Ledger Phishing Attack On Dutch Users: Difference between revisions

From Quadriga Initiative Cryptocurrency Hacks, Scams, and Frauds Repository
Jump to navigation Jump to search
(Created page with "{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/ledgerphishingattackondutchusers.php}} thumb|LedgerLedger reports that a recent phishing campaign was launched targeting Dutch users in their language. This email pretends to be from a law firm working with Ledger, and requests the users to click a malicious link for 2FA verification. While details are not provided, typically links will either try to run a malicious transaction...")
 
(Another 30 minutes complete. All sources merged in. Prevention added. Information relocated around.)
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
{{Imported Case Study|source=https://www.quadrigainitiative.com/casestudy/ledgerphishingattackondutchusers.php}}
{{Case Study Under Construction}}[[File:Ledger.jpg|thumb|Ledger]]Ledger reports that a recent phishing campaign was launched targeting Dutch users in their language. This email pretends to be from a law firm working with Ledger, and requests the users to click a malicious link for 2FA verification. While details are not provided, typically links will either try to run a malicious transaction or obtain the user's seed phrase.


[[File:Ledger.jpg|thumb|Ledger]]Ledger reports that a recent phishing campaign was launched targeting Dutch users in their language. This email pretends to be from a law firm working with Ledger, and requests the users to click a malicious link for 2FA verification. While details are not provided, typically links will either try to run a malicious transaction or obtain the user's seed phrase.
== About Ledger ==
<ref name="ledger-6398" /><ref name="financegates-7300" />


This is a global/international case not involving a specific country.
== About Ledger ==
"Based in France, Ledger is the largest cryptocurrency hardware wallet company." "Ledger is a hardware cryptocurrency wallet that is used to store, manage, and sell cryptocurrency. The funds held in these wallets are secured using a 24-word recovery phrase and an optional secret passphrase that only the owner knows."
"Based in France, Ledger is the largest cryptocurrency hardware wallet company." "Ledger is a hardware cryptocurrency wallet that is used to store, manage, and sell cryptocurrency. The funds held in these wallets are secured using a 24-word recovery phrase and an optional secret passphrase that only the owner knows."


"Ledger offers two products, the Nano S and Nano X, that can store the digital keys used to secure crypto wallets. The devices can be used with a variety of cryptocurrencies, are compatible with numerous apps, and are supposed to offer a safe way to manage crypto without compromising too much on convenience. Ledger says on its website that it has sold 1.5 million products to customers in 165 countries to date."
"Ledger offers two products, the Nano S and Nano X, that can store the digital keys used to secure crypto wallets. The devices can be used with a variety of cryptocurrencies, are compatible with numerous apps, and are supposed to offer a safe way to manage crypto without compromising too much on convenience. Ledger says on its website that it has sold 1.5 million products to customers in 165 countries to date."


== The Reality ==
"The scammer is pretending to be working in a law firm in contact with Ledger. They are claiming that We have noticed someone tried to log in on your Ledger account from a location you have never used before. So we have blocked your account and wallet. and asking you to click on a link for a 2FA verification."
"The scammer is pretending to be working in a law firm in contact with Ledger. They are claiming that We have noticed someone tried to log in on your Ledger account from a location you have never used before. So we have blocked your account and wallet. and asking you to click on a link for a 2FA verification."


"The link provided by the scammers is not legitimate."
"The link provided by the scammers is not legitimate."
This is a global/international case not involving a specific country.
The background of the exchange platform, service, or individuals involved, as it would have been seen or understood at the time of the events.
Include:
* Known history of when and how the service was started.
* What problems does the company or service claim to solve?
* What marketing materials were used by the firm or business?
* Audits performed, and excerpts that may have been included.
* Business registration documents shown (fake or legitimate).
* How were people recruited to participate?
* Public warnings and announcements prior to the event.
Don't Include:
* Any wording which directly states or implies that the business is/was illegitimate, or that a vulnerability existed.
* Anything that wasn't reasonably knowable at the time of the event.
There could be more than one section here. If the same platform is involved with multiple incidents, then it can be linked to a main article page.
== The Reality ==
This sections is included if a case involved deception or information that was unknown at the time. Examples include:
* When the service was actually started (if different than the "official story").
* Who actually ran a service and their own personal history.
* How the service was structured behind the scenes. (For example, there was no "trading bot".)
* Details of what audits reported and how vulnerabilities were missed during auditing.


