What do you usually do when you buy something on Amazon? Can you buy goods or services without giving your name or address? It is possible to give a fake name and an address of a post pick up station. However, it’s such a pain to have to go to such a station to pick up the parcel as you could have gotten it in front of your doorstep. Giving a pseudo name has now, in many countries, become impossible. As the darknet has pushed a lot of illicit trade through such boxes, providers now ask for KYC, hence requiring your real information.
Nevertheless, this post is about the Ledger database hack and why you may want to be hesitant in getting one. Recently, Ledger, the company situated in France, had a critical data leak. One million customer emails and e-commerce documents were stolen by an unknown entity (Malwa, 2020). It is important to state that there were no funds stolen. But even though customers’ funds were not stolen it remains a huge problem because their personal data is exposed somewhere in the darknet. We will explain why this is a problem.
Thieves
Thieves adapt themself to the current situation. They do their research and increasingly burglaries at people’s homes happen where they do not only steal your jewellery or cash. They are also looking for a specific, small device. The ledger. They take the ledger to try and hack it later, or with a little bit of luck, they might also find the mnemonic stored next to the ledger, which gives them instant access to all the funds.
Robbery at Gunpoint
Sometimes easier than trying to hack someone or searching for the 24 words in someones’ house is getting it in real life. With the Crypto, a revolution came also a lot of brick and mortar stores which would sell you bitcoins, or other cryptos, over the counter. The problem is the following. In Canada, more specifically Ottowa, a store is located called Canadian Bitcoins. In 2018 some youngsters walk into the Bitcoin store with a Gun and tie up 4 of 5 employees of the store demanding cryptocurrencies at gunpoint. One of the employees is luckily in the back and can call the police. Before the transaction happens the Police arrive and arrest the thieves. You may not be a brick and mortar store, but your relatives could become potential targets for similar attacks.
Phishing mails
Everyone received some sort of phishing email in their lives. Nowadays, email providers are doing quite a good job filtering those out and sending them to your Spam folder. Nevertheless, sometimes they manage to get through those virtual barriers and you could fall for a very expensive but well-made gig. We’ll illustrate to you an example of how this could be looking like:
Hey Jason.
We hope you are happy with the Ledger Nano X you purchased on 12.04.2020.
To offer you our gratitude, we would like to send you a special offer to get the new Ledger Nano S for only $20! We already have all your details, so all you have to do is send 0.00174 BTC to this address <address> and we will send you your ledger!
Kindly, the Ledger team
Or
Hey Jason.
We hope you are happy with the Ledger Nano X you purchased on 12.04.2020.
There have been reports of fraudulent devices being in circulation. Your device with the serial number “FK29JG9R29G2J” seems to be affected. To verify that your device has not been affected, please send us the 24-word seed that you generated after receiving the ledger. Using the seed, we can check if you are vulnerable or not, and if you are, we will send you a new device free of charge and help you with the migration.
The problem with such emails is that they are truly catchy and with the personal details in the email, like the date of purchase, the email looks very official and you might end up trusting the email. That’s when you lose your funds or just send money to the attacker.
Always remember: If it sounds too good to be true, it’s probably not true. So don’t fall for it.
With the above-stated scenarios imagine what could happen if you are one of those ledger users who got their data stolen. It is inevitable that this data is being used for fraudulent activities. Currently, the data sets are being sold on the Darknet for a hefty amount. If someone buys these data sets, we will not know how far it goes and if you soon will find a burglar at your house searching for your ledger or holding someone at gunpoint to deliver mnemonics. It is a disaster from a consumer’s perspective, people would not think that anyone would go through the trouble of trying to steal your coins as you are sure your ledger is unhackable. Please bear in mind that if you have enough money to buy a ledger worth 55$ upwards then you most certainly didn’t just store 200 bucks worth of crypto on it.
Use AirGap Without Sharing Your Personal Information
With AirGap, you never have to worry about getting your personal information stolen. AirGap cannot store any personal information because you never have to sign up anywhere. The AirGap solution is also available in seconds so no need to worry about shipments taking days. Being anonymous in this space is the safest thing you can do. The less information you have to provide when setting up a cold wallet the better it is. Another advantage of AirGap regarding the points above is that burglars will not consider a phone a crypto wallet. It could just be an old or secondary phone. And due to the activation lock on modern devices, burglars know that they cannot use them and run the risk of being tracked via GPS, so they won’t take it and your crypto stays safe.
If you have any questions regarding migrating your cryptos from Ledger to AirGap, don’t hesitate to contact us at hi@airgap.it
Please bear in mind to never send your 24 mnemonics to anyone. If you lose the passphrase there is, unfortunately, nothing that can be done. Additionally, if your funds got stolen, it will not be possible to track the transaction and find the person who took your funds.
Download
AirGap Wallet
💻 macOS
💻 Windows
💻 Linux
📱 iOS — App Store
📱 Android — Google Play (GitHub APK)
AirGap Vault
📱 iOS — App Store
📱 Android — Google Play (GitHub APK)
Interested in AirGap? Stay in touch. give us feedback
