For all of you Bitcoin hodlers out there that own a Ledger hardware wallet, you will know by now that your details were likely leaked, alongside more than 270,000 others.
That’s right, Ledger was hacked and more than 270,000 cell phone numbers, addresses and personal info was leaked.
More than a million email addresses were also leaked. If you’re on any of these lists, we’ve got some advice for you, and you might want to follow it.
Ignore Any Emails That Are Strange
First up, we’re going to advise you to not open any emails that are from an exchange that you don’t recognize, come from a sender other than the exchange or wallet itself (check the email address it’s from) and, most importantly, don’t download anything from an email.
You should be doing all of these things anyway, but now your email address is out there and scammers know that you own Bitcoin, it’s time to take things seriously.
I myself was included in the list of leaked details, and since then, I’ve seen a massive flurry of emails from scammers hit my inbox, so I know they’re happening to you too.
Our best advice is to just ignore anything unless you can authenticate the sender.
Ledger only sent 1 email following the leak of this data, meaning every other email from “Ledger” since is fake, unless you reached out to them for advice/support.
Other exchanges are jumping on the bandwagon and suggesting that you head on over to their wallets/platforms, but do yourself a favor and stick with what you know.
If you want to play it safe, consider this email account burned and get yourself a new one. It’s a hassle to change your details everywhere, but it’s better than accidentally falling for a scam.
Don’t Click the SMS
If you’re unlucky like me and your cell phone number was leaked, then you too will have likely received a number of spam SMS from services claiming to be wallets or exchanges.
These are all scams and they’re using typo squatting to make it look legit. For example, one that claims to be from blockchain.io has been written in such a way that it uses a typo.
By using all caps for the URL, the scammers have swapped out a capital I (i) for a lower-case l (L).
This is a very common tactic used, and you can even see it if you read it carefully as the height and alignment is off with this letter.
Changing cell phone number is a huge hassle, but if you’ve got 2FA devices linked to your number, consider going through the hassle as getting sim swapped isn’t a fun experience.
Just Be Sensible
Now your data is out there on the clear web, it’s time to crank your security up a notch or two.
Take things seriously and be very vigilant when you’re clicking links in emails and in SMS.
Finally, remember to never give your seed phrases to anyone, and never put them in any website or app that isn’t the legitimate Ledger app.