As the global cryptoeconomy continues to thrive and bitcoin (BTC) is currently in the $ 15,500 range, questions remain about the overall security and safety of digital assets, especially after a new scam in which hackers used phishing emails. send an email to direct users to a fake Ledger site. According to various sources, the victims were cheated up to 1,150,000 XRP worth about $ 290,000.
Dave Jeavans, CEO of CipherTrace blockchain Intelligence and head of the Anti-Phishing Task Force, told Cointelegraph, “It is clear that Ledger should have a more aggressive defensive buying strategy as domains like these have been used by phishers in an attempt to trick Ledger. users “, – he explained. Also, the illegal scheme of earnings uses homoglyphs in the official URL of the company – in this case, the letter similar to the letter” e “. He added:
“The phishing was likely the result of an email that came from an e-commerce / marketing violation. An unauthorized third party had access to part of the Ledger e-commerce and marketing database through an API key. ”
Earlier this year, in July, the Ledger team reported that it had been leaked and nearly a million email addresses were hacked as a result, as well as the personal information of a subset of 9,500 customers. In addition, in 2018, he was able to make a copy of the Binance website (with SSL certificate) that had been active for a while before being deleted.
Finally, some dishonest people managed to raise 1.4 million XRP tokens in March using a deceptive Google Chrome extension similar to Ledger. In fact, the extension has been available on the Google Play store for about a month. Speaking about the various security protocols the company uses, a Ledger spokesman told Cointelegraph:
“Ledger has its own Ledger Dongon Attack Lab, where security experts try to infiltrate our own and stress testing solutions, our partners ‘solutions, and our competitors’ solutions. In addition, Ledger regularly conducts penetration testing. ”
Do customers take responsibility too?
It goes without saying that portfolio operators must be at the forefront of their security game when it comes to protecting client assets. However, phishing attacks are common not only in the crypto space, but in all online services that include a payment method.
Talking about this issue, Pavol Rosnak, co-founder and CTO of SatoshiLabs, the company behind the Trezor wallet, told Cointelegraph that it is imperative for cryptocurrency owners to be careful and thoroughly check every bit of information they receive about their digital assets. Whether from a wallet provider or from the internet in general:
If the email says you need to do something, you can always confirm it via sales support or other Reddit or Twitter users. Vendors can (and should) reduce the likelihood of a breach by not sharing their customer data with third parties. And reduce the impact of such leaks by deleting customer data after a certain period of time.
A similar view was held by Jevans, who believes that customer security and privacy issues should be viewed in terms of “shared responsibility” so that hardware wallets and cryptocurrency holders work together to ensure that their assets are as safe as possible from third-party threats.
Jeans urged users to take reasonable precautions to protect value and take responsibility for their actions using techniques that are suppressed by the integrity of individual data, adding: “Propagate two-factor authentication, and also never click on a ledger link unless they specifically request a password reset. Users should always. Enter the URL yourself when you visit the Ledger website directly.
Learning to program is still critical
Despite its revolutionary design and technological potential, cryptography is still alien to most people. However, by giving people financial autonomy, technology also places greater personal responsibility on them, especially with regard to individual financial security. As a result, blockchain and cryptocurrency companies must educate their users about the security implications of their actions.
Rusnak believes that in the area of security, the industry still has reasons to step on them. He noted that a number of companies working in this area today tend to simplify things, for example: “Your coins are safe because there is a safe item in your wallet” or “Your coins are safe because our stock market is safe. He added: “It doesn’t help, it makes people believe that something is wrong and makes them defenseless.”