Idelto

Cryptocurrency news website

Hudson Rock

Ledger Wallet Data Leak Dumped on Raidforums for Free, Company Regrets the Situation

by

Ledger Wallet Data Leak Dumped on Raidforums for Free, Company Regrets the Situation

Just recently, the hardware wallet manufacturer Ledger has been dealing with a lot of criticism for the e-commerce customer data leak that took place last June. The data contained the emails of a million Ledger wallet customers, and thousands of clients had additional information leaked like phone numbers and residential addresses. Reports now detail that the hackers have dumped the Ledger leak data on the sharing marketplace Raidforums for free.

Hackers Dump Ledger Wallet E-Commerce Customer Data on Raidforums

One of the most topical conversations in the cryptocurrency space in the last 24 hours has been the notorious Ledger wallet e-commerce customer data leak. According to the hardware wallet manufacturer’s own testimony, the e-commerce marketing database was breached on June 25, 2020. They found out the database was exploited after a researcher tipped the company off on July 14, 2020, and they initiated an internal investigation.

“Contact and order details were involved. This is mostly the email address of our customers, approximately 1M addresses,” Ledger wrote at the time of discovery. “Further to investigating the situation we have also been able to establish that, for a subset of 9,500 customers were also exposed, such as first and last name, postal address, phone number or ordered products.”

Last week, news.Bitcoin.com reported on the Ledger leak situation, as it has come back to haunt the company. A great number of people said they had received phishing emails and some individuals have reportedly lost funds. Additionally, a number of Ledger customers that had their phone numbers leaked have been detailing that malicious text messages have been sent to their phones. Making matters far worse, reports on December 20, 2020, indicate that the hackers have decided to dump all the info for free on the Raidforums marketplace.

A number of cryptocurrency proponents have been reporting on the data dump on social media and there’s also a Pastebin file going around with the dump as well. “A hacker is dumping the full Ledger database dump for free on Raidforums,” tweeted one individual. “Emails, phone numbers, and addresses. Get ready for a huge spam and phishing wave,” he added. According to the Raidsforums post, identity info for 272,000 Ledger owners were included with the 1 million email addresses.

Ledger Wallet Data Leak Dumped on Raidforums for Free, Company Regrets the Situation
The Raidforums post details it has published the Ledger wallet e-commerce customer database leak with 272,000 full info orders.

The cofounder and CTO of Hudson Rock otherwise known as “Under the Breach” also reported on the data dump.

“ALERT: Threat actor just dumped Ledger’s database which has been circling around for the past few months,” he tweeted. “The database contains information such as Emails, Physical Addresses, Phone numbers, and more information on 272,000 Ledger buyers and Emails of 1,000,000 additional users. This leak holds [a] major risk to the people affected by it.”

The security expert added:

Individuals who purchased a Ledger tend to have a high net worth in cryptocurrencies and will now be subject to both cyber harassments as well as physical harassments on a larger scale than experienced before. Other forum members are not appreciating the leaker taking away their potential 6 figure sales for this database.

Ledger Responds, Regrets the Situation

Ledger’s official Twitter account also discussed the data dump on Sunday. “Today we were alerted to the dump of the contents of a Ledger customer database on Raidforums,” the company tweeted. “We are still confirming, but early signs tell us that this indeed could be the contents of our e-commerce database from June 2020.”

The hardware wallet manufacturing company also added:

It is a massive understatement to say we sincerely regret this situation. We take privacy extremely seriously. Avoiding situations like this are a top priority for our entire company, and we have learned valuable lessons from this situation which will make Ledger even more secure.

Ledger says that since July the firm has done “everything possible to make Ledger stronger for the future” and also hired a new Chief Information Security Officer (CISO). The company says that it is “further hardening” its systems and have thoroughly reviewed their data policy. “We executed penetration tests and forensic analysis with external security firms to test these and find any additional vulnerabilities on our e-commerce systems,” Ledger added on Sunday.

What do you think about the Ledger e-commerce database being leaked on Raidforums? Let us know what you think about this subject in the comments section below.

The post Ledger Wallet Data Leak Dumped on Raidforums for Free, Company Regrets the Situation appeared first on Bitcoin News.

A Look at ‘Individual X’ and the Seized Stash of Silk Road Bitcoins Worth $1 Billion

by

A Look at 'Individual X' and the Seized Stash of Silk Road Bitcoins Worth $1 Billion

On November 3, 2020, the cryptocurrency community noticed that one of the largest addresses holding 69,369 bitcoins from the Silk Road were transferred. Following the onchain movement, the U.S. government revealed it had seized the coins from a person they dubbed “Individual X.” The following is an in-depth look at what we know about the Silk Road bitcoin address that was seized by U.S. law enforcement.

