Ledger CTO discusses the security issues concerning the popular hardware wallet
|- Ledger suffered a data breach and had a wallet vulnerability detected a few weeks ago.
- Ledger CTO Charles Guillemet discussed the causes and implications of these incidents.
- He said that the company is “most worried about phishing attempts.”
In a recent interview, Charles Guillemet, the CTO of Ledger, a popular hardware wallet provider, responded to all the project criticisms. Ledger has been subject to many difficulties in recent times. It suffered a breach in its customer contact database and a wallet vulnerability that put users’ Bitcoin at risk.
Discussing the data breach, Guillemet said that an attacker got access to a portion of the firm’s e-commerce and marketing database through a third party’s API key that was misconfigured on their website. This allowed unauthorized access to their customers’ contact details and order information. He added that Ledger fixed the issue and disabled the troublesome API key that same day. Guillemet also noted that payment information, credentials (passwords) or cryptocurrency funds were not affected due to the breach.
On August 5, a software vulnerability was detected in Ledger, which provided a bridge between Bitcoin and its various forks like Litecoin. Ledger issued a software update on the same day to fix the issue. In a later blog, the company reassured its users that attackers could not exploit the vulnerability to “obtain sensitive data like your private keys or recovery phrase.”
Although Ledger’s wallets provide parameters for enhanced security, users must still be aware of the best practices to protect their assets. Guillemet explained that Ledger “is most worried about phishing attempts — emails from scammers pretending to be us.” He added that the company will never ask its users for the 24 words of their recovery phrase.
Speaking of safeguards against malware, Guillemet said:
Ledger devices are designed to protect users’ funds against malware on users’ computers, including fake Ledger Live applications.
Information on these pages contains forward-looking statements that involve risks and uncertainties. Markets and instruments profiled on this page are for informational purposes only and should not in any way come across as a recommendation to buy or sell in these assets. You should do your own thorough research before making any investment decisions. FXStreet does not in any way guarantee that this information is free from mistakes, errors, or material misstatements. It also does not guarantee that this information is of a timely nature. Investing in Open Markets involves a great deal of risk, including the loss of all or a portion of your investment, as well as emotional distress. All risks, losses and costs associated with investing, including total loss of principal, are your responsibility. The views and opinions expressed in this article are those of the authors and do not necessarily reflect the official policy or position of FXStreet nor its advertisers.