SALES, RENTALS & LAYAWAYS

PROTECTING EVERYTHING THAT HAS EVER BEEN OF VALUE TO YOU

Open 24/7/365

We Have A Life-Time Warranty /
Guarantee On All Products. (Includes Parts And Labor)

Ultimate Resource On Ledger Hardware Wallet (#GotBitcoin?)

French hardware wallets manufacturer Ledger announced that its cryptocurrency management software Ledger Live now supports Ethereum (ETH) ERC-20 tokens. Ultimate Resource On Ledger Hardware Wallet (#GotBitcoin?)

In a blog post published on Sept. 5, Ledger announced the version 1.14.0 of its Ledger Live software that now supports over 1,250 Ethereum-based ERC-20 tokens. The update has already been released for both mobile and desktop versions of the software.

More Assets To Be Supported In The Future

The Ledger Live application allows users of the company’s hardware wallets such as Ledger Nano S or Ledger X to manage their devices and cryptocurrencies. The firm also promises to add support for more assets in the future:

“While the ERC-20 token integration has brought a plethora of new cryptocurrencies to Ledger Live, we still aim to add even more crypto assets to the platform.”

As Cointelegraph reported, in March Ledger has unveiled vulnerabilities in its direct competitor Trezor’s devices. Prague-based crypto wallet manufacturer Trezor, on the other hand, has responded to Ledger’s report by claiming that none of these weaknesses are critical.

Updated: 12-10-2019

Ledger Live Adds Support For Tezos And Staking, Adds Features To Hardware Wallets

Hardware wallet manufacturer Ledger has announced the latest version of its Ledger Live application, adding support for Tezos (XTZ) and Tezos staking.

Unveiled last year, Ledger Live is a software solution that allows Ledger hardware wallet users the ability to manage their digital assets via a smartphone or computer. Ledger Live lets users check their cryptocurrency balance and send or receive tokens, while maintaining control of their private keys. Ledger CEO Pascal Gauthier told Cointelegraph:

“Ledger aims to combine security with a seamless user experience. The announcement with Tezos is exactly part of this mission. Ledger Live makes it easy to use crypto, while Ledger hardware wallets provide a high level of security. Ledger Live users can now create or import Tezos accounts, stake XTZ and passively earn rewards.”

From Hardware to Software

While adding support for XTZ creates an additional layer of security for token holders, it is noteworthy that Ledger Live lets users grow their digital assets through staking, which is a way for crypto holders to earn passive income.

XTZ operates on a proof-of-stake blockchain protocol. While Bitcoin and other cryptocurrencies operate using proof-of-work systems — in which miners compete against each other to complete transactions on the network to get rewarded — the Tezos blockchain requires all token holders to participate in securing and maintaining the network.

The aim of Tezos is to help token holders work together to make decisions that will improve the protocol over time. In turn, Tezos rewards users for contributing to the network’s security, a process known as staking (or “baking” in Tezos terminology).

Although staking Tezos is important for maintaining the network, this feature is typically available to users through major cryptocurrency exchanges, like Binance and Coinbase. Yet, according to Gauthier, this has been problematic due to the questionable level of security on these exchanges.

Gauthier pointed out that storing XTZ on a Ledger hardware wallet and then providing users with a platform to stake Tezos creates a much more secure solution. Moreover, he noted that the cryptocurrency industry is heading in a direction where hardware capabilities are being combined with software features:

“Hardware will always be important. Our customers like being able to store their crypto on a Nano, which remains the most secure hardware wallet on the market. But we have to think about where the industry is growing and going – and offering Tezos staking on Ledger Live is a signal that we are moving in a direction where strong UX coupled with less friction, allows customers to interact and transact with their crypto easily, quickly and still securely.”

Staking Tezos is an example of how Ledger Live aims to integrate new services seamlessly within a single application on a smartphone or computer.

“We expect to bring more prominent features via software to our users in the future,” noted Gauthier.

Giving Users More Control

Additionally, since Tezos operates on a proof-of-stake consensus model, users can either participate by staking or by delegating their tokens to those who can stake for them. In order to stake Tezos, users must have at least 8,000 XTZ tokens. However, users can delegate their tokens to a delegation service — known as “bakers” in the Tezos community — without transferring their ownership. This allows all participants the ability to earn the rewards generated, minus the validator’s commission.

Major exchanges that provide Tezos staking also offer a delegation service and typically charge commission fees on all rewards received. Unlike those exchanges, Ledger Live lets users choose who to delegate their tokens to without applying additional fees.

“We’ve been working closely with the Tezos community to make staking more convenient. On major exchanges, users have to do everything themselves, meaning they have to find someone to delegate their coins to or go through a custodian. Ledger Live empowers users to make their own choices by allowing them to choose who to delegate their tokens to. This is part of the nature of our open platform. We want to make sure users can access their entire crypto journey through Ledger Live,” said Gauthier.

How Will The Community React?

While the integration of Tezos is important for Ledger Live to widen the array of services offered on its platform, which currently supports 1,250 ERC-20 tokens, the impact of the development will be measured by its resonance with the Tezos community.

“It will be interesting to see how the Tezos community receives the Ledger partnership,”

President and Founder of TQ Tezos, Alison Mangiero, told Cointelegraph. “Right now we have external development teams working on applications that have been integrated into Ledger, but this makes for a much more seamless user experience. It will also be interesting to see new features incorporated into Ledger Live when upgrades are made to the Tezos protocol.”

