- Ledger hack has left its users’ private data open for hackers and scammers around the world.
- Many have started receiving email threats containing their addresses and request for payments.
- Victims of the hack reported chilling threats in the event that they fail to pay.
Back in mid-2020, the crypto hardware wallet Ledger became a victim of a hack that resulted in more than 1 million email addresses being stolen. At the same time, over 270,000 hardware wallet orders were stolen. The breach made all of this data publicly available, granting it to other hackers and scammers from all over the world.
Now, Ledger announced that data from 20,000 more users was leaked via Shopify, which was followed by a number of threats reaching the users’ emails.
Scammers Use Leaked Data to Threaten Ledger Users and Their Families
According to Ledger, the new data breach was immediately followed by threatening emails from extortionists under the names Denni Hornig and Darrin Burlew. The extortionists claimed that they have the victims’ data, obtained in the hack that took place in June and July 2020.
Some of the cases were published on Reddit, with one particular case coming from a UAE-based former flight attendant. This user said that their father, who is a Ledger owner, received an email that included his name, home address, and even phone number. The person who sent the email requested a payment of 0.3 BTC or 10 ETH, which is around $12,000.
If the victim fails to pay, the extortionist has threatened with violence. Similar reports and threats have been emerging all over the internet, with people being threatened with horrifying consequences unless they pay the requested amount. One example is an email that says “Are you able to imagine all the possible consequences that can occur to you and your loved ones? I hope you do not ruin every little thing for yourself by making the wrong choice.”
Similar messages have been sent to users all over the world, with one email threatening to release the user’s personal data to thieves in their area.
This is my actual home address in the email.
I don't even know what to say, but @Ledger you absolutely useless waste of space.
— Saleh Ahmed (@SalehAhmedd_) January 14, 2021
Of course, real-world attacks connected with crypto in any way are much, much rarer than online threats and scams. One BTC engineer, Jameson Lopp, even has a list of articles on the topic. As for Ledger, it said that it will start working with Chainalysis and other companies to try to track scammers’ wallets, and that all illicit transactions will be reported to the authorities. Meanwhile, the company is offering a 10 BTC ($390,000) reward for information that would lead to the scammers’ arrests.