== What Happened ==
== What Happened ==
The specific events of the loss and how it came about. What actually happened to cause the loss and some of the events leading up to it.
Dutch Ledger owners received a phishing email which warned them that their account was locked because it was accessed from a new location, and they should follow the instructions to enable "2-factor authentication"<ref name=":0">[https://web.archive.org/web/20220309091150/https://www.ledger.com/phishing-campaigns-status ONGOING PHISHING CAMPAIGNS - Ledger Archive March 9th, 2022 2:11:50 AM MST] (Apr 26, 2023)</ref>.
{| class="wikitable"
{| class="wikitable"
|+Key Event Timeline - Ledger Phishing Attack On Dutch Users
|+Key Event Timeline - Ledger Phishing Attack On Dutch Users
Line 49: Line 21:
!Description
!Description
|-
|-
|March 1st, 2022 12:00:00 AM
|December 21st, 2020 12:16:31 AM MST
|Main Event
|Bleeping Computer Article
|Expand this into a brief description of what happened and the impact. If multiple lines are necessary, add them here.
|BleepingComputer publishes an article on the Ledger data breach<ref>[https://web.archive.org/web/20201221071631/https://www.bleepingcomputer.com/news/security/physical-addresses-of-270k-ledger-owners-leaked-on-hacker-forum/ Physical addresses of 270K Ledger owners leaked on hacker forum - BleepingComputer Archive December 21st, 2020 12:16:31 AM MST] (Apr 26, 2023)</ref><ref name="slashdot-7301" />, where the physical addresses, email addresses, and names of 272,853 people who purchased a Ledger hardware cryptocurrency wallet have been leaked on a hacker forum. The data was stolen during a June 2020 data breach, and the release of this information poses a significant security risk as it provides threat actors with data that can be used in phishing attacks against Ledger owners. Ledger has advised users to never share their recovery phrase or passphrase with anyone and to be wary of any postal mail or email claiming to be from Ledger<ref>[https://www.bleepingcomputer.com/news/security/physical-addresses-of-270k-ledger-owners-leaked-on-hacker-forum/ Physical addresses of 270K Ledger owners leaked on hacker forum - BleepingComputer] (Apr 26, 2023)</ref>. TBD information on update of sim swap attacks from phone numbers.
|-
|December 22nd, 2020
|CryptoBriefing Article
|CryptoBriefing publishes an article on the data breach event that affected more than 270,000 Ledger customers. Ledger's CEO Pascal Gauthier has dismissed any possibility of refunds and instead advised customers to store their seed phrases in a bank vault. In an open message, Gauthier said the company should spend money on improving its security standards instead of issuing refunds. Ledger has also hired a new Chief Information Security Officer, five months after the data breach<ref name="financegates-7300" />.
|-
|January 19th, 2021 12:54:12 AM MST
|Sifted Article
|Sifted reports that French cryptocurrency security startup, Ledger, is attempting to recover its reputation after breaches exposed customer data. The company has hired a new security team, introduced new data security procedures and transparency to rectify the issues. The leak, which occurred via two third-party ecommerce partners, could make winning back trust difficult among crypto fans, who tend to be inherently distrustful. The article includes an attack against a Dutch Ledger user<ref>[https://web.archive.org/web/20210119075412/https://sifted.eu/articles/ledger-data-breach-crypto/ Crypto startup Ledger fights to repair its reputation - Sifted Archive January 19th, 2021 12:54:12 AM MST] (Apr 26, 2023)</ref><ref>[https://sifted.eu/articles/ledger-data-breach-crypto Crypto startup Ledger fights to repair its reputation - Sifted] (Apr 26, 2023)</ref>. TBD follow more on that Twitter <ref>https://twitter.com/_Mooner666 (Jul 8, 2023)</ref> to try to locate a Tweet by the Dutch user about the threats he faces.
|-
|March 22nd, 2021 4:17:00 PM MDT
|CryptoPotato Article
|CryptoPotato publishes an article on Ledger phishing scams in general. Crypto investors with Ledger hardware wallets are being targeted by phishing scams where attackers are posing as Ledger customer support and requesting the 24-word recovery phrase or asking users to reset their PIN number through an embedded link. The phishing emails appear to come from a similar email address to Ledger's official one and encourage users to download Ledger Live. Users are being urged to remain vigilant and to verify any requests from Ledger by checking the website's security certificate and ensuring that the URL matches the official website<ref name="cryptopotato-7557" />.
|-
|-
|
|March 1st, 2022
|
|New Phishing Campaign Reported
|
|Ledger reports a new phishing campaign which is targeting Dutch users<ref name="ledger-7556" /><ref name=":0" />.
|}
|}
== Technical Details ==
The text of the phishing email was similar to the following<ref name=":0" />.<blockquote>Hallo Nina,
We hebben gemerkt dat iemand zojuist heeft geprobeerd in te loggen op uw Ledger-account vanaf een locatie die u not niet eerder hebt gebruikt, dus we willen zeker weten dat jij het echt bent.
Uw account en uw wallet zijn tijdelijk geblokkeerd om te voorkomen dat u geld verliest.
Hoe kan ik mijn account herstellen?
# Klik op Account Herstellen en volg de instructies om uw account te deblokkeren
# Schakel na het voltooien van het proces Tee-factoranauthenticatie in.
Account Herstellen
Bedankt dat je ons hebt geholpen om je account veilig te houden.
Het Ledger-team</blockquote>If the message is translated to English, it's a standard attempt to instill fear and prompt the user to verify their wallet.<blockquote>Hi Nina,
We've noticed that someone just tried to log into your Ledger account from a location you haven't used before, so we want to make sure it's really you.
Your account and your wallet are temporarily blocked to prevent you from losing money.
How can I recover my account?
Click Restore Account and follow the instructions to unblock your account
After completing the process, enable 2-factor authentication.
Restore Account
Thank you for helping us keep your account safe.
The Ledger team</blockquote>The attackers used the first name of the victim in the emails, which suggests that they may have been pulling this information from a database that may be associated with a prior breach.


