Connect with us


Why Ledger Kept All That Customer Data in the First Place

A dump of customer emails and addresses serves as a stark reminder that even companies in the privacy-minded crypto space are data honeypots.



Dec 21, 2020 at 4:32 a.m. UTCUpdated Dec 21, 2020 at 5:43 a.m. UTC

(Sonja Langford/Unsplash)

Why Ledger Kept All That Customer Data in the First Place

First, the good news, in a manner of speaking: Ledger customers can now see firsthand whether their personal information was exposed in the hack discovered in July.

Someone posted the complete lists of 1 million email addresses and 272,000 names, mailing addresses and phone numbers belonging to customers of the France-based maker of hardware cryptocurrency wallets. The latter list is a lot bigger than the number previously disclosed by Ledger (9,500).

Ledger did not address the discrepancy in a tweet storm Sunday apologizing again for the breach. A spokesperson did not immediately respond to an email requesting comment.

“It is a massive understatement to say we sincerely regret this situation. We take privacy extremely seriously,” the company said. “Avoiding situations like this are a top priority for our entire company, and we have learned valuable lessons from this situation which will make Ledger even more secure.” Among other steps, Ledger has hired a new chief information security officer and taken down 170 phishing sites since the breach, it said.

There are at least three file-sharing sites, reminiscent of the golden age of MP3 blogs, where you can download the two lists. I will not post the links but it took just a few minutes searching Twitter to find them.

If you do download the trove, please check for your own details, then delete it. If you keep the file, gawk at the names or gossip with friends about it, well, I’ll be very disappointed.

Several of the email addresses in the data leak match those which received phishing emails from scammers seeking to defraud CoinDesk readers.

As we reported in July, these scammers were copying legitimate CoinDesk newsletters, adding some fraudulent paragraphs and links about a crypto giveaway, and sending them to individuals who never signed up to receive CoinDesk emails to begin with.

Casa CTO Jameson Lopp suggested in November that Ledger customers may have been targeted; today’s data dump would suggest that’s true.

Bigger picture

The bad news: O.K., it’s not news but Sunday’s data dump serves as a sobering reminder that even a maker of hardware crypto wallets can become a honeypot of sensitive data. (I’m using the term “honeypot” in the sense of “a valuable target for hackers,” not “a decoy site to trap them.”)

The reason is partly due to the marketing imperatives of a startup, and partly due to legal and regulatory requirements.

In an FAQ posted in July, the company said an attacker had accessed part of its marketing database through a third party’s API key that had been misconfigured on Ledger’s website.

As soon as the breach was discovered, the key was deactivated, Ledger said. But not in time to prevent the rascals from accessing the lists and, apparently, selling them to phishing artists.

Why would a third party have an API key? The FAQ goes on to explain:

Ledger e-commerce and marketing teams use a third-party solution (Iterable) to send and analyze transactional and marketing emails to customers who have bought products on or have signed up to receive our newsletters. … In accordance with our Privacy Policy, as a data controller, we may transmit some of your data to third parties such as payment service providers (PSPs) infrastructure, logistics, and other services providers, within applicable contractual and legal frameworks.

That covers the emails. What about all those mailing addresses, names and phone numbers? Why not purge those after shipping the goods? Back to the FAQ:

For legal reasons, we are obliged to store some transactional information relating to our customers’ contact details and their orders data.

In accordance with the storage limitation principle set forth under applicable laws, we endeavor to retain data for no longer than the time required to comply with such legitimate and legal purposes, including satisfying any legal, accounting, tax, or other compliance reporting requirements.

We may archive some of your personal data, with restricted access, for an additional period of time when it is strictly necessary for us to comply with our legal and/or regulatory archiving obligations and for the applicable statute of limitation periods.

At the end of this additional period, your remaining personal data will be permanently erased or anonymized from our systems. If you purchased a product or a service from us, we may retain some transactional data attached to your Contact Details to comply with our legal, tax or accounting obligations for a maximum 10 years period set forth by French applicable laws, as well as to allow us to manage our rights (for example to assert our claims in Courts) during applicable French statutes of limitations.

