Ledger users are receiving threatening emails in the wake of the hardware wallet manufacturer reporting that 20,000 more of its customers have been affected by another massive data breach.
One or more blackmailers using the names Darrin Burlew and Denni Hornig have reportedly sent emails to users saying their personal information was released as a result of the Ledger data breach in June and July last year.
Reddit user Crypthomie, a former flight attendant based in the United Arab Emirates, said his Ledger father received a message today. The email contained his name, home address and phone number and demanded 0.3 Bitcoin (BTC) or 10 Ether (ETH) – worth about $ 12,000 – otherwise he would suffer physical violence. Crypthomy was the last to make headlines in the crypto space being unable to repay a loan of $ 100,000 to buy BTC at the height of the 2017 bull run.
“I take this very seriously and Ledger has made a very big mistake,” said the Redditor. “I know those scammers who send hundreds of emails try their luck by creating fear, but when it comes to the safety of your family, it’s a different story.”
“Don’t be fooled people, no one comes to your house to kill you, but this feeling of insecurity is a scandal and Ledger needs to do something about it.”
Other Ledger users report that they have received similar emails demanding to pay a crypto ransom within 24 hours, otherwise they will face “horrific” consequences.
“Can you imagine all the possible consequences that could affect you and your loved ones?” said the scammer in another email. “I hope you don’t ruin everything for yourself by making the wrong choice.”
F ** k sake!
This is my real home address in the e-mail.
I don’t even know what to say, but @Global your absolutely useless waste of space.
– Saleh Ahmed Ⓥ (@SalehAhmedd_) January 14, 2021
While real-world attacks to steal cryptocurrency are much rarer than hacks or scams, they do occur. Bitcoin engineer Jameson Lopp (who lives off the grid) maintains a list of news articles reporting attacks in “meatspace” to steal cryptocurrency.
The threats came a day after Ledger announced that data from about 20,000 additional users had been leaked through Shopify, which ‘rogue members’ blamed the platform’s support team.
The original data breach in June and July 2020 including 1,075,382 email addresses of users who subscribed to the Ledger newsletter, and the personal information (including home addresses) from 272,853 hardware wallet orders. CoinTelegraph reported last month that the hackers were responsible for the breach made all Ledger customer data publicly available, increasing the risk of phishing attacks, blackmail and kidnapping.
In response to these attacks, Ledger stated it would partner with analytics firm Chainalysis and others to keep track of the scammers’ wallets. Ledger said it will report any unauthorized transaction to law enforcement, after which it could be able to “freeze the crypto assets if they hit exchanges.” Ledger also arranged a bounty of 10 BTC – about $ 390,000 at the time of publication – “for information leading to successful arrest and prosecution” of the crooks.
However, some Ledger users who think they are still at risk seem unhappy with the company’s response, expressing disbelief at the lack of security and demanding compensation.
“That 10 BTC bounty fund should be given to the affected customers and not the bounty hunter,” said Twitter user CryptoPilot2.
Others pointed to the irony that a company offering high-end crypto security is suffering from such a massive data breach. “I was about to buy your wallet and saw the news the next day,” said user illtech8.
“Your entire brand is based on trust, and now no one trusts you anymore. No recovery is possible from this. “