Updated: 3-6-2020

Ledger Wallet Warns of Fake Google Chrome Extension Stealing Crypto

Major cryptocurrency hardware wallet supplier Ledger has warned its users about another phishing attack trying to steal their crypto — this one using a Google Chrome extension.

In a March 5 tweet, the French crypto company specified that there is a fake extension on Google Chrome browser that attempts to steal users’ crypto by asking them to enter their 24-word recovery phrase to access their wallet.

Ledger Live Gets Removed From The Chrome Web Store

The phishing attack was reported by Catalin Cimpanu, a cybersecurity reporter at business technology news website ZDNet on March 4. According to Cimpanu, the malicious Chrome extension was first discovered by Harry Denley, director of security at blockchain interface platform MyCrypto.

According to the report, the fake Chrome extension is called Ledger Live. It tries to mimic the real mobile and desktop application Ledger Live that allows Ledger wallet users to approve transactions by syncing their hardware wallet with a trusted device.

As of press time, the fake Ledger Live extension had apparently been removed from the Chrome Web Store. According to the report, the phishing extension was downloaded at least 120 times before it was taken down.

Fake Extension Was Advertised By Google Ads

As reported by ZDNet, the malicious extension was trying to mislead users into thinking that it represented the Chrome version of the original Ledger Live app, which would allow them to check balances and approve transactions via Chrome. Users were apparently offered to install the extension and connect their Ledger wallet to it by entering the wallet’s seed phrase — a backup phrase or word seed used to get access to their wallets.

MyCrypto exec Denley, who first uncovered the phishing attack, reportedly ridiculed the malicious extension by claiming that it makes no sense to install and use such an extension with a hardware wallet that is meant to protect funds by storing cryptocurrency offline.

However, Denley still admitted that he would not be surprised if the fake extension has tricked people, adding that it’s a “big problem in the cryptocurrency area, to teach people their private keys/mnemonics should stay offline.” The malicious extension could apparently have misled some users, taking into account the fact that it was advertised by Google’s online advertising platform Google Ads, as reported by Denley.

In the warning announcement, Ledger emphasized that the platform would never ask its users for their recovery phrase, urging that to never share the 24-word seed phrase or enter it into any device connected to the Internet. This is, however, not the first time that Ledger users encountered a fake Chrome extension. As reported by Cointelegraph in early January, another malicious Chrome extension stole about $16,000 in privacy-focused cryptocurrency Zcash (ZEC).

Updated; 7-6-2020

Ledger Crypto Wallet Claims Purported Vulnerability Is User Experience Flaw

Ledger’s chief technology officer Charles Guillemet said that the recently revealed vulnerability is nothing more than a user experience flaw.

Leading crypto hardware wallet producer Ledger has denied that its product’s transaction management software featured a double-spend vulnerability.

According to Ledger’s CTO Charles Guillemet, the vulnerability recently revealed by software wallet ZenGo is — in fact — nothing more than a user experience flaw. He illustrated the nature of its hardware wallet companion software Ledger Live to Cointelegraph:

“It’s important to understand that rather than an attack, the actual flaw may be seen more as a clever piece of trickery. Trickery is not a vulnerability. However, we do want to prevent anyone from falling victim to these kinds of clever schemes. […] It’s just a UX issue that could be used by a dishonest product buyer. ”

The Claims Are Not New

ZenGo’s claims are closely related to those released by Bitcoin Cash (BCH)-focused firm BitcoinBCH at the end of 2019. At the time, the firm’s CEO Hayden Otto explained in a video how a Bitcoin (BTC) point-of-sale solution misled merchants into believing non-confirmed transactions were final and accepting them.

Like BitcoinBCH, ZenGo noted that Bitcoin’s replace-by-fee (RBF) feature can easily allow users to replace an unconfirmed transaction with a new one with a different target address that has a higher fee. It is worth noting that this feature only makes it easier to leverage the non-finality of unconfirmed transactions, a thing that is harder, but still possible without RBF.

Furthermore, ZenGo’s report also points out that RBF “does not introduce any new vulnerabilities in itself” and instead “it explicitly puts the responsibility on wallet applications and users’ to identify unconfirmed transactions as unsafe.” This is confirmed by Guillemet:

“We want to thank ZenGo for having responsibly disclosed this issue to us. […] We do want to prevent anyone from falling victim to these kinds of clever schemes. A way to prevent this is of course to make sure that any transaction is first confirmed. Ledger Live is releasing an update on July 2nd. A warning is now displayed on pending transactions.”

ZenGo said that it was awarded a bug bounty for bringing attention to the issue.

Updated: 7-29-2020

Data Breach At Crypto Wallet Firm Ledger Exposes User’s Personal Info

Hardware wallet provider Ledger said its marketing database was breached between June and July.

Major cryptocurrency hardware wallet provider Ledger has alerted customers to a data breach it faced in June and July.

In an email on July 29, the company said it was made aware of the breach on July 14 when a researcher participating in its bounty program reached out with details of a potential vulnerability on their website.

While they were able to fix the breach immediately, a further investigation by the team found that an authorized third party carried out a similar action on June 25.

The individual used an API key to access the marketing and e-commerce database the company used to send promotional emails.

