Ledger users are sending threatening emails after news from the hardware wallet maker that 20,000 more of its customers have been hit by another major data leak.
One or more extortionists using the names Darrin Burlew and Denni Hornig allegedly sent emails to users who claimed that their personal details had been leaked as a result of a loss of data at Ledger in June and July of last year.
Reddit user Crypthomie, a former flight attendant based in the United Arab Emirates, said his Ledger owning father received a message today. The email included his name, home address, and phone number and demanded 0.3 Bitcoin (BTC) or 10 Ether (ETH) — worth roughly $12,000 — or he’d face physical violence. Crypthomie made headlines in the crypto space last by being unable to pay back a $100,000 loan to buy BTC at the height of the 2017 bull run.
“I am taking this very seriously and Ledger has made a very big mistake,” said the Redditor. “I know that those scammers sending emails by hundreds are just trying their luck by creating fear, but when it comes to the safety of your family it’s another story.”
“Don’t be fooled people, no one will come to your home to kill you but this feeling of insecurity is a scandal and Ledger has to do something about it.”
Other Ledger users report receiving similar emails with demands for a crypto ransom to be paid within 24 hours or they will face “horrifying” consequences.
“Are you able to imagine all the possible consequences that can occur to you and your loved ones?” said the scammer in another email. “I hope you do not ruin every little thing for yourself by making the wrong choice.”
This is my actual home address in the email.
I don’t even know what to say, but @Ledger you absolutely useless waste of space.
— Saleh Ahmed Ⓥ (@SalehAhmedd_) January 14, 2021
While real world attacks to steal cryptocurrency are much rarer than hacks or scams, they do occur. Bitcoin engineer Jameson Lopp (who lives off the grid) maintains a list of news articles reporting attacks in “meatspace” to steal cryptocurrency.
The threats come a day after Ledger revealed that data from nearly 20,000 more customers had leaked via Shopify, accusing the platform support team of “rogue members.”
The initial data leak in June and July 2020 involved 1,075,382 email addresses of users who subscribed to the Ledger newsletter and personal information (including home addresses) of 272,853 hardware wallet orders. Cointelegraph stated last month that the hackers responsible for the violation had made all of Ledger’s consumer information publicly accessible, raising the possibility of phishing attacks, extortion and kidnapping.
In response to these threats, Ledger confirmed that it will collaborate with Chainalysis analytics company and others to keep track of the wallets of the scammers. Ledger said that he would disclose all suspicious activities to the law enforcement authorities at which time he could “freeze crypto assets if they landed on exchanges.” Ledger has negotiated a bounty of 10 BTC—approximately $390,000 at the time of publication—”for information leading to successful arrest and prosecution” of the scammers.
However, some Ledger users who feel they are already at risk appear disappointed with the firm’s response, expressing disbelief at the lack of protection and seeking compensation.
“That 10 BTC bounty fund should be given to the affected customers and not the bounty hunter,” said Twitter user CryptoPilot2.
Others pointed out the irony in a firm offering high-end crypto security suffering such a massive data breach. “I was about to buy your wallet and saw the news the next day,” said user illtech8.
“Your entire brand is based upon trust, and now nobody trusts you. There isn’t a recovery from this.”
569 Interactions, 2 today