== Total Amount Lost ==
== Total Amount Lost ==
The total amount lost is unknown.
It is unknown if anyone fell for the phishing attempt and what funds may have been lost.
 
== Immediate Reactions ==
Ledger shared an announcement on their website with details of the phishing attack.
 
=== Ledger Announcement On Website ===
Ledger posted an announcement on their website with details of the phishing attack<ref name=":0" />.<blockquote>DATE
 
March 1st, 2022
 
ANATOMY OF THE CAMPAIGN
 
The scammer is pretending to be working in a law firm in contact with Ledger. They are claiming that We have noticed someone tried to log in on your Ledger account from a location you have never used before. So we have blocked your account and wallet. and asking you to click on a link for a 2FA verification.


How much was lost and how was it calculated? If there are conflicting reports, which are accurate and where does the discrepancy lie?
The link provided by the scammers is not legitimate.


== Immediate Reactions ==
Language : Dutch</blockquote>
How did the various parties involved (firm, platform, management, and/or affected individual(s)) deal with the events? Were services shut down? Were announcements made? Were groups formed?


== Ultimate Outcome ==
== Ultimate Outcome ==
What was the end result? Was any investigation done? Were any individuals prosecuted? Was there a lawsuit? Was any tracing done?
It is unclear how many users fell for the emails and what information was divulged.