According to Ledger, this compromised the email addresses of almost one million people. The firm added that, for a subset of 9,500 customers, details such as first and last name, postal address and phone number were also exposed.

The company claimed the API key used to access the database has since been deactivated.

After investigating the matter in tandem with third parties and confirming the breach, Ledger said it notified the French Data Protection Authority, CNIL. Reassuring their users of their funds’ security, Ledger wrote in a blog post:

“Your payment information and crypto funds are safe […] Regarding your e-commerce data, no payment information, no credentials (passwords), were concerned by this data breach. It solely affected our customers’ contact details.”

The company also said that it is monitoring online marketplaces to find evidence of the stolen data being sold, but has found none so far.

Ledger advised users to be vigilant regarding phishing attempts by malicious scammers and said it would never ask them for their recovery phrases.

Updated: 8-5-2020

A Newly Discovered Vulnerability In Ledger Wallet Could Be Disastrous If Not Properly Fixed

Ledger has failed to fully fix a major vulnerability that allows for a “Bitcoin Fork” attack.

A recent report contends that the Ledger app has failed to fix a major vulnerability that allows for a “Bitcoin Fork” attack.

Mo Nokhbeh has claimed that Ledger’s wallet fails to properly isolate the apps responsible for authorizing the transactions of different assets. This creates a vulnerability where a user’s wallet can be fooled into authorizing a transaction for a less valuable asset — such as Litecoin (LTC), Bitcoin Cash (BCH) or any other Bitcoin fork coin — when in reality, a Bitcoin (BTC) transaction is being released. Nokhbeh told Cointelegraph:

“This app should be isolated such that it only signs for testnet derivation paths. However, sending it a regular mainnet bitcoin transaction will pass. In addition, it will present the TX as if it’s testnet bitcoin, to a testnet bitcoin address.”

According to Nokhbeh, he made Ledger fully aware of this vulnerability, and despite acknowledging it, the company has failed to fix it. Instead, they have chosen to release an update to their existing app that will provide users with a warning prompt if such an exploit is detected.

Updated: 8-30-2020

Ledger CTO Discusses Wallet’s Safety After Multiple Security Setbacks

What’s behind Ledger’s tough stint recently? Charles Guillemet, the company’s CTO, responds to all the questions and criticism.

Ledger, one of the crypto industry’s most popular hardware wallet providers, has faced multiple difficulties in recent weeks, including a breach in the company’s customer contact database and a wallet vulnerability putting users’ Bitcoin (BTC) at risk.

Are the recent events simply a summation of a few difficult weeks, or is a larger unraveling at play?

Charles Guillemet, the chief technology officer of Ledger, told Cointelegraph: “As far as the database breach, an attacker got access to a portion of our e-commerce and marketing database through a third party’s API key that was misconfigured on our website, which allowed unauthorized access to our customers’ contact details and order data.”

Ledger’s Data Breached

The breach dates back to June and July 2020. Ledger received a tip on July 14 mentioning the firm’s website and a possible associated weakness, as the report by Cointelegraph detailed.

Although Ledger repaired the issue following the tip, the company discovered that someone had already exploited the weakness on June 25, leading to nearly 1 million leaked email addresses — with 9,500 affected customers seeing other private data leaked, such as their phone numbers and names.

Guillemet said Ledger repaired the issue and disabled the troublesome API key that same day. “In addition, no payment information, credentials (passwords) or crypto funds were impacted,” he added. “This data breach has no link nor impact on our hardware wallets and the Ledger Live application,” he explained.

“Customer crypto assets have always been safe and are not in peril,” he said, crediting Ledger’s device makeup for its security, as it gives authority over funds back to the users.

Jake Yocom-Piatt, the project lead at cryptocurrency Decred, said he was not surprised by the incident, noting companies usually give less attention to their e-commerce database defenses.

“When your core product is secure hardware, it is easy to forget that the security of your e-commerce software system is also important,” he told Cointelegraph, adding: “Many larger organizations view software security as a sunk cost because it falls outside their core product offering, so they cannot market it and extract profit.”

Wallets Had A Software Vulnerability

Shortly following the data breach, Ledger device holders read about another difficulty surrounding their wallet of choice on Aug. 5, as a software vulnerability surfaced. The hole essentially provided a bridge between Bitcoin and its various forks, such as Litecoin (LTC).

Harnessing the flaw, attackers could make a transaction seem associated with one asset, while confirming the transaction on the device would approve a separate transaction for a different asset — unbeknownst to the wallet owner.

Ledger issued a software update the same day, correcting the issue. On Aug. 26, when asked for additional comments, a Ledger public relations representative pointed toward an explanation of the situation on the company’s blog posted on Aug. 5, which explained that a bounty hunter found the vulnerability, leading to Ledger’s mentioned update in response.

“We’d like to assure you that this vulnerability cannot be used to obtain sensitive data like your private keys or recovery phrase,” Ledger clarified in the write-up.

Ledger Wallets Still Effective

Despite the recent difficulties, Ledger wallets remain a popular option for crypto storage. “Ledger and other hardware wallets are a major security upgrade for the average cryptocurrency user because it prevents remote access attacks — e.g., keylogging — from succeeding,” Yocom-Piatt said, adding:

“However, the protection against remote theft that comes with a hardware wallet is typically paired with a distinct decrease in privacy since the hardware wallet supplier can see exactly which coins a wallet controls.”