We also need to retain some of your personal data contained in this database, in order for us to answer your questions, to process potential claims, and to retain evidence for the criminal investigation.

In other words, sometimes companies’ hands are tied and they have to hold on to the toxic waste that is customer data even if they don’t want to.

Take heart; there are ways to mitigate the risk of exposure even when ordering physical products, as CoinShares chief strategy officer Meltem Demirors noted on Twitter:




World’s Oldest Central Bank Extends Digital Currency Test Till 2022

Riksbank said it would continue developing a technical solution for a central bank-issued e-krona under its pilot project.



Sweden’s Riksbank said it would continue work with Accenture on a potential e-krona digital currency until next year.

(Mario Ortiz/Shutterstock)

Feb 17, 2021 at 10:12 a.m. UTC

World’s Oldest Central Bank Extends Digital Currency Test Till 2022

The world’s oldest central bank, Sweden’s Riksbank, is to extend its pilot project for a potential central bank digital currency (CBDC) for another 12 months.

According to a press release on Friday, the project, which is being carried out with assistance from professional services firm Accenture, will run until February 2022.

The Riksbank said it would continue developing a technical solution for a central bank-issued e-krona “as a complement to cash,” with the primary objective being for the bank to increase its knowledge around the technology.

For 2021, the institution will continue developing its potential digital currency offering with a focus on performance and scalability. Testing offline functions and bringing external participants into the test environment is also on the table.

The project has raised some concerns from Sweden’s commercial banking sector over the viability of a sovereign CBDC and how that would impact the entire banking system.

There is no final decision over the issuance of the e-krona despite strong lobbying from the central bank to government last year. But with traditional cash seeing falling use, even more so during the coronavirus pandemic, Sweden has been mulling a switch to the CBDC.

However, questions still remain over the digital currency’s ultimate design and underlying technology, according to Friday’s release.



Continue Reading


Bitcoin Mining: Wasted Energy or a Better, Greener System?

Harry Sudock, VP of strategy at GRIID Infrastructure on the modern energy landscape, how far we’ve come and where bitcoin mining fits.



Is it wasteful to use electricity mining bitcoin? As the Biden Administration settles into power with an ambitious agenda around clean energy, notably promising to eliminate carbon emissions from the US power generation sector by 2035, the question of bitcoin mining and it’s ever-growing use of energy bubbles up once more.

In this episode of ‘On Purpose, With Tyrone Ross,’ Harry Sudock, VP of strategy at GRIID Infrastructure joins the show to discuss the modern energy landscape, how far we’ve come and where bitcoin mining can fit into a sustainable energy system.

The greatest number of people living in poverty are children, we need to change that. If you can, get involved and give back to Love and Light. I appreciate you!

Other Episodes



Continue Reading


Deutsche Bank Quietly Plans to Offer Crypto Custody, Prime Brokerage- CoinDesk

The bank’s game plan was hidden in plain sight in a widely overlooked report by the World Economic Forum.



The bank’s game plan was hidden in plain sight in a widely overlooked report by the World Economic Forum.

Deutsche Bank headquarters in Frankfurt, Germany (Thomas Lohnes/Getty Images)

Feb 13, 2021 at 2:10 a.m. UTCUpdated Feb 13, 2021 at 2:18 a.m. UTC

Deutsche Bank Quietly Plans to Offer Crypto Custody, Prime Brokerage

Deutsche Bank has joined the growing ranks of large financial institutions exploring cryptocurrency custody, with aspirations to offer high-touch services to hedge funds that invest in the asset class.

The Deutsche Bank Digital Asset Custody prototype aims to develop “a fully integrated custody platform for institutional clients and their digital assets providing seamless connectivity to the broader cryptocurrency ecosystem,” according to a little-noticed report by the World Economic Forum, host of the annual gathering of muckety-mucks in Davos, Switzerland.

