Ledger Hack - What Happened with Pascal Gauthier
Where to find the show
Download Episode MP3 File
The file will open in a new window. Click down arrow to download the file.
“I can never repeat enough that we are sorry, but sadly we cannot go back in time and undo it… now we focus on the present and the future.”
SHOW DESCRIPTION
Location: Remotely
Date: Monday 21st December
Company: Ledger
Role: CEO
In July of this year, Ledger was made aware of a data breach on their website. Their initial statement read: "consisting mostly of email addresses, but with a subset including also contact and order details such as first and last name, postal address, email address and phone number."
Since then customers have been subject to a range of phishing attempts with scammers sending fraudulent emails claiming that their "cryptocurrency assets are at risk", prompting them to download the latest version of Ledger Live. This fake version would then ask for the user's seed words.
To make this data breach worse, what was initially reported by Ledger as 9,500 customers personal details (including physical addresses) was actually over 270,000. Yesterday both that list, along with over one million customer email addresses, was uploaded to RaidForums for anyone to download. Since the dump, there has been an increase in phishing attempts, including a new threat of physical attacks.
In this interview, I talk to Ledger CEO, Pascal Gauthier. We discuss the data breach, their disclosure of the hack, how they communicated with those affected and their plans moving forwards.
TIMESTAMPS
00:04:15: Introductions
00:05:40: What customer data Ledger store
00:07:13: Your crypto information is safe
00:08:12: Wallet data
00:09:09: Data stored for tax reasons
00:09:50: GDPR compliance and data removal request
00:10:13: The story of what happened
00:14:34: How the breach occurred
00:17:09: Process change and future prevention
00:18:53: White hat and black hat hackers
00:19:56: Full transparency to all customers
00:20:47: Phishing attacks
00:21:56: Lessons learned
00:22:55: Ledger product security
00:25:21: Question: is Use Ledger Live safe?
00:25:39: Question: what are the risks to look out for?
00:26:23: Question: any security recommendations?
00:30:33: Peter's security measures
00:33:36: Ledger bringing multisig in 2021
00:36:34: Regulations surrounding storing data
00:37:57: Ledger staff morale
00:39:26: Rebuilding customer confidence
00:40:37: Peter's suggestions for Ledger
00:45:47: #StopTheScammers
00:46:49: Question: Where does the liability lie?
00:48:50: Following GDPR breach protocol
00:50:29: Final comments
SUPPORT THE SHOW
If you enjoy The What Bitcoin Did Podcast you can help support the show by doing the following:
Become a Patron and get access to shows early or help contribute
Make a tip:
Subscribe on iTunes | Spotify | Stitcher | SoundCloud | YouTube | TuneIn | RSS Feed
Leave a review on iTunes
Share the show and episodes with your friends and family
Subscribe to the newsletter on my website
Follow me on Twitter Personal | Twitter Podcast | Instagram | Medium | YouTube
If you are interested in sponsoring the show, you can read more about that here or please feel free to drop me an email to discuss options.
SPONSORS
SHOW NOTES
Connect with Pascal:
On Twitter
On LinkedIn
On Crunchbase
On Ledger
Connect with Ledger
Mentioned in the interview:
Other relevant WBD podcasts:
