‘Ledger’ Customer Database Appeared on ‘RaidForum’

Last updated September 17, 2021
Written by:
Bill Toulas
Bill Toulas
Infosec Writer

‘Ledger’ has acknowledged the appearance of a dump containing customer details on the platform ‘RaidForum,’ a clearnet space where confirmed database leaks appear and become available for download. That’s usually long after dark web actors have had time to exploit the data, sold it to others, and generally squeezed every bit of value contained in a set.

Indeed, this seems to be the same data that was stolen during a July 2020 security breach that was thought to have affected about 85,000 users. This was followed by a wide-reaching phishing campaign in October 2020.

The users affected by this incident had already been alerted months ago, so the appearance of their details online shouldn’t have an immediate negative effect on them other than an additional spam/phish annoyance. The most frequent examples of scamming attempts reported by the users are emails claiming that their Ledger is deactivated, which could be scary for inexperienced investors.

Ledger is a hardware wallet platform where people can store their cryptocurrency assets securely, buy or sell Bitcoin (and another 1500 crypto), and control everything from a single point. Ledger combines the security of a hardware wallet that stores the private key on an ANSSI-certified chip with the “Ledger Live” app’s versatility. It features powerful verification systems to ensure that only the owners have access to their wallets.

What appeared online now is a text file containing the email addresses of over a million people who were subscribed to the Ledger newsletter and another text file containing the names, phone numbers, and mail addresses of roughly 273,000 people who bought a Ledger wallet. This second one is the most sensitive, although it should be noted that it still isn’t catastrophic or compromising for the wallets. It’s just what opens up a channel for phishing actors to act against the wallet owners.

Source: Bleeping Computer

If you happen to receive an email claiming any issues with your Ledger, asking you for the recovery phrase or a change on your PIN, do not follow any links contained in the email and do not download any applications. There have been reports about cloned Ledger Live apps circulating out there in the past couple of months, so beware. Now that crooks know your home address too, you may receive fraudulent instructions via post mail, tricking you into thinking this is legitimate, but it’s not.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: