Ledger Users Get Phishing Phone Calls After Database Leak
3 min read
Owners of Ledger hardware wallets have reportedly been receiving dozens of phishing phone calls after the manufacturer’s database was dumped on hacker sites, revealed Bitcoin advocate and tech entrepreneur Andreas Antonopoulos today.
New attack on #LedgerHack voice calls
I have report from a victim who received a voice call (appeared to come from Sweden) offering "security services" to help "secure the Ledger"
1/
— Andreas M. Antonopoulos (@aantonop) January 15, 2021
As Decrypt reported in late December, over a million customer emails were stolen from Ledger and made publicly available on a hacker site. Shortly after the hack, some Ledger owners began receiving threatening Bitcoin ransom emails. But it looks like malicious actors decided to take it one step further and are resorting to actual phone calls.
“This is a new and more high-touch high-effort attack which is similar to the ‘Windows tech support’ scams that are run out of call centers in low-labor-cost countries,” Antonopoulos tweeted, adding, “While I had previously heard about social engineering attacks via email and SMS, I had not heard about these voice calls. It appears many have been receiving them for weeks.”
After the hack, Ledger CEO Pascal Gauthier told Decrypt that users who had their addresses leaked should not need to move house because scammers were more likely to run lower-cost phishing attacks, such as spoof emails or threatening messages. He also said that the firm won’t be providing any compensation to those who had their data leaked.
After inviting other Ledger users to report similar suspicious calls, Antonopoulos later revealed that he received information about dozens of such interactions, with calls appearing to originate from all over Europe, including the UK, Sweden, and Germany.
I can only confirm. Several calls every day since 8th is January. First mostly from Sweden , wanted to help to invest in crypto (“we help you buy when cheap, and sell when expensive” :)) ) last two days calls from Austria, and one other which I don’t remember, but wanted to secu
— Wojciech Krawczyk (@nazwazajeta) January 15, 2021
“I can only confirm. Several calls every day since 8th is January. First mostly from Sweden, wanted to help to invest in crypto (‘we help you buy when cheap, and sell when expensive’ :)) ) last two days calls from Austria, and one other which I don’t remember,” tweeted Wojciech Krawczyk.
I have received about 10 calls since the Ledger hack. Two times I took up the phone and an english guy talked to me as if he knew me. After that I hung up without saying anything. Blocked the phone numbers. But they keep calling atleast once a month.
— The matrix (@BitcoinTaproot) January 15, 2021
While many users just ignore calls from unknown numbers, some are even going so far as to switch to a new phone number—but that is not a magic bullet against scammers, Antonopoulos warned.
“This is a double-edged sword—if you switch numbers, your old number is available and might be hijacked to impersonate you. You must make ABSOLUTELY SURE you have removed it from everywhere before you switch,” he wrote.
This is the idea that the scammers could take ownership of your old number and then use that to pass two-factor authentication that relies on the mobile number—which would be an easy way to lose money.