== Total Amount Recovered ==
== Total Amount Recovered ==
There do not appear to have been any funds recovered in this case.
It is unclear if any funds were lost in this case.
 
== Ongoing Developments ==
It is unclear if any funds were lost in this case.
== Individual Prevention Policies ==
Knowledgeable users can recognize that the Ledger hardware wallet does not require 2FA verification. The most likely tactic being used here was to request the seed phrase, which should be avoided in all cases.
 
{{Prevention:Individuals:Never Share Private Keys}}
 
This scheme also involved the use of personal information such as first name and email address. Better privacy practices is also one strategy which would reduce the amount of information that scammers would be able to use against you.
 
{{Prevention:Individuals:Protect Personal Information}}
 
{{Prevention:Individuals:End}}
 
== Platform Prevention Policies ==
This scheme is only successful due to the limited knowledge of users who may fall victim.
 
{{Prevention:Platforms:Cryptocurrency Safety Quiz}}


What funds were recovered? What funds were reimbursed for those affected users?
An industry insurance fund is one tool that may be able to assist victims in such cases.


== Ongoing Developments ==
{{Prevention:Platforms:Establish Industry Insurance Fund}}
What parts of this case are still remaining to be concluded?


== Prevention Policies ==
{{Prevention:Platforms:End}}
The Ledger hardware wallet does not require 2FA verification. Only ever enter the seed phrase in the hardware wallet. Never sign transactions unless you were the one to generate them.


== References ==
== Regulatory Prevention Policies ==
[https://www.ledger.com/phishing-campaigns-status#phishing-campaigns Ongoing phishing campaigns | Ledger] (Mar 20)
The primary issue which allows this attack to be successful is a lack of user education.


[https://www.ledger.com/ledger-live Ledger Live : Most trusted & secure crypto wallet | Ledger] (Feb 13)
{{Prevention:Regulators:Cryptocurrency Education Mandate}}


[https://www.financegates.net/2020/12/23/ledger-refuses-refunds-tells-clients-bank-vault-is-more-secure/ Ledger Refuses Refunds, Tells Clients “Bank Vault Is More Secure” | Financegates] (Mar 19)
An industry insurance fund could also assist to reduce the losses of affected users in this case.


[https://it.slashdot.org/story/20/12/21/2139218/physical-addresses-of-270k-ledger-owners-leaked-on-hacker-forum Physical Addresses of 270K Ledger Owners Leaked On Hacker Forum - Slashdot] (Mar 19)
{{Prevention:Regulators:Establish Industry Insurance Fund}}


[https://www.pcmag.com/news/scammers-are-using-fake-devices-to-steal-cryptocurrency-wallets Scammers Are Using Fake Devices to Steal Cryptocurrency Wallets | PCMag] (Mar 6)
{{Prevention:Regulators:End}}


[https://cryptopotato.com/beware-latest-ledger-email-phishing-scam-making-the-rounds/ Beware: Latest Ledger Email Phishing Scam Making The Rounds] (May 2)
== References ==
<references>
<ref name="ledger-7556">[https://www.ledger.com/phishing-campaigns-status#phishing-campaigns Ongoing phishing campaigns | Ledger] (Mar 20, 2022)</ref>
<ref name="ledger-6398">[https://www.ledger.com/ledger-live Ledger Live : Most trusted & secure crypto wallet | Ledger] (Feb 13, 2022)</ref>
<ref name="financegates-7300">[https://www.financegates.net/2020/12/23/ledger-refuses-refunds-tells-clients-bank-vault-is-more-secure/ Ledger Refuses Refunds, Tells Clients “Bank Vault Is More Secure” - Financegates] (Mar 19, 2022)</ref>
<ref name="slashdot-7301">[https://it.slashdot.org/story/20/12/21/2139218/physical-addresses-of-270k-ledger-owners-leaked-on-hacker-forum Physical Addresses of 270K Ledger Owners Leaked On Hacker Forum - Slashdot] (Mar 19, 2022)</ref>
<ref name="pcmag-6879">[https://www.pcmag.com/news/scammers-are-using-fake-devices-to-steal-cryptocurrency-wallets Scammers Are Using Fake Devices to Steal Cryptocurrency Wallets | PCMag] (Mar 6, 2022)</ref>
<ref name="cryptopotato-7557">[https://cryptopotato.com/beware-latest-ledger-email-phishing-scam-making-the-rounds/ Beware: Latest Ledger Email Phishing Scam Making The Rounds - CryptoPotato] (May 2, 2022)</ref>
</references>

