Attacks began targeting some Ledger users after a major data breach left them exposed
After the breach, affected Ledger users turned to social media to express frustration, reporting that the company offered little immediate assistance. Based on user complaints, the attacks started soon after the breach and the number of victims appears to be growing.
Ledger has faced heavy criticism since the June incident that exposed sensitive user data. The company confirmed that its e‑commerce marketing database was compromised on June 25, but the breach was not discovered right away. Ledger only became aware of the issue nearly three weeks later, after a researcher reported it on July 14.
About one million users’ email addresses were leaked. Some customers had additional information exposed—such as phone numbers and home addresses—which were also included in the release.
Many users reported receiving phishing emails, and others said they had lost funds. Those whose contact details were exposed also received malicious text messages. Worse, reports indicated that the leaked data was uploaded to Raidforums, a forum known for sharing databases and selling data.
“Today we were alerted to the dumping of content from a Ledger customer database on Raidforum. We are still confirming, but early signs indicate that this could well be the content of our June 2020 e‑commerce database,” the Ledger team posted on Twitter.
Scammers quickly seized on the leaked data and are now using it to launch targeted attacks.
Security commentator Ivan on Tech warned on Twitter: “Scammers are getting wild. They are sending fake emails pretending to be Ledger, apologizing for the data leak and asking you to install the ‘latest version’. WARNING!!”
Ledger said it contacted French law enforcement to handle the situation and that it is working to contain and remediate the incident. The company also posted a notice on its homepage warning users about active phishing campaigns.
Beyond phishing, users reported SIM swap attacks and there is concern about potential extortion attempts, since physical addresses were also leaked. So far, no reimbursements have been issued, and Ledger’s CEO has said refunds are not feasible.
Speaking to Decrypt, CEO Pascal Gauthier said: “When you have a data breach of this magnitude for a company this size, we will not reimburse a million users across all devices—it’s simply not possible.”