Twitter user CryptoGainz tweeted out difficulties he faced when working with his Ledger wallets on Aug. 13, citing unreliable software. Although the comment came shortly after the Aug. 5 vulnerability issue, the situation proved unrelated, with CryptoGainz still expressing faith in the wallet company as a crypto storage option.

“They’re a safe way to store crypto, they just suck for trading via metamask on Uniswap,” CryptoGainz told Cointelegraph in a Twitter DM chat, citing an online wallet provider/decentralized application avenue and the latest decentralized exchange trading craze, Uniswap.

Ledger Customer Protection

Although Ledger’s wallets provide parameters for enhanced security, users still must know best practices and tactics for the protection of their assets. “We’re most worried about phishing attempts — emails from scammers pretending to be us,” Guillemet explained.

A phishing scam occurs when a malicious party sends an email, or another form of communication, disguising itself as a different person or company in an attempt to gain private information from the target.

“We’ll never ask our clients for the 24 words of their recovery phrase,” Guillemet said, urging customers to harness two-factor authentication, while also pointing toward educational information on security found on Ledger’s website.

Aside from phishing attacks, Ledger holds safeguards against malware. “Ledger devices are designed to protect users’ funds against malware on users’ computers, including fake Ledger Live applications,” Guillemet explained, referencing Ledger’s desktop application for interacting with wallet devices.

He specified that users should make sure to get the app from Ledger’s official online site or app store.

Yocom-Piatt also spoke on protection against company data breaches, such as the one Ledger suffered. “Since e-commerce systems typically have weak security, I recommend that users ordering these devices have them sent to an address that is not their primary residence,” he said.

Using a different physical address shields customers from exposure of their residence, should such a breach occur, helping guard against potential in-person Ledger wallet device theft. “Also, when possible, you should avoid using the wallet software supplied by the hardware wallet vendor to maximize your privacy,” he added.

Self-custody over assets is a major selling point in the crypto industry, although it requires knowledge and technical prowess. The complexity involved might explain the push for mainstream crypto trading products, such as exchange-traded funds in which companies custody assets for investors.

Updated: 9-18-2020

Ledger Wallet Upgrade Can Prevent ‘Dusting Attacks’

Cold wallet maker Ledger adds more privacy protection to its software suite.

Hardware wallet maker Ledger has recently upgraded its software suite to include more privacy and control over crypto transfers to help prevent ‘dusting attacks’.

A dusting attack is where a malicious actor sends small amounts of Bitcoin to a wallet to break the privacy of users for further attacks.

Ledger Live version 2.11.1 introduces a new feature called Coin Control which gives users the ability to adjust transaction settings to include more privacy or optimal fee usage.

The announcement added that the feature works through its ability to manage Hierarchical Deterministic (HD) wallets, or multiple different Bitcoin addresses. Now, users can select the addresses they want to use for transactions using Coin Control instead of the previous default First-in, First-out (FIFO) method of automatically using the oldest address.

This matters because it prevents third parties tracking those transactions through tiny amounts of BTC, called dust, which are worth less than the transaction fees. This dust can be used to trace the identity of the owner through analysis since these tiny unspent transaction outputs (UTXOs) can accumulate. A large scale dusting attack was carried out on Litecoin users in August 2019.

Ledger Stated That With Coin Control, Users Can Simply Choose To Not Use This Tiny UTXO, Adding;

“As such, they cannot track any movements. In short: it can be a game changer when it comes to your privacy.”

Other features on the software upgrade include an optimization of the network fee structure by allowing users to choose UTXOs with higher value, thus reducing the byte size of the transaction. It also has the ability to select specific addresses for transfers should there be a need to keep payments separated.

Reddit Users Applauded The Upgrade With One Adding;

“This will make dust attacks useless. Also having the ability not to include small inputs when fees are high is great. I’ve been waiting for this feature. Thumbs up!”

Others asked for more functionality such as the addition of TOR, which is open-source software that facilitates anonymous communications. The addition of personal nodes was also requested as some users have trust issues when using a centralized company like Ledger.

Updated: 10-10-2020

Ledger Wallet Company Passes Official Security Audit

The process was meant to ensure that customer information is handled properly by the company.

Ledger, a crypto company providing a number of hardware wallet solutions, has obtained a successful System and Organization Controls, or SOC, Type 1 test.

Friedman LLP, a New York-based accounting firm, ran the SOC 2 Type 1 test on Ledger, according to a statement provided to Cointelegraph:

“By obtaining the SOC 2 Type 1 report, we are now able to provide an additional layer of verified security to our clients, assuring that the Vault solution is secured at all times and that we have the processes in place to ensure availability.”

A crypto storage solution for larger players and companies, Ledger Vault operates as a custody wing under the broader Ledger company.

The SOC 2 exam analyzes a company’s security by way of an audit, verifying the proper handling of customer information by service-based entities. “As a proof of compliance to the AICPA auditing procedure, SOC 2 Type 1 report shows that a SaaS [software-as-a-service] firm has best practices in place,” a blog post from RSI security explained.

“It gives potential customers the assurance that a service organization has passed the said auditing procedure, and that their data is safe if they work with the SOC 2-compliant company,” the post added.

