve caused our customers. Keeping you secure is Ledger’s mission and we take these incidents extremely seriously both personally and professionally. We will soon release a technical solution that will remove the 24 words as the single pillar of the security of our hardware wallets and will open the door to funds insurance for individual customers. These attacks have only strengthened our resolve to build and release products that keep you and your crypto safe. We have exciting, innovative and secure products and services to announce in 2021. Ledger remains committed to building the most secure products and protecting the crypto ecosystem. Period.
PLEASE take this moment as a reminder to be vigilant and take every possible step to protect yourself. As the value of your crypto increases and more people join the ecosystem, this will continue to be an area of focus. Crypto Casey does a great job of summarizing the situation and how to protect yourself in this video and podcast. Please take all steps to keep yourself and your crypto safe.
We are all here for the same reason: we are long-time believers in the value and future of cryptocurrency and digital assets. We at Ledger have learned very important lessons and will continue to work hard to ensure your trust is well-placed in us. We are humbled. We are becoming stronger and more resilient as a result.
Pascal, Ian, Antoine, Matt, Charles.
Elon Musk Agrees to Have the Bitcoin Talk With Jack Dorsey
After laughing at Jack Dorsey’s proposition for a Bitcoin conference earlier, Elon Musk has actually agreed to a BTC conversation with the CEO of Twitter at the event.
- As reported earlier, Elon Musk likes to have fun with the cryptocurrency community. Perhaps that’s why he initially laughed at Jack Dorsey’s most recent Bitcoin endeavor.
- The CEO of Twitter announced plans to hold a designated BTC event aiming to “help protect and spread what makes bitcoin open development so perfect.”
- After the initial laughter from Tesla’s CEO, though, Dorsey asked Musk to have a conversation at the event where the latter could share all of his “curiosities.”
- Later on, Musk indeed agreed to have “THE talk” at the event, which should take place on the 21st of July this year.
For the Bitcurious? Very well then, let’s do it 😉
— Elon Musk (@elonmusk) June 25, 2021
- Apart from Dorsey, some of the other popular names that will speak at the conference include the CEO and CIO of ARK Invest, Cathie Wood, and the CEO of Blockstream, Adam Back.
- With this event, Twitter’s CEO continues to reaffirm his support for the primary cryptocurrency.
- During the 2021 Bitcoin Conference in Miami, he called the asset the most important work of his lifetime. Furthermore, he said he would leave Twitter and Square if BTC needed him.
- His personal Twitter account continues to display only one word – bitcoin. Additionally, he partnered with the legendary rapper Jay-Z to donate 500 BTC to fund developers working on the network.
PlatoAi. Web3 Reimagined. Data Inteligence Amplifed.
Click here for Free Trial.
SOLANAX Private Sale Is On For The Cross-Chain DEX
[PRESS RELEASE – Please Read Disclaimer]
The cryptocurrency market has left people wondering about the long-term growth prospects and which cryptocurrency they should invest in. Solanax is an automated market maker (AMM) based on the Solana blockchain, which is set to be a game-changer in the cryptocurrency world.
The SolanaX Platform
After parsing through their team of professionals, whitepapers, their project plans, and unique platform capabilities, there is no doubt that once the platform is up and running in full swing, it will undoubtedly change the way people transact today with its simple interface for the public to trade at a record higher blockchain speed and lower gas fees.
- There are no time-consuming processes or intermediaries.
- It offers a very simple interface and lower gas fees while initiating the transactions.
- Solanax increases blockchain speed and makes it more convenient to transact than its peers in the cryptocurrency market.
- As Solanax is based on Solana’s Proof-of-History verification concept rather than a Proof-of-Work system (as that of Ethereum’s), it will enable users to leverage Solanax’s phenomenal transaction capabilities (Solanax to handle thousands of transactions in a second as compared to Ethereum’s 15).
- The most crucial part is that while speeding up blockchain transactions and lowering gas prices, Solanax does not compromise on the security aspect.
The Ongoing Private Sale Of Solanax
Solana blockchain is substantially faster compared to its peers, and the ongoing private sale is an opportunity for crypto enthusiasts and investors to participate in this game-changer prospect.
The private sale is still ongoing until Friday, 25th June.
Total Supply: 80 000 000 SOLD Tokens
There will be 20 Million SOLD Tokens distributed before the CEX listing.
Private Sale: Total available token supply – 10,000,000 SOLD
Period: From 06/06/2021 to 25/06/2021
Token Price: $0.1 with a 3months vesting period
Token Price: $0.15 w/o vesting period
Initial Exchange Offering: Total available supply – 10,000,000 SOLD
Solanax aims to revolutionize the DeFi exchange network and enhance efficiency levels to new highs. With DeFi gaining popularity, there is an urgent need for the industry to look beyond the older cryptocurrency platforms like Bitcoin and Ethereum. The sluggish transaction speed is one of the prime reasons for Solanax not preferring the Ethereum-like platforms. Besides, Solanax, with its high blockchain speed, simple interface, and low gas fees, is truly a game-changer for crypto aficionados, and Solanax’s Ongoing Private Sale presents the perfect investment opportunity for investors.
PlatoAi. Web3 Reimagined. Data Inteligence Amplifed.
Click here for Free Trial.
