Hackers are sending phishing emails to users disclosing about a security breach affecting approximately 85,000 customers where it says “we must assume that your cryptocurrency assets are at risk of being stolen”. This email is fake and there is no security breach of any sort. Infact, since private keys never leave your Ledger hardware wallet, your funds are always safe unless you send them to a hacker yourself.
That is why it is important to check the receiver’s address on Ledger wallet every single time you send funds from it.
Here are the contents of the email.
Dear <name>,
We regret to inform you that Ledger has experienced a security breach affecting approx. 85,000 of our customers and that the wallet associated your email address is within those affected by the breach.
Namely, on Saturday, October 24th 2020, our forensics team has found several of the Ledger Live administrative servers to be infected with malware.
At this moment, it’s technically impossible to conclusively assess the severity and the score of the data breach. Due to these circumstances, we must assume that your cryptocurrency assets are at risk of being stolen.
If you are receiving this email, it is because you’ve been affected by the breach. In order to protect your assets, please download the latest version of Ledger Live and follow the instructions to set up a new PIN for your wallet.
Sincerely,
Ledger