This week on election day in the U.S., American law enforcement officials seized 69,369 bitcoins worth over $1 billion today. The bitcoin address is a well known address and news.Bitcoin.com reported on the address on September 11, 2020. The reason why our newsdesk looked into the address is because hackers have been trying to sell an alleged encrypted wallet dat file during the last two years.

The bitcoin address called “1HQ3Go3ggs8pFnXuHVHRytPCq5fGG8Hbhx” or “1HQ3” for short, stemmed from the Silk Road according to blockchain analysis. According to onchain data, 1HQ3 got 69,471 BTC sent to the address on April 9, 2013. The funds came from the Silk Road (SR) marketplace and many of the funds stemmed from the SR bitcoin address “1BBq.”

Between April 2013 and up until the day the address was seized, only one large transfer was sent. 101 BTC (over $1.5M) was sent to the now-defunct Btc-e exchange and after that, the wallet only contained 69,369 BTC.

Reports show that federal law enforcement seized the funds on November 3 and are seeking forfeiture with the courts. They describe obtaining the BTC from a “hacker” and prosecutors call the person “Individual X.” The person the government calls Individual X is still a mystery to this day and people are uncertain about this person’s true identity.

A Look at 'Individual X' and the Seized Stash of Silk Road Bitcoins Worth $1 Billion
This is the day Individual X first sent the 69k BTC and the only time coins were spent from the address was in 2015.

However, the court filing explains that the Internal Revenue Service (IRS) was involved with the procedure. Law enforcement officials also hired third party blockchain analysis investigators to analyze bitcoin transactions executed by Silk Road.

“From this review, they observed 54 transactions that were sent from bitcoin addresses controlled by Silk Road, two bitcoin addresses totaling 70,411.46 BTC (valued at approximately $354,000 at the time of transfer),” the court filing details.

A Look at 'Individual X' and the Seized Stash of Silk Road Bitcoins Worth $1 Billion
This is the American government’s current BTC address that holds the 69,370 bitcoins.

“According to an investigation conducted by the Criminal Investigation Division of the Internal Revenue Service and the U.S. Attorney’s Office for the Northern District of California, Individual X was the individual who moved the cryptocurrency from Silk Road,” the attorney for United States David L. Anderson wrote.

Anderson further added:

On November 3, 2020, Individual X signed a Consent and Agreement to Forfeiture with the U.S. Attorney’s Office, Northern District of California. In that agreement, Individual X, consented to the forfeiture of the Defendant Property to the United States government. On November 3, 2020, the United States took custody of the Defendant Property from 1HQ3.

The filing also notes that after the 101 BTC was sent to BTC-e in 2015, two years later the alleged Russian operator, Alexander Vinnik, was indicted for running an unlicensed money transmitting business and for money laundering.

A number of bitcoiners assume this is how the prior owner of address 1HQ3 was caught, but there’s also the last two years of hackers attempting to crack the wallet. After the wallet saw the first transfer in 2013 with 69,471 BTC sent, a great number of cryptic messages have been sent to the address as well.

A Look at 'Individual X' and the Seized Stash of Silk Road Bitcoins Worth $1 Billion
The address shown here is one of the Silk Road marketplace’s wallets and a great number of the 1HQ3 bitcoins originally stemmed from this address.

For instance, crypto advocates can leverage tools like note4ever.com, which encodes any message into a list of bitcoin addresses, so someone can broadcast it to an address of their preference. If someone was to inspect the transactions involved with address 1HQ3, then they would see a number of colorful messages.

A Look at 'Individual X' and the Seized Stash of Silk Road Bitcoins Worth $1 Billion
A number of blockchain surveillance firms have identified the 1HQ3 address movements. This diagram was published by Elliptic.

Even after the federal agents seized the 69,369 bitcoin, messages with addresses like “1BitcoinForPresident42o7777DKkJij” and 1FreeRossF*ckCops77777777777W87XM can be seen on any blockchain explorer. A great number of messages were sent to 1HQ3 over the years and some people have definitely tried to communicate with the owner.

This leads to the massive amount of advertisements over the last two years that have claimed to sell an encrypted dat file belonging to the 1HQ3 bitcoin address. For example, Alon Gal, the Chief Technology Officer of cybercrime firm Hudson Rock tweeted about the address recently. Google also has approximately 16,700 links tethered to the address as well making it very popular.

Prior to the feds seizing the coins from the so-called Individual X, the wallet dat file was seen on marketplace websites like Satoshidisk.com, and All Private Keys. When news.Bitcoin.com reported on the attempted sales, one site was selling the file for 0.08929505 BTC or $1,050, which was the exchange rate at that time.