Latest revision as of 16:39, 8 July 2023

Notice: This page is a new case study and some aspects have not been fully researched. Some sections may be incomplete or reflect inaccuracies present in initial sources. Please check the References at the bottom for further information and perform your own additional assessment. Please feel free to contribute by adding any missing information or sources you come across. If you are new here, please read General Tutorial on Wikis or Anatomy of a Case Study for help getting started.

Ledger

Ledger reports that a recent phishing campaign was launched targeting Dutch users in their language. This email pretends to be from a law firm working with Ledger, and requests the users to click a malicious link for 2FA verification. While details are not provided, typically links will either try to run a malicious transaction or obtain the user's seed phrase.

About Ledger

[1][2]

"Based in France, Ledger is the largest cryptocurrency hardware wallet company." "Ledger is a hardware cryptocurrency wallet that is used to store, manage, and sell cryptocurrency. The funds held in these wallets are secured using a 24-word recovery phrase and an optional secret passphrase that only the owner knows."

"Ledger offers two products, the Nano S and Nano X, that can store the digital keys used to secure crypto wallets. The devices can be used with a variety of cryptocurrencies, are compatible with numerous apps, and are supposed to offer a safe way to manage crypto without compromising too much on convenience. Ledger says on its website that it has sold 1.5 million products to customers in 165 countries to date."

The Reality

"The scammer is pretending to be working in a law firm in contact with Ledger. They are claiming that We have noticed someone tried to log in on your Ledger account from a location you have never used before. So we have blocked your account and wallet. and asking you to click on a link for a 2FA verification."

"The link provided by the scammers is not legitimate."

What Happened

Dutch Ledger owners received a phishing email which warned them that their account was locked because it was accessed from a new location, and they should follow the instructions to enable "2-factor authentication"[3].

Key Event Timeline - Ledger Phishing Attack On Dutch Users
Date Event Description
December 21st, 2020 12:16:31 AM MST Bleeping Computer Article BleepingComputer publishes an article on the Ledger data breach[4][5], where the physical addresses, email addresses, and names of 272,853 people who purchased a Ledger hardware cryptocurrency wallet have been leaked on a hacker forum. The data was stolen during a June 2020 data breach, and the release of this information poses a significant security risk as it provides threat actors with data that can be used in phishing attacks against Ledger owners. Ledger has advised users to never share their recovery phrase or passphrase with anyone and to be wary of any postal mail or email claiming to be from Ledger[6]. TBD information on update of sim swap attacks from phone numbers.
December 22nd, 2020 CryptoBriefing Article CryptoBriefing publishes an article on the data breach event that affected more than 270,000 Ledger customers. Ledger's CEO Pascal Gauthier has dismissed any possibility of refunds and instead advised customers to store their seed phrases in a bank vault. In an open message, Gauthier said the company should spend money on improving its security standards instead of issuing refunds. Ledger has also hired a new Chief Information Security Officer, five months after the data breach[2].
January 19th, 2021 12:54:12 AM MST Sifted Article Sifted reports that French cryptocurrency security startup, Ledger, is attempting to recover its reputation after breaches exposed customer data. The company has hired a new security team, introduced new data security procedures and transparency to rectify the issues. The leak, which occurred via two third-party ecommerce partners, could make winning back trust difficult among crypto fans, who tend to be inherently distrustful. The article includes an attack against a Dutch Ledger user[7][8]. TBD follow more on that Twitter [9] to try to locate a Tweet by the Dutch user about the threats he faces.
March 22nd, 2021 4:17:00 PM MDT CryptoPotato Article CryptoPotato publishes an article on Ledger phishing scams in general. Crypto investors with Ledger hardware wallets are being targeted by phishing scams where attackers are posing as Ledger customer support and requesting the 24-word recovery phrase or asking users to reset their PIN number through an embedded link. The phishing emails appear to come from a similar email address to Ledger's official one and encourage users to download Ledger Live. Users are being urged to remain vigilant and to verify any requests from Ledger by checking the website's security certificate and ensuring that the URL matches the official website[10].
March 1st, 2022 New Phishing Campaign Reported Ledger reports a new phishing campaign which is targeting Dutch users[11][3].

