This is the outcome of an investigation that lasted a little over two years. According to our information, those responsible for the theft of Ledger's customer file in April and June 2020 have been arrested.
The long arm of the law caught two men.
The first has been identified only as Tassilo H., a 22-year-old Austrian living in California. He is currently in custody in the United States.
Do you want to read more?
Only premium subscribers have access to this article!
Sign up to access the best content, get exclusive info and join the whale community. 🐳
Subscribe for free to read more.
The second, Davide M., a 28-year-old Portuguese man, was arrested in Portugal and handed over to French authorities in November 2022. He has been indicted and remanded in custody.
For several months, the two hackers sold the private customer file data of Ledger. This massive data breach led to a wave of "phishing" attacks – malicious emails are sent to trick people into revealing sensitive information - targeting the owners of digital wallets of the global leader in digital asset custodian.
The massive data leak led to a wave of "phishing" - a technique to impersonate the company - among digital wallet owners of the global leader in digital asset custody. Ledger denies any connection between the data leak and the phishing wave.
The leak involved the names, phone numbers, e-mail addresses, and physical addresses of customers. This database was used to deliver Ledger products to homes.
Ledger was hit by a second hack in June 2020. This hack, which affected one million people this time, is believed to be due to a flaw in an API key. The hacker has not been arrested.
The French unicorn has been sued for the two hacks. Ledger with its the 6 million mark of Nano (S and X) sold at the end of 2022, declined to comment.
How did they catch the two scammers Tassilo H. and Davide M. ?
It all started in January 2021. At the time, Ledger and the French authorities knew little about the hackers, until an internet user contacted the company CEO Pascal Gauthier on Twitter.
This individual, who introduced himself as the administrator of a cryptocurrency investment site, claimed to know the hacker’s identity. As proof of good faith, he provided several screenshots of Telegram group messages regarding the resale of company databases. Ledger is specifically mentioned.
On these channels, Tassilo H. (using the pseudonyms "TASS" or "BigBoy") bragged about hacking Ledger's customer database and provided cropped photos showing excerpts of the databases.
The FBI quickly identified the Austrian, who was arrested in January 2021. During his interrogation, he came clean and admitted the facts but stated that he had not acted alone. He named Davide M. as the mastermind.
Based on communications between the two men, they have known each other since at least 2019.
At this point, the investigation became an international affair. Davide M. was identified in 2022 and summoned by the Portuguese authorities in the summer. As the suspect did not appear in court, a police search was carried out and then a European arrest warrant was issued.
Analysis of his devices showed that he was also boasting on Telegram that he was behind the data extraction from several companies, including Ledger. And it was not his first rodeo...
The data extraction from his smartphone and hard drives also proved that he created a site imitating Gate, the cryptocurrency exchange platform, in the spring of 2022. His goal? To retrieve customer records and steal the assets of their wallets.
Shopify data breach
Tassilo H. and Davide M. did not use ransomware to get their hands on Ledger's customer files. They contacted three Filipino subcontractors of the Canadian e-commerce giant Shopify. It was through Shopify that Ledger was running its website’s online store.
The contact took place on Shopify's support chat with a man identified only as Carlo P., who then extracted part of Shopify's database... including Ledger's customer files.
"It is inconceivable that Shopify's subcontractors had uncontrolled access to such a sensitive database," said a source familiar with the case.
Due to the hacking and sale of the files, many Ledger customers have been affected by phishing attacks from bad actors pretending to be from Ledger. Some attacks have even happened recently, so the fallout of the leak is not over yet.
The scheme works like this: they invite customers to a fake site under the pretext that they need to update their software. Once logged in, they are asked to provide the 24-word recovery phrase for their crypto account, which allows the hacker to access the wallet from anywhere and gain access to the funds.
According to the authorities, at least 150 people have been victims of these fraudulent practices. According to our sources, some victims have lost over a million euros.
In two years, Tassilo H. and David M. are said to have netted €80,000 and €70,000 respectively. According to an expert, this sum is probably underestimated.
The trial of Davide M. should be held in France soon, probably in the coming months. The evidence seems to be sufficient for the justice system, without need for much further investigation.
The hacker has been indicted for several criminal offenses: organized fraud; organized theft; criminal conspiracy to commit a crime; fraudulent access to, and maintenance of, an automated data processing system; fraudulent extraction and transmission of such data.
He faces up to ten years in prison and a €1 million fine.
Tassilo H. could stand trial in the United States.