Ledger’s CTO Discusses Safety of Wallet after Multiple Setbacks
One of the most popular hardware wallet providers in the cryptocurrency industry, Ledger has had to deal with numerous difficulties in the past few weeks. This includes a breach in the customer contact database of the company and a vulnerability in the wallet that puts users’ Bitcoin (BTC) at risk. Is the company having a couple of difficult weeks or do these recent events indicate there is a larger unraveling taking place? The chief technology officer at Ledger, Charles Guillemet said that the database breach had happened because the attacker had used a third party’s API key for getting access to a portion of the company’s marketing and eCommerce database, which had been misconfigured on their website.
This gave the attackers unauthorized access to their customers’ order data and contact details. The breach is dated back to June and July 2020. On July 14th, the company had received a tip that mentioned the website of the company and a possible weakness associated with it. Following the tip, the issue had been repaired by Ledger, but they discovered that this weakness had already been exploited by someone on June 25th. This had led to almost 1 million email addresses being leaked and 9,500 of the affected customers had their private data leaked, which included names and phone numbers.
Guillemet said that the company had dealt with the issue and the troublesome API had been fixed on the same day. He also added that no credentials like passwords, payment information or crypto funds had suffered. He said that the data breach had not been connected to their Ledger Live application or their hardware wallets. According to Guillemet, customers’ crypto-assets have never been at risk, citing the makeup of Ledger’s device for its security as it provides users with complete authority over their funds.
Cryptocurrency Decred’s project leader, Jake Yocom-Piatt had said that the incident didn’t surprise him because companies don’t really pay much attention to their eCommerce database security. He said that when a company’s primary product is secure hardware, it can be easy to forget that the eCommerce software system also needs to be protected. He stated that a lot of companies consider software security as a sunk cost because it is not part of their core product offering and so, doesn’t offer them a lot of profits.
Shortly after the data breach, a software vulnerability also surfaced related to Ledger on August 5th. The loophole basically created a bridge between Bitcoin and its different forks, such as bitcoin. Attackers could harness this flaw by making a transaction seem associated with one asset, whereas the transaction on the device would approve another transaction for a different asset, without the wallet owner finding out. A software update was issued by Ledger on the same day to correct the issue. Despite these difficulties in recent weeks, Ledger is still one of the most popular wallets for crypto storage Even though they have provided the best parameters for improved security, users should still know the best tactics and practices for protecting their assets.