Technical Details

The text of the phishing email was similar to the following[3].

Hallo Nina,

We hebben gemerkt dat iemand zojuist heeft geprobeerd in te loggen op uw Ledger-account vanaf een locatie die u not niet eerder hebt gebruikt, dus we willen zeker weten dat jij het echt bent.

Uw account en uw wallet zijn tijdelijk geblokkeerd om te voorkomen dat u geld verliest.

Hoe kan ik mijn account herstellen?

  1. Klik op Account Herstellen en volg de instructies om uw account te deblokkeren
  2. Schakel na het voltooien van het proces Tee-factoranauthenticatie in.

Account Herstellen

Bedankt dat je ons hebt geholpen om je account veilig te houden.

Het Ledger-team

If the message is translated to English, it's a standard attempt to instill fear and prompt the user to verify their wallet.

Hi Nina,

We've noticed that someone just tried to log into your Ledger account from a location you haven't used before, so we want to make sure it's really you.

Your account and your wallet are temporarily blocked to prevent you from losing money.

How can I recover my account?

Click Restore Account and follow the instructions to unblock your account

After completing the process, enable 2-factor authentication.

Restore Account

Thank you for helping us keep your account safe.

The Ledger team

The attackers used the first name of the victim in the emails, which suggests that they may have been pulling this information from a database that may be associated with a prior breach.

Total Amount Lost

It is unknown if anyone fell for the phishing attempt and what funds may have been lost.

Immediate Reactions

Ledger shared an announcement on their website with details of the phishing attack.

Ledger Announcement On Website

Ledger posted an announcement on their website with details of the phishing attack[3].

DATE

March 1st, 2022

ANATOMY OF THE CAMPAIGN

The scammer is pretending to be working in a law firm in contact with Ledger. They are claiming that We have noticed someone tried to log in on your Ledger account from a location you have never used before. So we have blocked your account and wallet. and asking you to click on a link for a 2FA verification.

The link provided by the scammers is not legitimate.

Language : Dutch

Ultimate Outcome

It is unclear how many users fell for the emails and what information was divulged.

Total Amount Recovered

It is unclear if any funds were lost in this case.

Ongoing Developments

It is unclear if any funds were lost in this case.

Individual Prevention Policies

Knowledgeable users can recognize that the Ledger hardware wallet does not require 2FA verification. The most likely tactic being used here was to request the seed phrase, which should be avoided in all cases.

Private keys can be obtained through seed phrases, mnemonics, private key files, mobile synchronization screens, wallet export features, wallet backups, etc... Never ever send these to anyone else who you do not intend to allow to take all of your money. Attackers will use a wide variety of tactics to convince you like pretending to be your wallet software, pretending they work for the wallet software, or asking you to screen share. Don't fall for them.

This scheme also involved the use of personal information such as first name and email address. Better privacy practices is also one strategy which would reduce the amount of information that scammers would be able to use against you.

