The bitcoin and cryptocurrency community, which is fiercely defending its privacy, has been rocked by a massive data breach that has seen the personal information of over 270,000 bitcoin and cryptocurrency users published online.
The data, stolen from popular bitcoin hardware and cryptocurrency hardware Ledger in July, was released last week on RaidForums, a marketplace for hacking, selling and sharing hacked information.
Since then many bitcoin and cryptocurrency investors have been subject to a barrage of phishing attempts with scammers using the data to try to deceive consumers into handing over the keys to their bitcoin and crypto wallets – revealing bitcoin’s biggest weakness is’ r the companies that help people store and trade. it.
The hacked data includes customer email addresses, full names, phone numbers and postal addresses, according to Ledger. A vulnerability on the Ledger website allowed “unauthorized third parties” access to the company’s e-commerce and marketing database before it was spotted by a researcher who participated in Ledger’s bounty program.
“Stop financial surveillance. Stop forcing companies to collect jackpots of customer-identifiable (KYC) data,” said Balaji Srinivasan, a technology angel investor and former chief technology officer at Coinbase bitcoin and US crypto, via Twitter following the data tip, adding: “Privacy [is greater than] KYC. “
Tax regulations and requirements require companies to store certain information about their customers, often for a number of years. And while further regulation, such as the European Union’s General Data Protection Regulation (GDPR), is designed to protect consumer data, mistakes and weaknesses are inevitable.
“The combination of insecure central databases and current KYC laws establishes a situation where millions of people are predictably persecuted by hackers to (perhaps) prevent a few crimes,” Srinivasan tweeted.
Some Ledger customers received emails by scammers containing their name and address, threatening them unless they pay a ransom.
Phishing attacks and ransom calls have plagued the bitcoin and cryptocurrency world for a long time, rising and falling in severity along with the volatile bitcoin price. Ledger, along with many other financial and technology companies, has tried to educate its users and the public about phishing attacks – but when people get involved, there is always risk.
“[People] is definitely one of the weak links, “Ruben Merre, chief executive of bitcoin and crypto hardware wallet company NGrave, said by email.
“They’re an easy way into companies, through a targeted spear phishing attack, someone can isolate someone out, hack that person, and from there get access to company systems. Actually how most of the big historic security breaches happening. For example, a small vendor with a huge customer platform could be the perfect entry point for massive data breaches. “
Earlier this year, social network Twitter was hit by a phishing attack that allowed three men, two of them teenagers, to take control of the accounts of public figures and large corporations, including Joe Biden, Elon Musk, and Apple
While the decentralized nature of bitcoin means that there is no company or organization that can be directly targeted, central cryptocurrency exchanges, wallet providers and other digital platforms will always be bitcoin’s greatest weakness.