Ethernity CLOUD: Data Confidentiality Backed By Blockchain
It goes without saying that data confidentiality is one of the hottest topics of the decade. From mega scandals of leaked information to a constant stream of news about large corporations being victims of ransomware, there’s undeniably something lacking in the way data is stored traditionally. For the most part, at least.
The truth is that most users rely on traditional cloud infrastructure. Unfortunately, it has many central points of failure and trust, such as:
- The centralized nature of the Domain Name System (DNS)
- The dependency on one or numerous cloud providers for service availability
- Centralized storage of user information
Blockchain technology and cryptography are quickly becoming a topic that many discuss mainly for its potential to disrupt a range of traditional services – data storage and cloud computing are among them.
Etherenity CLOUD is a project that envisions cloud computing infrastructure to be an environment where the data of users is hosted on a range of systems in a manner that’s both confidential and heavily encrypted. From home computers to professional-grade datacenters, any kind of hardware could be used with Ethernity CLOUD and trust that the information is private while in transition and in general.
Ethernity CLOUD: What is it all about?
If one thing is clear, it’s that centralized data servers have become a primary target for hackers. Less than two weeks ago, CryptoPotato reported that JBS – the world’s largest meat producer, paid $11 million in Bitcoin to ransomware hackers who successfully locked the company out of their data.
Ethernity CLOUD’s infrastructure software is created on top of open-source services and technologies, and the migration from standard, centralized cloud providers to it is relatively simple. This comes as a difference to other decentralized hosting solutions, which tend to be rather complex in their attempts to reinvent the wheel.
The main purpose of the project is to provide blockchain infrastructure to participants so they can run cloud software in a decentralized manner, to rent out their idle or extra hardware, and so forth – all this while also providing incentives for decentralized cloud application developers.
Data Confidentiality and Encryption
Ethernity CLOUD’s architecture is designed in a way to favor the most secure encryption and hashing algorithms. At the same time, it keeps the overhead low in order to prevent performance degradation.
The information that’s being exchanged across the network is encrypted, and the ecosystem is designed in a way that prevents the decryption of information in transit, even with the most advanced cryptographic attacks, including brute forcing and collusion.
Naturally, the encryption of the data at rest is also equally important to Ethernity CLOUD, and it was designed on a trustless business model. The information is stored across the network. However, decentralized cloud service providers are unable to access, read, modify, or even interfere in any way with the node that runs on their machine.
Members of the network, by default, are considered untrustworthy – as it is with other blockchain networks. The software code enforces and ensures the trust, which reassures the decentralized cloud users about the safety of their data.
In turn, all of the above provides ground for the following benefits:
- Ethernity CLOUD is crucial for freedom of speech in the current internet environment where censorship is prevalent.
- It can be used as a base infrastructure for an online library.
- It can be the answer to competitive decentralized services or web applications that demand high availability.
- Can guarantee high availability of online resources through avoiding single points of failure.
PlatoAi. Web3 Reimagined. Data Inteligence Amplifed.
Click here for Free Trial.
Legends: The premium NFT minting platform
Origin Protocol Price Prediction 2021 – Will OGN Hit $5 Soon?
Hedge fund that shorted GameStop closes as $1.13B GME stock offer completes
Active Bitcoin Addresses Reach the Lowest Level in 12 Months
When is the right time to buy Bitcoin?
Indian Police Arrested ”Crypto King” Who Traded Drugs for Bitcoin
PayPal and Visa Lead $300M Funding for Blockchain Capital
7 Altcoins That Make You a Billionaire in 2022
New Bill Aims To Make Paraguay a Global Crypto Hub
Crypto Trader’s $20 Investment Explodes to $1,184,154,683,482 on Coinbase – But He’s Not Cashing Out
Is $SHIB Better Than $DOGE? And Other Crypto ($BTC, $ETH, $CHZ) News From Paraguay
3 Tons of Bitcoin Mining Rigs Will Reportedly Relocate From Guangzhou to Maryland
Battlegrounds Mobile India sending your data to a Chinese Server: Report
Cardano Founder: Ethereum Will Overtake Bitcoin
Terra Virtua’s Mechagodzilla NFT sold for $33,700 by Blockmuse
Every quad witching, this Chainlink price trend can be observed
MATIC, USDT, BAL, WBTC + 3 more cryptocurrencies now available for trading on CoinJar
Despite the Bounce: Bitcoin Might Still Retest $24K as Final Leg Down
John McAfee’s Strange Suicide Leads To Even Stranger Conspiracy Theories
‘Bitcoin’s six-week run of outflows has been driven’ by these factors
Blockchain1 week ago
GSA To Add Litecoin For The First Time In Upcoming Cryptocurrency Auction
Uncategorized1 week ago
The World Bank wants no part in El Salvador’s Bitcoin revolution
Blockchain1 week ago
Survey: Hedge Funds Intend To Hold $300 Billion In Crypto Within 5 Years
Uncategorized1 week ago
Healthcare: A trillion dollar opportunity for blockchain?
6 days ago
Alinity talks ASMR meta, Amouranth and indiefoxx Twitch bans
Blockchain5 days ago
Coin Cloud Set to Operate 2000 Crypto Kiosks This Year
Uncategorized6 days ago
Sichuan Shutdown Order Cripples Chinese Bitcoin Mining Pools
Blockchain1 week ago
Coinbase Pro to List Dogecoin Rival Shiba Inu, Token Gains 33% in Price