The 1HQ3 address may be a mystery today, but more clues are currently unraveling and may be published in the future. So far, this case has revealed where $1 billion worth of the old Silk Road bitcoins went, but 444,000 BTC is considered still missing from the marketplace’s coffers. Using today’s exchange rate, the missing 444k SR BTC is worth more than $6.8 billion today.

It will also be quite interesting to see whether or not the U.S. government decides to auction the 69k bitcoin stash, as they have done many times in the past.

What do you think about the bitcoin stash controlled by Individual X? Let us know what you think about this subject in the comments section below.

The post A Look at ‘Individual X’ and the Seized Stash of Silk Road Bitcoins Worth $1 Billion appeared first on Bitcoin News.

The $700 Million Wallet Crack: Bitcoin’s 7th Largest Address Is Under Constant Attack

by

The $700 Million Wallet Crack: Bitcoin's 7th Largest Address Is Under Constant Attack

During the last two years, hackers have been trying to crack the seventh-largest bitcoin wallet, an address that holds 69,370 BTC or $712 million using today’s exchange rate. According to the CTO of the cybercrime intelligence firm, Hudson Rock, the wallet is being publicized on hacking forums in order to crack the password.

Wallets with a massive amount of bitcoin (BTC) are listed on bitinfocharts.com in a list called the “Bitcoin Rich List.” During the last ten years, crypto proponents have scrutinized this list in order to figure out the owners or record significant transfers.

According to a report published by Vice, the seventh richest BTC address is a target for hackers, as an ostensible wallet.dat file has been passed around hacker forums for 12 to even 24 months. On Twitter, Alon Gal, the Chief Technology Officer of cybercrime firm Hudson Rock explained the situation.

“Get this,” Gal tweeted. “There is a bitcoin wallet with 69,000 bitcoins that is being passed around between hackers/crackers for the past [two] years for the purpose of cracking the password, no success so far. I have the wallet, Google hook me up with a quantum computer please,” the cybercrime intelligence expert added.

The $700 Million Wallet Crack: Bitcoin's 7th Largest Address Is Under Constant Attack
The “Bitcoin Rich List” according to bitinfocharts.com data on September 11, 2020.

Following Gal’s tweet, he was inundated with a number of direct messages on Twitter asking about the wallet. Gal further wrote:

Unless there is a really good reason for me to give you the wallet, you’re not going to get it sorry 40+ [direct messages].

News.Bitcoin.com also discovered that the wallet.dat file has been selling on a number of websites like Bitcointalk.org. The 69,000 BTC wallet file has been seen on Satoshidisk.com, and All Private Keys as well. The website All Private Keys operates a market so individuals and groups can buy certain files in order to crack a number of public bitcoin addresses.

The $700 Million Wallet Crack: Bitcoin's 7th Largest Address Is Under Constant Attack
A screenshot of the wallet.dat file being sold on the web via a variety of websites like Satoshidisk. This advertisement is selling the 69,304 BTC wallet.dat file for $1,050 in bitcoin. News.Bitcoin.com does not recommend obtaining these files as they could be malicious, they likely are phony, and the wallet with $712 million worth of BTC is someone else’s funds.

The file being sold on Satoshidisk.com is selling for 0.08929505 BTC or $1,050 using today’s exchange rate. On Friday, 321 people viewed the Satoshidisk.com listing that allegedly contains the wallet.dat file.

Despite the various attempts to crack the wallet with $712 million worth of BTC, no one has been able to crack it yet. Moreover, Gal explained on Twitter that there is possibly a scheme that allows someone to “forge a wallet,” which means the address might really be empty.

“Someone alerted me that there might be a method to forge wallets, although I don’t know if it is true or if it was applied to this specific wallet,” Gal tweeted. “There is a thriving market for selling uncracked wallets where I know some crackers had undeniable success,” the Hudson Rock CTO wrote.

Of course, many individuals were skeptical of any of the so-called wallet.dat file sales, and the website All Private Keys. Some people assume that all of the sites are basically selling phony keys and wallet.dat files to score BTC.

“How does one know [the marketplace All Private Keys] is not just a scam to get people to send them BTC and in return give them locked empty wallets?” one person asked in Gal’s Twitter thread.

News.Bitcoin.com does not recommend downloading or purchasing wallet.dat files or alleged private keys, as it is highly likely that most of these advertisements are scams. If it’s too good to be true, it probably is.

What do you think about hackers trying to crack this wallet with 690,000 BTC? Let us know what you think of this subject in the comments below.

The post The $700 Million Wallet Crack: Bitcoin’s 7th Largest Address Is Under Constant Attack appeared first on Bitcoin News.