In contrast, a SOC 2 Type 2 exam raises the bar, testing against more in-depth standards while requiring a longer time horizon for a green light.

During the SOC 2 Type 1 analysis, Friedman investigated Ledger on a number of levels, including its disaster recovery strategy and its security, as well as a host of other technical specifics.

“Receiving this attestation is an achievement as it shows our processes and systems are streamlined, documented and overall secure,” Ledger’s chief technology officer, Charles Guillemet, said in the statement. Next year, the company aims toward securing a SOC 2 Type 2 approval, according to comments in the statement from Ledger CEO Pascal Gauthier.

The exam green light comes after Ledger suffered a database leak several months ago, which exposed customers’ information. The popular hardware wallet company fixed the root of the problem following the incident.

Crypto exchange Gemini announced that it had similarly passed its SOC 2 Type 2 test in January 2020.

Updated: 10-12-2020

Ledger Wants To Help MicroStrategy Secure Its $400M Bitcoin Treasury

Square’s SubZero cold wallet is great, but Ledger Vault is better says the company’s VP of Product.

Ledger is mostly known for its consumer-facing hardware wallets, but since last year, a number of enterprises have also begun to use Ledger Vault, according to the company’s vice president of product, Jean-Michel Pailhon.

This product is focused on providing custody solutions to enterprise clients. In fact, the Ledger team is currently trying to sell MicroStrategy on the advantages of its product.

MicroStrategy is a business intelligence company that made a splash in August 2020 by converting a large portion of its treasury into Bitcoin (BTC). More recently Square, who just acquired $50 million worth of Bitcoin, developed an in-house open-source SubZero framework to secure its assets.

Pailhon said that both employ HSMs, or Hardware Security Modules, for the management of digital assets. HSMs have been used for decades for securing critical data and are generally considered invulnerable.

Though SubZero may be a great framework, Pailhon opined that its best suited for tech companies like Square that know how to deploy and manage HSMs. He said that Ledger will set these up for its clients, and that “they don’t necessarily need to know how it works. They just need to use the solution.”

We asked Paihon to walk us through onboarding a company like MicroStrategy. He said that one of the first steps would be to decide how many people will be involved in authorizing transactions, a typical setup would require 2-of-3 signatures; where perhaps, the CEO, chief financial officer, and general counsel hold one signature each.

All the private keys would be stored on an HSM. At the same time, parts of the private keys may be stored in several physical vaults.

When a company officer wants to initiate a transaction, he would log into Ledger Vault and input the desired transaction. Then, a notification would be sent to all three signatories. To approve it, they would have to log in and connect their Ledger Blue hard wallet to their computer.

Finally, they would enter their unique Ledger Blue pin to sign the transaction. There is also an additional layer of protection, which involves one of the signatories choosing to abort the transaction altogether, provided that the minimum number of signatures had not yet been authorized.

Pailhon elaborated that though Ledger provides the backend and takes care of the HSM infrastructure, the client acts as its own custodian. This may present a problem as some companies may be required by law to use a regulated custodian. He explained that this does not present a real challenge though:

“If you need a regulated custodian, you can ask a regulated entity to become one of the signees in the transaction process.”

Meanwhile, MicroStrategy has not named its Bitcoin custodians, though it publicly acknowledged the associated risks:

“While we hold the bulk of our BTC assets with established cryptocurrency custodians, a successful security breach or cyberattack could result in a partial or total loss of our BTC assets in a manner that may not be covered by insurance or indemnity provisions of our custody agreements with those custodians.”

Updated: 10-16-2020

Ledger’s Recent Security Audit Was Unconnected To Their Data Breach In June

It seems the review was already in process before the attack ever occurred.

Popular hardware wallet company Ledger recently announced that they had passed a notable security evaluation, known as SOC 2 Type 1. This certification came following a significant data breach the company suffered in June. Ledger did not, however, decide to conduct its security audit because of the breach, according to comments from a Ledger representative.

“Ledger is always seeking to raise the security standards and has been working on getting the attestation prior to the data breach,” the representative told Cointelegraph.

News of Ledger’s completed SOC 2 Type 1 audit came in October, essentially giving the market a level of confidence based on a trusted mainstream security benchmark.

“The SOC II attestation refers both to the System, in this case, Ledger Vault only, and the Organization: Ledger as a whole,” the representative explained. “Hence, if the SOC 2 Type 1 only applies to Ledger Vault, the Ledger organization as a whole has been audited (onboarding of collaborators, third party interactions, etc.).”

Ledger was made aware of a database weakness in July, which they quickly patched. The company, however, also uncovered a previous large data breach that occurred in June, which leaked thousands customers’ names, addresses, and other potentially sensitive information.

Kristy-Leigh Minehan, Former CTO of Core Scientific, told Cointelegraph “SOC2 Type 1 is about assessing the design of a security process (or processes) at a specific point in time (or, as of a specified date).” She clarified:

“They would only be evaluated up until the point when they executed it, not necessarily when they were awarded it.”

Updated: 11-6-2020

Ledger Owners Lose 1.1 Million XRP To Scam Site

After a major leak of email and personal information earlier this year, Ledger customers are experiencing a surge in phishing attempts.

Phishing attempts and scams against Ledger wallet owners are on the increase with one such scam netting more than 1,150,000 XRP from its victims.

