Ledger Hack - What Happened with Pascal Gauthier

 
 
WBD290 - Pascal Gauthier - Large Banner.png

Where to find the show

Download Episode MP3 File
The file will open in a new window. Click down arrow to download the file.


I can never repeat enough that we are sorry, but sadly we cannot go back in time and undo it… now we focus on the present and the future.
— Pascal Gauthier

SHOW DESCRIPTION

Location: Remotely
Date: Monday 21st December
Company: Ledger
Role: CEO

In July of this year, Ledger was made aware of a data breach on their website. Their initial statement read: "consisting mostly of email addresses, but with a subset including also contact and order details such as first and last name, postal address, email address and phone number."

Since then customers have been subject to a range of phishing attempts with scammers sending fraudulent emails claiming that their "cryptocurrency assets are at risk", prompting them to download the latest version of Ledger Live. This fake version would then ask for the user's seed words.

To make this data breach worse, what was initially reported by Ledger as 9,500 customers personal details (including physical addresses) was actually over 270,000. Yesterday both that list, along with over one million customer email addresses, was uploaded to RaidForums for anyone to download. Since the dump, there has been an increase in phishing attempts, including a new threat of physical attacks.

In this interview, I talk to Ledger CEO, Pascal Gauthier. We discuss the data breach, their disclosure of the hack, how they communicated with those affected and their plans moving forwards.


TIMESTAMPS

00:04:15: Introductions
00:05:40: What customer data Ledger store
00:07:13: Your crypto information is safe
00:08:12: Wallet data
00:09:09: Data stored for tax reasons
00:09:50: GDPR compliance and data removal request
00:10:13: The story of what happened
00:14:34: How the breach occurred
00:17:09: Process change and future prevention
00:18:53: White hat and black hat hackers
00:19:56: Full transparency to all customers
00:20:47: Phishing attacks
00:21:56: Lessons learned
00:22:55: Ledger product security
00:25:21: Question: is Use Ledger Live safe?
00:25:39: Question: what are the risks to look out for?
00:26:23: Question: any security recommendations?
00:30:33: Peter's security measures
00:33:36: Ledger bringing multisig in 2021
00:36:34: Regulations surrounding storing data
00:37:57: Ledger staff morale
00:39:26: Rebuilding customer confidence
00:40:37: Peter's suggestions for Ledger
00:45:47: #StopTheScammers
00:46:49: Question: Where does the liability lie?
00:48:50: Following GDPR breach protocol
00:50:29:
Final comments


 

SUPPORT THE SHOW

If you enjoy The What Bitcoin Did Podcast you can help support the show by doing the following:

If you are interested in sponsoring the show, you can read more about that here or please feel free to drop me an email to discuss options.


SPONSORS

 
 
 

SHOW NOTES


PodcastPeter McCormack