Set up separate email addresses for each service, and avoid providing your phone number whenever possible. Any received emails or phone calls must be viewed with scrutiny, especially if unsolicited. Interact with companies only through their official websites and confirm anything with the company directly via multiple official sources, especially if it promises a significant incentive to take an action or threatens access to your funds if an action is not taken. It would be recommended to also establish a network of multiple trusted individuals who use the same services and have a strong level of security knowledge.

For the full list of how to protect your funds as an individual, check our Prevention Policies for Individuals guide.

Platform Prevention Policies

This scheme is only successful due to the limited knowledge of users who may fall victim.

Never take for granted the limited knowledge of users of your service and their tendency to skip past provided information. It is recommended to design a simple tutorial and quiz for new users which explains the basics of seed phrases, strong password generation, secure two-factor authentication, common fraud schemes, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space. This tutorial and quiz should ensure their understanding and be a standard part of the sign-up or download process which is difficult or impossible to skip.

An industry insurance fund is one tool that may be able to assist victims in such cases.

Work with other industry platforms to set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of how to protect your funds as a financial service, check our Prevention Policies for Platforms guide.

Regulatory Prevention Policies

The primary issue which allows this attack to be successful is a lack of user education.

Create a standard tutorial and quiz for all new cryptocurrency participants, which is required to be completed once per participant. This tutorial and quiz should cover the basics of proper seed phrase protection, strong password generation, secure two-factor authentication, common fraud schemes, how to detect and guard against phishing attacks, how ponzi schemes work, as well as other risks which are unique to the cryptocurrency space.

An industry insurance fund could also assist to reduce the losses of affected users in this case.

Set up a multi-signature wallet with private keys held separately by delegate signatories from seven prominent platforms and services within the industry. Establish requirements for contributions by all platforms and services within the country, designed to be affordable for small platforms yet large enough to cover anticipated breach events. Any breach event can be brought forth by a member platform or a petition of 100 signatures for consideration by the delegate signatories. A vote of 4 or more delegate signatures is required to release any funds, which could partially or fully restore lost funds based on their assessment.

For the full list of regulatory policies that can prevent loss, check our Prevention Policies for Regulators guide.

References

  1. Ledger Live : Most trusted & secure crypto wallet | Ledger (Feb 13, 2022)
  2. 2.0 2.1 Ledger Refuses Refunds, Tells Clients “Bank Vault Is More Secure” - Financegates (Mar 19, 2022)
  3. 3.0 3.1 3.2 3.3 ONGOING PHISHING CAMPAIGNS - Ledger Archive March 9th, 2022 2:11:50 AM MST (Apr 26, 2023)
  4. Physical addresses of 270K Ledger owners leaked on hacker forum - BleepingComputer Archive December 21st, 2020 12:16:31 AM MST (Apr 26, 2023)
  5. Physical Addresses of 270K Ledger Owners Leaked On Hacker Forum - Slashdot (Mar 19, 2022)
  6. Physical addresses of 270K Ledger owners leaked on hacker forum - BleepingComputer (Apr 26, 2023)
  7. Crypto startup Ledger fights to repair its reputation - Sifted Archive January 19th, 2021 12:54:12 AM MST (Apr 26, 2023)
  8. Crypto startup Ledger fights to repair its reputation - Sifted (Apr 26, 2023)
  9. https://twitter.com/_Mooner666 (Jul 8, 2023)
  10. Beware: Latest Ledger Email Phishing Scam Making The Rounds - CryptoPotato (May 2, 2022)
  11. Ongoing phishing campaigns | Ledger (Mar 20, 2022)

Cite error: <ref> tag with name "pcmag-6879" defined in <references> is not used in prior text.

Retrieved from "https://quadrigainitiative.com/cryptocurrencyhackscamfraudwiki/index.php?title=Ledger_Phishing_Attack_On_Dutch_Users&oldid=4768"