The scam used a phishing email that directed users to a fake version of the Ledger website that substituted a homoglyph in the URL — in this case a letter that looked like the letter ‘e’ but wasn’t. On the fake site, victims were fooled into downloading malware posing as a security update which drained the balance from their Ledger wallet.

According to community run fraud awareness site xrplorer, the XRP collected from the scam was sent to Bittrex across five deposits, but the exchange was “unable to seize [the XRP] in time.”

In a similar ongoing scam, a phishing email that appears to be sent from the official account for “Team Ripple” appeals to Ledger users by offering an XRP giveaway to “whitelisted addresses” as part of a “Community Support Program.” The registration process involves handing over your Ledger seed phrase or crypto private key in order to qualify for the non-existent program.

In an email to customers sent on Jul. 29th of this year, Ledger acknowledged that it had been the victim of a data breach in which close to a million email addresses were compromised, along with the personal details of a subset of 9,500 customers.

Although the vulnerability leading to the leak on the Ledger website was quickly patched, the damage had already been done, and scammers appear to be coming up with creative ways to use the addresses to trick Ledger users into giving up their coins.

The idea of crypto credential phishing via homoglyph-containing URLs is not new and scams employing this tactic have been targeting XRP holders across the course of the entire year, even before the email leak.

In 2018, scammers set up a fake Binance site, complete with an SSL certificate. However eagle eyed users noticed the ‘n’ had been replaced with a version that included an underdot (ṇ).

In March, creators of a fake Google Chrome extension for Ledger managed to steal 1.4 million XRP in less than a month.

Ledger Live Now Supports, Ledger Live Now Supports,Ledger Live Now Supports, Ledger Live Now Supports,Ledger Live Now Supports, Ledger Live Now Supports,

 

Related Articles:

Bitcoin Information & Resources (#GotBitcoin?)

Artist Akon Loves BTC And Says, “It’s Controlled By The People” (#GotBitcoin?)

Miss Finland: Bitcoin’s Risk Keeps Most Women Away From Cryptocurrency (#GotBitcoin?)

Co-Founder Of LinkedIn Presents Crypto Rap Video: Hamilton Vs. Satoshi (#GotBitcoin?)

Crypto Insurance Market To Grow, Lloyd’s Of London And Aon To Lead (#GotBitcoin?)

No ‘AltSeason’ Until Bitcoin Breaks $20K, Says Hedge Fund Manager (#GotBitcoin?)

NSA Working To Develop Quantum-Resistant Cryptocurrency: Report (#GotBitcoin?)

Custody Provider Legacy Trust Launches Crypto Pension Plan (#GotBitcoin?)

Vaneck, SolidX To Offer Limited Bitcoin ETF For Institutions Via Exemption (#GotBitcoin?)

Russell Okung: From NFL Superstar To Bitcoin Educator In 2 Years (#GotBitcoin?)

Bitcoin Miners Made $14 Billion To Date Securing The Network (#GotBitcoin?)

Why Does Amazon Want To Hire Blockchain Experts For Its Ads Division?

Argentina’s Economy Is In A Technical Default (#GotBitcoin?)

Blockchain-Based Fractional Ownership Used To Sell High-End Art (#GotBitcoin?)

Portugal Tax Authority: Bitcoin Trading And Payments Are Tax-Free (#GotBitcoin?)

Bitcoin ‘Failed Safe Haven Test’ After 7% Drop, Peter Schiff Gloats (#GotBitcoin?)

Bitcoin Dev Reveals Multisig UI Teaser For Hardware Wallets, Full Nodes (#GotBitcoin?)

Bitcoin Price: $10K Holds For Now As 50% Of CME Futures Set To Expire (#GotBitcoin?)

Bitcoin Realized Market Cap Hits $100 Billion For The First Time (#GotBitcoin?)

Stablecoins Begin To Look Beyond The Dollar (#GotBitcoin?)

Bank Of England Governor: Libra-Like Currency Could Replace US Dollar (#GotBitcoin?)

Binance Reveals ‘Venus’ — Its Own Project To Rival Facebook’s Libra (#GotBitcoin?)

The Real Benefits Of Blockchain Are Here. They’re Being Ignored (#GotBitcoin?)

CommBank Develops Blockchain Market To Boost Biodiversity (#GotBitcoin?)

SEC Approves Blockchain Tech Startup Securitize To Record Stock Transfers (#GotBitcoin?)

SegWit Creator Introduces New Language For Bitcoin Smart Contracts (#GotBitcoin?)

You Can Now Earn Bitcoin Rewards For Postmates Purchases (#GotBitcoin?)

Bitcoin Price ‘Will Struggle’ In Big Financial Crisis, Says Investor (#GotBitcoin?)

Fidelity Charitable Received Over $100M In Crypto Donations Since 2015 (#GotBitcoin?)

Would Blockchain Better Protect User Data Than FaceApp? Experts Answer (#GotBitcoin?)

Just The Existence Of Bitcoin Impacts Monetary Policy (#GotBitcoin?)

What Are The Biggest Alleged Crypto Heists And How Much Was Stolen? (#GotBitcoin?)

IRS To Cryptocurrency Owners: Come Clean, Or Else!

Coinbase Accidentally Saves Unencrypted Passwords Of 3,420 Customers (#GotBitcoin?)

Bitcoin Is A ‘Chaos Hedge, Or Schmuck Insurance‘ (#GotBitcoin?)

