Ledger, one of the most popular hardware wallet providers in the crypto industry, has faced several difficulties in the past few weeks, including a breach of the company’s customer contact database and a security hole in the wallet that put users bitcoin (BTC) at risk. Are recent events just a summary of a difficult few weeks, or are some major decoding operations at stake?
Charles Gillimet, Ledger’s chief technology officer, told Cointelegraph: “In connection with the database breach, the attacker obtained unauthorized access to a portion of our e-commerce and marketing database using a misconfigured third-party API key on our site. The mail. And order data for our customers are permitted. ”
General ledger data has been violated
The breach dates back to June and July 2020. Ledger received a notice on July 14 mentioning the company’s website and a potential vulnerability associated with it, as detailed in a Cointelegraph report. Although Ledger fixed the issue after the tip, the company found that someone exploited the vulnerability as early as June 25, resulting in nearly a million email addresses being leaked. 9,500 affected customers saw other private information such as phone numbers and leaked names.
According to Guillemet, Ledger fixed the issue and disabled the problematic API key on the same day. “Additionally, payment information, credentials (passwords) or encrypted funds were not affected,” he added. “This data breach does not affect our device wallets or the Ledger Live app,” he said. “Clients’ encrypted assets have always been secure and not at risk,” he said, praising the installation of a Ledger for Security as it gives users the power to recover money.
Jake Yocom-Piatt, project head at Cryptocurrency Decred, said he was not surprised by the incident as companies tend to be less cautious about defending the e-commerce database. “When your primary product is a secure device, it is easy to forget that the security of your e-commerce software system matters as well,” he told Cointelegraph, adding: “Many large companies see software security as an expensive cost because it does not bundle their core product offerings, so They can’t market it and make a profit. ”
The governor had a security flaw in the software
Soon after the hack, Ledger device owners read about another wallet issue of their choice on August 5 when a vulnerability appeared in their software. The hole essentially formed a bridge between Bitcoin and its various forks such as Litecoin (LTC). Due to the flaw, attackers can perform a transaction that appears linked to one asset, while a transaction confirmation on the device confirms the authorization of a separate transaction to another asset – without the knowledge of the wallet owner.
Ledger released a software update the same day the issue was resolved. When asked for additional comments on August 26, Ledger’s PR representative referred to an explanation of the situation on the company blog posted on August 5, stating that a bounty hunter had found the vulnerability, leading to Ledger’s aforementioned update in response. “We want to assure you that this vulnerability cannot be used to obtain sensitive data such as your private key or your recovery phrase,” Ledger said in the description.
Ledger portfolios are still functional
Despite recent difficulties, ledger wallets remain a popular option for storing crypto. “The ledger and other hardware wallets are an important security upgrade for the average cryptocurrency user because they prevent remote access attacks – such as keylogging – from succeeding,” Yocom-Piatt said, adding:
“However, the anti-theft protection that comes with a hardware wallet usually comes with a significant drop in privacy because the hardware wallet provider can see exactly which currencies the wallet controls.”
Twitter user CryptoGainz tweeted about the issues he ran into while working with his ledger wallets on August 13th, citing unreliable software. Although the suspension came shortly after the vulnerability issue on August 5th, the situation turned out to be irrelevant as CryptoGainz was still expressing confidence in the wallet company as a crypto storage option.