Ledger Hack Database Dumped on Public Forum

Reading Time: 3 minutes
  • The database of Ledger hack victims, which includes the physical addresses of over 250,000 customers, has been publicly dumped on a hacker forum
  • The Ledger hack took place in June with the details selling for six figures
  • Ledger acknowledged that the information was genuine and could now face lawsuits

The Ledger hack database containing the personal details of over 250,000 customers and over a million newsletter subscribers’ email addresses has been publicly leaked months after it first emerged on the dark web. The list had been trading hands for huge sums ever since its emergence earlier in the year, resulting in affected users being inundated with emails, phone calls, and SMS messages, but the list going public brings with it a whole new level of risk for affected customers.

Ledger Hack Details Freely Available

News of the Ledger hack public dump came via data breach monitoring site Under the Breach, who Tweeted about it late Sunday:

Data breach alert site ‘have i been pwned?’ picked up the news and added it to their database, altering subscribers to the release of their personal details, which included the physical addresses, email addresses, and phone numbers of Ledger website customers. Ledger confirmed that the data was real in a tweet of their own which only addressed the potential cyber-attacks and not the physical attacks that users are suddenly now vulnerable to:

In the tweet thread, Ledger said that it was a “massive understatement to say we sincerely regret this situation” and that they were working with French authorities to try and track down the perpetrators. This was scant relief for affected users:

Security Advice Offered by Crypto OGs

The actual Ledger hack took place in June but was only realized in July when a bug bounty hunter discovered that an “unauthorized third party” had managed to breach the company’s cybersecurity defenses and made off with the prized data. The database has been exchanging hands for six figure sums ever since, according to replies on the Raidforums site, with the public dump wiping out any money making potential from the data.

Ledger hack victims were quick to seek advice on how to protect themselves going forward, with cryptocurrency OG @notsofast giving a great rundown of next steps to take if you are in the list:

Talk of a class action lawsuit against Ledger had been rumbling ever since news broke in July, but with the list now made public the chances of legal action have intensified.