In a passage buried on page 23 of the December 2020 report, Germany’s largest bank says it plans to create a trading and token issuance platform, bridging digital assets with traditional banking services, and managing the array of digital assets and fiat holdings in one easy-to-use platform.

Big banks are now announcing plans to enter crypto custody on an almost daily basis, with Bank of New York Mellon, the world’s largest custodian bank, joining the party earlier this week.

U.S. banks were given some regulatory clarity thanks to last year’s interpretation letters from the Office of the Comptroller of the Currency. In Germany, firms are queuing up to get their hands on special crypto custody licenses from the country’s regulator, BaFIN.

Deutsche, the world’s 21st largest bank, said it aims to “ensure the safety and accessibility of assets for clients by offering an institutional-grade hot/cold storage solution with insurance-grade protection.” No specific cryptocurrencies or tokens are mentioned.

The digital asset custody platform would be launched in stages. It would eventually provide clients with the ability to buy and sell digital assets via a partnership with prime brokers (which act sort of like concierges for hedge funds), issuers and vetted exchanges.

The bank says it would also provide “value-added services such as taxation, valuation services and fund administration, lending, staking and voting, and provide an open-banking platform to allow onboarding of third-party providers.”

The service would be aimed at asset managers, wealth managers, family offices, corporates and digital funds, the bank said.

In terms of a business model, the bank would start out collecting custody fees, it said, later charging fees for tokenization and trading.

Deutsche said it has completed a proof of concept and is aiming for a minimum viable product in 2021, while exploring global client interest for a pilot initiative.

The bank’s press office could not be reached for comment Friday evening. A spokesperson had declined to comment on potential plans for a digital asset custody business when contacted last week by CoinDesk.



Continue Reading


CNBC3 days ago

Stitch Fix shares surge as online styling service reports surprise profit

Stitch Fix shares jumped after the online shopping and styling service reported a surprise profit for its fiscal fourth quarter.

Techcrunch2 weeks ago

South Korean antitrust regulator fines Google $177M for abusing market dominance – TechCrunch

The Korea Fair Trade Commission (KFTC) said on Tuesday it fined Google $177 million for abusing its market dominance in...

Cointelegraph2 weeks ago

El Salvador’s Bitcoin detractors: Opposition groups gather as crypto law rolls out

While President Bukele enjoys widespread popularity, his law that makes Bitcoin legal tender does not.

Ventureburn2 weeks ago

Startup partners with Telkom to launch translation platform for SA languages

Telkom has partnered with SA startup Enlabeler to launch an AI platform that translates speech into text and provides transcription...

Entrepreneur3 weeks ago

Why You Should Make Twitter Spaces Part of Your Business Strategy

Twitter's latest feature can help businesses grow their presence on the platform.

Bioengineer3 weeks ago

What factors put Philippine birds at risk of extinction?

Credit: Ça?an ?ekercio?lu The lush forests and more than 7,000 islands of the Philippines hold a rich diversity of life,

Reuters4 weeks ago

Chinese social media platforms to “rectify” financial self-media accounts

China's top social media platforms, Wechat, Douyin, Sina Weibo and Kuaishou, said on Saturday they would begin to rectify irregular...

Ventureburn4 weeks ago

South African startups helping to solve the global challenges

A new generation of entrepreneurs are not only incubating solid startups but are contributing to help solve some of the...

Techcrunch1 month ago

The SEC and the DOJ just charged this startup founder with fraud, saying he lied to Tiger and others – TechCrunch

Today, both the U.S. Department of Justice and the Securities and Exchange Commission charged Manish Lachwani, cofounder of a mobile...

Techcrunch1 month ago

Blockchain startup XREX gets $17M to make cross-border trade faster – TechCrunch

A substantial portion of the world’s trade is done in United States dollars, creating problems for businesses in countries with a...


    Select language