[PD77]

This is just a heads up for those that think their online crypto wallets are secure. Unfortunately I was one of the many that Ledger leaked their personal information on to the dark web. This includes Name, physical address, phone number and email address. A treasure trove of personal information. This happened almost exactly a year ago and the attacks have been nonstop. I thought I was doing a good job with security but they eventually found the weak link.
https://cointelegraph.com/news/ledge...-wallet-buyers

I received two Verizon texts this morning that my pin had changed and that my email address had changed. I immediately called Verizon to get help. They apparently have a department specifically for this. That department is 100% useless. The rep told me it was an iCloud leak and the hacker got my sim from the iCloud. Rubbish. I told her to please disable the phone number. Nope. Immediately my email was compromised along with the backup email. My phone will only connect to wifi. I knew exactly what was happening and there wasn't a damn thing I could do about it and Verizon would not help me. A Verizon supervisor allowed a caller to change my account PIN and email address which allowed him to perform a SIM swap on my phone. Giving him access to almost everything on my phone. Then the emails starting rolling in, blockchain, Gemini, Binance, Icloud, google, dropbox (no idea on this one), coinbase. It took me a solid six hours to finally get control of my phone number and another two hours to unlock my email address. The only victim was the blockchain wallet, it folded like a wet paper bag. Gemini Binance and coinbase were all setup with Authentication Apps not the text 2fa. The hacker made off with $4.04 from the blockchain wallet and that is it. I'm happy that my Ledger wallets were 100% safe and I really wasn't worried about them the entire time but Ledger put the bullseye on my back and Verizon finished me. All in all, it was just a massive 8 hour headache , but I generally take security seriously and I knew my weakest link was with Verizon but I didn't think they would give it up that easily. Apparently they do because the internet is full of stories exactly like mine with much larger amounts. I consider myself lucky.

This is just a warning but you have to stop and think, if someone had complete control over my phone, how much damage could they do? Do not use TEXTs as 2FA, only use authentication apps.

[bitcoinLuke]

My email was part of the ledger leak, not my name or address(luckily), but since its happened, I get a dozen very sketchy emails daily

[Shifty]

Thanks for posting. It might be safer using a Google Voice number instead of a cell phone with wallets. Google account can be secured by Authenticator app.

[PD77]

Unfortunately this didn’t end the same day. They continued to try and access my CB account as well as my Amazon account. I’ve learned a lot from this and the two most important things are: Do not trust you cell carrier and SMS 2FA, while it will work fine for 90% of users, is a very weak form of security. My plan is to go after Verizon, if somehow I can throw Ledger in to the mix, I will. I’m going to start over from square one with a more secure email provider as well. They were not able to touch my ledger wallets, although they tried, they searched my email accounts for the following terms, backup key, private key , and seed. Funny thing is , some emails from ledger came up. I was smart enough not to store that information anywhere online. I’m assuming they searched Dropbox for pictures of my seed phrases but I’m still unsure, would not have mattered. Last piece of advice, if you have Verizon make sure they add a “Hot Remark” concerning your SIM card. This will prevent what happened to me. You may have to go in to a store but the piece of mind is well worth it.
one more thing FU Verizon and FU Ledger.