The Ledger data breech.

in #cryptocurrency4 years ago (edited)

image.png

Hello Crypto friends

Just a quick blog this time about the recent data breech that targeted the ledger company based in France.

So just to recap Ledger is a French company that manufactures the Ledger hardware wallet. But what is the Ledger hardware wallet anyway? It’s a silver USB looking device that holds the private key to your cryptocurrency.

As far as I’m aware it’s the safest way to store your cryptocurrency because you have full control of the private key. If you choose to leave your cryptocurrency on an exchange or a centralize finance platform then you are taking a risk because you do not have control over the private key.

You simply insert the ledger into the USB of any computer then let the ledger synchronize your private key with the specific blockchain so that it can locate your coins on the chain.

So why do people choose to have this Ledger device? Because as stated above the ledger holds your private key, think of the private key as a proof of receipt. It’s the only way to prove that the cryptocurrency that you purchased really does belong to you.

Think if you just brought a new car, the company gives you a receipt for that car. Then the next day the car gets stolen. If you have kept your receipt the company can give you a new car. However if you have lost your receipt, then it’s as if the car never belonged to you and you will never get a new car back.

The stories and rumours that I have heard so far regarding the Ledger data breech is that the Ledger company had their customers data stolen by hackers. This customer data is now freely available on the dark web for other hackers and scammers to access. Not a great look for the Ledger company.

So, does this mean that hackers can now steal the crypto coins that are currently stored on a person’s Ledger hardware wallet? Not really, the method that these scammers are now trying is called a “phishing” scam.

What is a “phishing” scam. It’s basically a scammer who sends you any type of email pretending to be someone else, pretending to represent the ledger company or some other company. They are basically trying to trick you in to handing over your personal information.

Since the data breech there has now been a huge amount of these “phishing” emails sent out to target those people who have had their data stolen.

How can you tell that one of these emails is in fact a phishing email? One of the tactics that I have seen used by the scammers is the spelling of the word "Ledger". Look closely at the way how they have spelt "Ledger", they have called it "Legder". This is the tactic they use to get around the URL problem as you cant have to URL's with the same address.

These phishing email can look and read every convincing. The golden rule is to NEVER EVER input your 24 seed words into the phishing website or any other private information. The Ledger company have made it very clear that they will never ask you for your 24 seed words.

The 24 seeds words are the backup for your private key. In other words, if you lose your Ledger hardware wallet, your dog ate it, it got ran over by a bus or it got physical stolen its ok because it is protected by a password pin number. (Obviously you never store the password pin number and the Ledger in the same place).

Yes, you will have to buy another Ledger but to restore the ledger back to its original state you will have to input those 24 seed words. They are random words such as "House", 'Tree", "Boat", "Cat". Basically impossible to randomly guess but they must be written down on paper and kept off of any digital device.

So, what is a scammer going to do it they got a hold of your 24 seeds words?? Simple, they will reset their own ledger hardware wallet and restore it to your ledger which means that they now have your cryptocurrency now on their own ledger. And now you have just lost all of your cryptocurrency.

So, I will say it again. Never input your 24 seed words into any website no matter how convincing or legitimate it made seem. Keep your 24 seed words hand written down on paper and keep that paper off of any digital device.

Stay safe out there and keep on warning people about these phishing scams. I have no doubt that these scammers are in the process of preparing their next phishing emails.

Cheers guys.

Rob