{"id":33332,"date":"2020-12-14T13:59:27","date_gmt":"2020-12-14T11:59:27","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=33332"},"modified":"2025-08-28T13:17:45","modified_gmt":"2025-08-28T10:17:45","slug":"ledger-users-lose-another-60-btc-to-a-fake-data-leak","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/ledger-users-lose-another-60-btc-to-a-fake-data-leak\/","title":{"rendered":"Ledger users lose another 60 BTC to a fake data leak"},"content":{"rendered":"<p>Unknown attackers continue to rob Ledger hardware-wallet users through a phishing campaign. This time they are offering to update the wallet following an alleged leak of personal data of 115,000 customers. ForkLog said this was reported by a user.<!--more--><\/p>\n<p>Posing as Ledger chief executive Pascal Gauthier, the hackers claimed that &#8216;on December 8, security researchers recorded unauthorized third-party access to one of Ledger Live&#8217;s internal servers&#8217;.<\/p>\n<p>The data breach allegedly affected confidential data of about 115,000 customers, including personal information, private and public keys, and the amount of cryptocurrency stored in the wallet.<\/p>\n<div id=\"attachment_119458\" style=\"width: 1144px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-119458\" class=\"size-full wp-image-119458\" src=\"https:\/\/u1f987.com\/wp-content\/uploads\/Snimok-ekrana-2020-12-11-v-08.38.29.png\" alt=\"Ledger users lose another 60 BTC to a fake data leak\" width=\"1134\" height=\"944\" srcset=\"https:\/\/u1f987.com\/wp-content\/uploads\/Snimok-ekrana-2020-12-11-v-08.38.29.png 1134w, https:\/\/u1f987.com\/wp-content\/uploads\/Snimok-ekrana-2020-12-11-v-08.38.29-300x250.png 300w, https:\/\/u1f987.com\/wp-content\/uploads\/Snimok-ekrana-2020-12-11-v-08.38.29-1024x852.png 1024w, https:\/\/u1f987.com\/wp-content\/uploads\/Snimok-ekrana-2020-12-11-v-08.38.29-768x639.png 768w\" sizes=\"auto, (max-width: 1134px) 100vw, 1134px\" \/><\/p>\n<p id=\"caption-attachment-119458\" class=\"wp-caption-text\">An example of a phishing email from the attackers.<\/p>\n<\/div>\n<blockquote>\n<p>&#8216;If you have received this email, you have been affected by the leak. To ensure your assets are safe, install the latest Ledger Live version and follow the instructions to create a new wallet PIN,&#8217; the letter says.<\/p>\n<\/blockquote>\n<p>The hackers tailor their operation to the current agenda. On December 8, Ledger Support&#8217;s Twitter account did indeed announce the release of a fresh Ledger Live update.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p dir=\"ltr\" lang=\"en\">Ledger Live v2.18.0 is out<\/p>\n<p>It brings a rework to our value system and adds some new fiat options<\/p>\n<p>You can also use your own <a href=\"https:\/\/twitter.com\/hashtag\/BTC?src=hash&#038;ref_src=twsrc%5Etfw\">#BTC<\/a> full node! Keep in mind it\u2019s currently an Experimental Feature<\/p>\n<p>\u26a0\ufe0fThis update is available within Ledger Live, never click on any email links for it\u26a0\ufe0f<\/p>\n<p>\u2014 Ledger Support (@Ledger_Support) <a href=\"https:\/\/twitter.com\/Ledger_Support\/status\/1336347072434409472?ref_src=twsrc%5Etfw\">December 8, 2020<\/a><\/p>\n<\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>ForkLog has found a new, previously unpublished <a href=\"https:\/\/www.bitcoinabuse.com\/reports\/bc1qw350qw83ddmnvd6c37mjjettp3jr724nt9k9wm\" target=\"_blank\" rel=\"noopener noreferrer\">attacker address<\/a>. According to blockchain.com, the address was first used on November 29. On December 4, it received <a href=\"https:\/\/www.blockchain.com\/btc\/tx\/be1f21022928b5e38adc4b141806fee6e4301d27f0df8ae3a3adb411091140ae\" target=\"_blank\" rel=\"noopener noreferrer\">42 BTC<\/a> in a single transaction.<\/p>\n<p>As of writing, the address holds 60.19 BTC. The last report on it was made on December 11.<\/p>\n<p>ForkLog urges Ledger wallet owners to stay vigilant, not to follow external links, and to verify the information with the company&#8217;s official channels.<\/p>\n<p>In late October, Ledger hardware-wallet users have faced a <a href=\"https:\/\/u1f987.com\/en\/news\/ledger-users-report-mass-phishing-attack\">mass phishing attack<\/a>. The hackers send them emails asking to install an emergency update, through which they gain access to the cryptocurrency.<\/p>\n<p>Earlier victims linked the attack to the July data breach of <a href=\"https:\/\/u1f987.com\/en\/news\/ledger-reports-data-breach-affecting-around-one-million-users\">about a million users<\/a> from the marketing database. However the wallet developers did not confirm this assumption.<\/p>\n<p>In early November, the stolen funds moved. The hackers transferred <a href=\"https:\/\/u1f987.com\/en\/news\/hackers-moved-1-15-million-xrp-stolen-from-ledger-users\">1.15 million XRP<\/a> in five payments to an address on the Bittrex exchange and sent <a href=\"https:\/\/u1f987.com\/en\/news\/organisers-of-phishing-attack-on-ledger-users-move-107-btc\">107 BTC<\/a> to two Bitcoin wallets. Later, 51 BTC from this amount <a href=\"https:\/\/u1f987.com\/en\/news\/some-of-the-bitcoin-stolen-from-ledger-users-ends-up-on-binance\">ended up on the Binance exchange<\/a>.<\/p>\n<p>Subscribe to ForkLog&#8217;s Telegram updates: <a href=\"https:\/\/t.me\/forklogfeed\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ForkLog Feed<\/a> \u2014 the full news feed, <a href=\"https:\/\/telegram.me\/forklog\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">ForkLog<\/a> \u2014 the most important news and polls.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Unknown attackers continue to rob Ledger hardware-wallet users through a phishing campaign. This time they are offering to update the wallet after an alleged leak of personal data of 115,000 customers. ForkLog said this was reported by a user.<\/p>\n","protected":false},"author":1,"featured_media":33333,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1154,1188,1640],"class_list":["post-33332","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-crimes","tag-data-breach","tag-ledger"],"aioseo_notices":[],"amp_enabled":true,"views":"23","promo_type":"1","layout_type":"1","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/33332","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/comments?post=33332"}],"version-history":[{"count":1,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/33332\/revisions"}],"predecessor-version":[{"id":33334,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/posts\/33332\/revisions\/33334"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media\/33333"}],"wp:attachment":[{"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/media?parent=33332"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/categories?post=33332"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/u1f987.com\/en\/wp-json\/wp\/v2\/tags?post=33332"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}