• by Ray Schultz , December 21, 2020

Over 1 million email addresses were leaked along with other data from Ledger, a cryptocurrency wallet company, and offered on the hacker website Raidforms, raising fears about the security of online currency, according to reports.  

Also exposed were physical addresses and phone numbers, but not financial information, the company says. 

The alleged hack reportedly was discovered in June. 

Ledger CEO Pascal Gauthier said in a Monday post: “At the time of the incident, in July, we engaged an external security organization to conduct a forensic review of the logs available.”

“This review of the logs enabled us to confirm that approximately 1 million email addresses had been stolen as well as 9,532 more detailed personal information (postal addresses, name, surname and phone number) that we were able to specifically identify,” Gauthier said.

However, Gauthier adds that the “database publicly released yesterday shows that a larger subset of detailed information has been leaked, approximately 272,000 detailed information such as postal address, last name, first name and telephone number of our customers.”

Gauthier notes: "We are aware that many of you have been targeted by e-mail and SMS phishing campaigns and that it’s clearly a nuisance." In Ledger’s name, we very deeply regret this situation. We are aware that many of you have been targeted by e-mail and SMS phishing campaigns and that it’s clearly a nuisance. I know this breach is disappointing at best and infuriating at worst.

At least one hacker threatened legal action, according to Cointelegraph.

Cointelegraph reports that the hack “reportedly includes 1,075,382 email addresses from users subscribed to the Ledger newsletter, and 272,853 hardware wallet orders with information including email addresses, physical addresses, and phone numbers.”

Gauthier warns Ledger users that most online scammers will be trying to steal their 24-word recovery codes. 

He urge users to “NEVER ever share your 24 words with ANYONE. Not even Ledger. We will never ask you for them.” But he maintains that their online funds are safe.