Antonopoulos talked about two big risks: phishing and the exchange of SIM cards. The Bitcoin evangelist doubts that hackers will conduct physical attacks against affected users.
In the wake of the leakage of data of more than a million users of Ledger wallets, many of them are being victims of phishing and extortion. Bitcoin evangelist Andreas Antonopoulos talked about this on his YouTube channel.
Antonopoulos indicated that “the objective is to help people know how to react amid stress to get out of a panic attack and learn something that everyone can apply for the future.”
In that sense, he talked about how to counteract the “major risks” and the “minor risks” that this data leak implies. Among the major risks, he mentioned phishing attacks and SIM swapping. Concerning the minor risks, he included physical assaults and possible updates to the ledger.
MyEtherWallet co-founder Taylor Monahan and popular cryptocurrency podcaster Peter McCormack discussed actions to take to avoid the major risks. To prevent phishing, they advised users to be aware of the e-mails that they receive.
They say that “it is necessary to check them well before opening them or clicking on a link.” Those who hacked into Ledger user data already resorted to this threat through a campaign last October. Since that time, users have been receiving e-mails and text messages with misleading content and links.
Other members of the ecosystem have posted many of the recommendations that appear in the video, especially those to check the domains of the links and never reveal the seed or private keys. It would be suitable to change the e-mail or password.
Antonopoulos agrees with Ledger that cold wallets are still secure, so hackers cannot gain access to user funds. “You do not have to throw away your cold wallet, you do not need to do that,” recommends the speaker.
SIM swapping is another relevant risk since hackers request telephone companies, through deception, to assign a phone number to another SIM card that they manage. Monahan talked about a personal experience and recalled that hackers have accessed people’s wallets using this strategy. It is possible to avoid this attack by changing SIMs and updating or implementing the two-factor authentication (2FA) mechanism.
Regarding minor risks, the experts consider that there is little probability that direct attacks by hackers against the physical integrity of users will occur.
They believe that threats to disclose confidential information and the demand for payments in Bitcoin to avoid physical attacks are part of phishing. “They try to scare people into feeling forced to pay them with Bitcoin, but they are unlikely to risk making these attacks.”
This is part of so-called “social engineering”, with which cybercriminals seek to get people to deliver sensitive information, without realizing it or under coercion.
Victims of Data Breach
So far there are around 300,000 people affected by Ledger’s data hacking. This group is on a list of one million users, whose information first appeared on dark web sites and then on the surface Internet.
That data includes phone numbers, e-mail addresses, home addresses, and names. Most of those people bought the devices from Ledger stores, where they gave that information, in early 2020.
According to Antonopoulos, some rumored that there are other people, who bought Ledger wallets after the hack, who were also victims of the hack.
E-mail is the main digital identity available at this time, according to the specialists. They say that it is impossible to avoid handing over such data, given that many services do not work without compiling at least one mailing list.
Thus, the data breach is one of the top risks that users currently run, say Jameson Lopp (co-founder and CTO of Casa) and McCormack. All companies, not only those linked to the cryptocurrency sector, are at risk of having this problem.
Despite this, Ledger users express their discomfort, threatening to take legal action against the French company. Ledger recently announced that the victims will not receive any compensation.
By Alexander Salazar