Bakkt Announces September 23 Launch Of Futures And Custody

Coinbase CEO: Institutions Depositing $200-400M Into Crypto Per Week (#GotBitcoin?)

Researchers Find Monero Mining Malware That Hides From Task Manager (#GotBitcoin?)

Crypto Dusting Attack Affects Nearly 300,000 Addresses (#GotBitcoin?)

A Case For Bitcoin As Recession Hedge In A Diversified Investment Portfolio (#GotBitcoin?)

SEC Guidance Gives Ammo To Lawsuit Claiming XRP Is Unregistered Security (#GotBitcoin?)

15 Countries To Develop Crypto Transaction Tracking System: Report (#GotBitcoin?)

US Department Of Commerce Offering 6-Figure Salary To Crypto Expert (#GotBitcoin?)

Mastercard Is Building A Team To Develop Crypto, Wallet Projects (#GotBitcoin?)

Canadian Bitcoin Educator Scams The Scammer And Donates Proceeds (#GotBitcoin?)

Amazon Wants To Build A Blockchain For Ads, New Job Listing Shows (#GotBitcoin?)

Shield Bitcoin Wallets From Theft Via Time Delay (#GotBitcoin?)

Blockstream Launches Bitcoin Mining Farm With Fidelity As Early Customer (#GotBitcoin?)

Commerzbank Tests Blockchain Machine To Machine Payments With Daimler (#GotBitcoin?)

Bitcoin’s Historical Returns Look Very Attractive As Online Banks Lower Payouts On Savings Accounts (#GotBitcoin?)

Man Takes Bitcoin Miner Seller To Tribunal Over Electricity Bill And Wins (#GotBitcoin?)

Bitcoin’s Computing Power Sets Record As Over 100K New Miners Go Online (#GotBitcoin?)

Walmart Coin And Libra Perform Major Public Relations For Bitcoin (#GotBitcoin?)

Judge Says Buying Bitcoin Via Credit Card Not Necessarily A Cash Advance (#GotBitcoin?)

Poll: If You’re A Stockowner Or Crypto-Currency Holder. What Will You Do When The Recession Comes?

1 In 5 Crypto Holders Are Women, New Report Reveals (#GotBitcoin?)

Beating Bakkt, Ledgerx Is First To Launch ‘Physical’ Bitcoin Futures In Us (#GotBitcoin?)

Facebook Warns Investors That Libra Stablecoin May Never Launch (#GotBitcoin?)

Government Money Printing Is ‘Rocket Fuel’ For Bitcoin (#GotBitcoin?)

Bitcoin-Friendly Square Cash App Stock Price Up 56% In 2019 (#GotBitcoin?)

Safeway Shoppers Can Now Get Bitcoin Back As Change At 894 US Stores (#GotBitcoin?)

TD Ameritrade CEO: There’s ‘Heightened Interest Again’ With Bitcoin (#GotBitcoin?)

Venezuela Sets New Bitcoin Volume Record Thanks To 10,000,000% Inflation (#GotBitcoin?)

Newegg Adds Bitcoin Payment Option To 73 More Countries (#GotBitcoin?)

China’s Schizophrenic Relationship With Bitcoin (#GotBitcoin?)

More Companies Build Products Around Crypto Hardware Wallets (#GotBitcoin?)

Bakkt Is Scheduled To Start Testing Its Bitcoin Futures Contracts Today (#GotBitcoin?)

Bitcoin Network Now 8 Times More Powerful Than It Was At $20K Price (#GotBitcoin?)

Crypto Exchange BitMEX Under Investigation By CFTC: Bloomberg (#GotBitcoin?)

“Bitcoin An ‘Unstoppable Force,” Says US Congressman At Crypto Hearing (#GotBitcoin?)

Bitcoin Network Is Moving $3 Billion Daily, Up 210% Since April (#GotBitcoin?)

Cryptocurrency Startups Get Partial Green Light From Washington

Fundstrat’s Tom Lee: Bitcoin Pullback Is Healthy, Fewer Searches Аre Good (#GotBitcoin?)

Bitcoin Lightning Nodes Are Snatching Funds From Bad Actors (#GotBitcoin?)

The Provident Bank Now Offers Deposit Services For Crypto-Related Entities (#GotBitcoin?)

Bitcoin Could Help Stop News Censorship From Space (#GotBitcoin?)

US Sanctions On Iran Crypto Mining — Inevitable Or Impossible? (#GotBitcoin?)

US Lawmaker Reintroduces ‘Safe Harbor’ Crypto Tax Bill In Congress (#GotBitcoin?)

EU Central Bank Won’t Add Bitcoin To Reserves — Says It’s Not A Currency (#GotBitcoin?)

The Miami Dolphins Now Accept Bitcoin And Litecoin Crypt-Currency Payments (#GotBitcoin?)

Trump Bashes Bitcoin And Alt-Right Is Mad As Hell (#GotBitcoin?)

Goldman Sachs Ramps Up Development Of New Secret Crypto Project (#GotBitcoin?)

Blockchain And AI Bond, Explained (#GotBitcoin?)

Grayscale Bitcoin Trust Outperformed Indexes In First Half Of 2019 (#GotBitcoin?)

XRP Is The Worst Performing Major Crypto Of 2019 (GotBitcoin?)

Bitcoin Back Near $12K As BTC Shorters Lose $44 Million In One Morning (#GotBitcoin?)

As Deutsche Bank Axes 18K Jobs, Bitcoin Offers A ‘Plan ฿”: VanEck Exec (#GotBitcoin?)

Argentina Drives Global LocalBitcoins Volume To Highest Since November (#GotBitcoin?)

‘I Would Buy’ Bitcoin If Growth Continues — Investment Legend Mobius (#GotBitcoin?)

Lawmakers Push For New Bitcoin Rules (#GotBitcoin?)

Facebook’s Libra Is Bad For African Americans (#GotBitcoin?)

Crypto Firm Charity Announces Alliance To Support Feminine Health (#GotBitcoin?)

Canadian Startup Wants To Upgrade Millions Of ATMs To Sell Bitcoin (#GotBitcoin?)

Trump Says US ‘Should Match’ China’s Money Printing Game (#GotBitcoin?)

Casa Launches Lightning Node Mobile App For Bitcoin Newbies (#GotBitcoin?)

Bitcoin Rally Fuels Market In Crypto Derivatives (#GotBitcoin?)

World’s First Zero-Fiat ‘Bitcoin Bond’ Now Available On Bloomberg Terminal (#GotBitcoin?)

Buying Bitcoin Has Been Profitable 98.2% Of The Days Since Creation (#GotBitcoin?)

Another Crypto Exchange Receives License For Crypto Futures

From ‘Ponzi’ To ‘We’re Working On It’ — BIS Chief Reverses Stance On Crypto (#GotBitcoin?)

These Are The Cities Googling ‘Bitcoin’ As Interest Hits 17-Month High (#GotBitcoin?)

Venezuelan Explains How Bitcoin Saves His Family (#GotBitcoin?)

Quantum Computing Vs. Blockchain: Impact On Cryptography

This Fund Is Riding Bitcoin To Top (#GotBitcoin?)

Bitcoin’s Surge Leaves Smaller Digital Currencies In The Dust (#GotBitcoin?)

Bitcoin Exchange Hits $1 Trillion In Trading Volume (#GotBitcoin?)

Bitcoin Breaks $200 Billion Market Cap For The First Time In 17 Months (#GotBitcoin?)

You Can Now Make State Tax Payments In Bitcoin (#GotBitcoin?)

Religious Organizations Make Ideal Places To Mine Bitcoin (#GotBitcoin?)

Goldman Sacs And JP Morgan Chase Finally Concede To Crypto-Currencies (#GotBitcoin?)

Bitcoin Heading For Fifth Month Of Gains Despite Price Correction (#GotBitcoin?)

Breez Reveals Lightning-Powered Bitcoin Payments App For IPhone (#GotBitcoin?)

Big Four Auditing Firm PwC Releases Cryptocurrency Auditing Software (#GotBitcoin?)

Amazon-Owned Twitch Quietly Brings Back Bitcoin Payments (#GotBitcoin?)

JPMorgan Will Pilot ‘JPM Coin’ Stablecoin By End Of 2019: Report (#GotBitcoin?)

Is There A Big Short In Bitcoin? (#GotBitcoin?)

Coinbase Hit With Outage As Bitcoin Price Drops $1.8K In 15 Minutes

Samourai Wallet Releases Privacy-Enhancing CoinJoin Feature (#GotBitcoin?)

There Are Now More Than 5,000 Bitcoin ATMs Around The World (#GotBitcoin?)

You Can Now Get Bitcoin Rewards When Booking At Hotels.Com (#GotBitcoin?)

North America’s Largest Solar Bitcoin Mining Farm Coming To California (#GotBitcoin?)

Bitcoin On Track For Best Second Quarter Price Gain On Record (#GotBitcoin?)

Bitcoin Hash Rate Climbs To New Record High Boosting Network Security (#GotBitcoin?)

Bitcoin Exceeds 1Million Active Addresses While Coinbase Custodies $1.3B In Assets

Why Bitcoin’s Price Suddenly Surged Back $5K (#GotBitcoin?)

Zebpay Becomes First Exchange To Add Lightning Payments For All Users (#GotBitcoin?)

Coinbase’s New Customer Incentive: Interest Payments, With A Crypto Twist (#GotBitcoin?)

The Best Bitcoin Debit (Cashback) Cards Of 2019 (#GotBitcoin?)

Real Estate Brokerages Now Accepting Bitcoin (#GotBitcoin?)

Ernst & Young Introduces Tax Tool For Reporting Cryptocurrencies (#GotBitcoin?)

Recession Is Looming, or Not. Here’s How To Know (#GotBitcoin?)

How Will Bitcoin Behave During A Recession? (#GotBitcoin?)

Many U.S. Financial Officers Think a Recession Will Hit Next Year (#GotBitcoin?)

Definite Signs of An Imminent Recession (#GotBitcoin?)

What A Recession Could Mean for Women’s Unemployment (#GotBitcoin?)

Investors Run Out of Options As Bitcoin, Stocks, Bonds, Oil Cave To Recession Fears (#GotBitcoin?)

Goldman Is Looking To Reduce “Marcus” Lending Goal On Credit (Recession) Caution (#GotBitcoin?)

Our Facebook Page

Your Questions And Comments Are Greatly Appreciated.

Monty H. & Carolyn A.

Go back

Leave a Reply